848bba4de4e43e313561c387d5b5f940_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

848bba4de4e43e313561c387d5b5f940_JaffaCakes118
Size

40KB
MD5

848bba4de4e43e313561c387d5b5f940
SHA1

05c12d416e08dce3518c08b4cd415e991701f2bb
SHA256

c8e04bed38c64128c0e67447b85e49128f5566c0883598856683301c7bcb6c0d
SHA512

60bc381971317e2ff4d355907374c76cbd0eb577e550d346f4d1ae4c0e590210d6a4abe5ed0365791cd6ed48d5d51b0b04291a51809cb45a7d14483cf3de7cd0
SSDEEP

768:7P6hkY8awJY4/MiTZ4jvWvbJ8HY7Ebahou2k3pM6mQP:u6ZawJY0Tg+TJ8HY7noDoDmY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
848bba4de4e43e313561c387d5b5f940_JaffaCakes118

Files

848bba4de4e43e313561c387d5b5f940_JaffaCakes118
.exe windows:5 windows x86 arch:x86

db689b4e23640df0ffda2f590b37ec6f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwOpenProcess
NtOpenSemaphore
RtlGetDaclSecurityDescriptor
ZwPrivilegedServiceAuditAlarm
RtlIpv6StringToAddressW
RtlInitializeGenericTableAvl
RtlCheckForOrphanedCriticalSections
LdrAccessResource
NtImpersonateAnonymousToken
NtRenameKey
RtlQueryAtomInAtomTable
NtSetTimerResolution
NtSetUuidSeed
ZwAllocateLocallyUniqueId
ZwConnectPort
ZwOpenThreadToken
NtAccessCheckByType
NtCompactKeys
RtlSetTimeZoneInformation
RtlTraceDatabaseCreate
NtCreateMutant
NtMapUserPhysicalPages
NtProtectVirtualMemory
NtSystemDebugControl
_allshr
RtlCopyString
NtSetHighWaitLowEventPair
ispunct
RtlAnsiCharToUnicodeChar
NtUnmapViewOfSection
ZwCreateTimer
DbgUiConvertStateChangeStructure
_wtoi
RtlEqualLuid
LdrQueryProcessModuleInformation
RtlUshortByteSwap
RtlActivateActivationContextEx
RtlGetUserInfoHeap
RtlpNotOwnerCriticalSection
PfxInsertPrefix

msdart

?IsWriteUnlocked@CSpinLock@@QBE_NXZ
?_TryLock@CSpinLock@@AAE_NXZ
?IsReadLocked@CCritSec@@QBE_NXZ
?Unlock@CLockedSingleList@@QAEXXZ
?RemoveHead@CDoubleList@@QAEQAVCListEntry@@XZ
MPCSUninitialize
?SetTableLockSpinCount@CLKRLinearHashTable@@QAEXG@Z
?ReadLock@CReaderWriterLock@@QAEXXZ
?FindRecord@CLKRHashTable@@QBE?AW4LK_RETCODE@@PBX@Z
?ConvertSharedToExclusive@CLKRLinearHashTable@@QBEXXZ
?ConvertSharedToExclusive@CFakeLock@@QAEXXZ
?CreateHolder@@YGJPAUIGPDispenser@@HIPAPAUIGPHolder@@@Z
?_SubTable@CLKRHashTable@@ABEPAVCLKRLinearHashTable@@K@Z
?Pop@CSingleList@@QAEQAVCSingleListEntry@@XZ
?IsUnlocked@CLockedSingleList@@QBE_NXZ
?RemoveTail@CDoubleList@@QAEQAVCListEntry@@XZ
?TryReadLock@CReaderWriterLock3@@QAE_NXZ
?Lock@CLockedDoubleList@@QAEXXZ
MpHeapCreate
MPInitializeCriticalSectionAndSpinCount
?SetDefaultSpinCount@CReaderWriterLock@@SGXG@Z
?GetSpinCount@CReaderWriterLock@@QBEGXZ
?_AddRefRecord@CLKRLinearHashTable@@ABEXPBXH@Z
?_TryWriteLock@CReaderWriterLock3@@AAE_NJ@Z
?IsLocked@CLockedSingleList@@QBE_NXZ
?ReadLock@CSpinLock@@QAEXXZ
?IsReadLocked@CSmallSpinLock@@QBE_NXZ
?ReadOrWriteUnlock@CFakeLock@@QAEX_N@Z
?Apply@CLKRHashTable@@QAEKP6G?AW4LK_ACTION@@PBXPAX@Z1W4LK_LOCKTYPE@@@Z
?ReadLock@CLKRHashTable@@QBEXXZ
?_TryReadLock@CReaderWriterLock3@@AAE_NXZ
?ReadLock@CReaderWriterLock2@@QAEXXZ

setupapi

CM_Get_Version_Ex
CMP_Report_LogOn
SetupDiCreateDeviceInfoList
pSetupVerifyCatalogFile
SetupCommitFileQueue
SetupGetLineCountA
SetupSetDirectoryIdExW
SetupUninstallOEMInfW
SetupSetFileQueueAlternatePlatformW
SetupFindFirstLineA
pSetupRegistryDelnode
SetupDiInstallClassA
SetupDiCreateDeviceInfoW
SetupDiGetHwProfileFriendlyNameW
SetupGetFileCompressionInfoA
SetupRenameErrorW
SetupDiClassGuidsFromNameExW
CM_Enumerate_EnumeratorsW
CM_Get_Depth_Ex
SetupGetSourceFileSizeW
CM_Get_Sibling_Ex
SetupDiGetDeviceRegistryPropertyA
SetupGetSourceFileLocationW
CM_Open_Class_Key_ExA
CM_Register_Device_Driver
CM_Request_Device_Eject_ExW
SetupSetNonInteractiveMode
SetupPrepareQueueForRestoreW
CM_Get_Device_Interface_List_ExA
SetupScanFileQueueA

kernel32

QueryPerformanceCounter
lstrcmpiA
IsBadStringPtrW
CreateProcessInternalW
FindResourceExW
LoadLibraryA
GetEnvironmentVariableW
ExitProcess
lstrcmpA
GetTimeFormatA
TransmitCommChar
GetPrivateProfileSectionA
DeleteVolumeMountPointW
OpenThread
PurgeComm
LZStart
EnumDateFormatsExW
SetLocalTime
ResumeThread
GetConsoleCharType
GetCurrencyFormatA
SetThreadContext
VerifyVersionInfoW
AllocConsole
PrepareTape
lstrcpynW
SwitchToFiber
ClearCommError
CreateMailslotA
SetLastError
IsBadReadPtr
GetDefaultCommConfigA
WriteConsoleOutputW
GetExpandedNameA
GetBinaryType
GetOEMCP
CreateActCtxW
SetConsoleCtrlHandler
SetFileAttributesA
SetFileApisToOEM
SetSystemPowerState
VirtualAlloc
CancelTimerQueueTimer
EnumDateFormatsW
SetInformationJobObject

msls31

LsMatchPresSubline
LsGetLineDur
LsdnResolvePrevTab
LsSetCompression
LsdnSetAbsBaseLine
LsPointUV2FromPointUV1
LsFinishCurrentSubline
LsEnumLine
LsdnFinishRegular
LsFindPrevBreakSubline
LsPointXYFromPointUV
LsGetHihLsimethods
LssbGetPlsrunsFromSubline
LsdnResetObjDim
LsQueryPointPcpSubline
LsdnGetDup
LsQueryLinePointPcp
LsdnGetCurTabInfo
LsdnSkipCurTab
LsdnGetFormatDepth
LsSetModWidthPairs
LsdnFinishDelete
LsCompressSubline
LsForceBreakSubline
LsGetSpecialEffectsSubline
LsGetWarichuLsimethods
LsdnModifyParaEnding

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db689b4e23640df0ffda2f590b37ec6f

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

msdart

setupapi

kernel32

msls31

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 7KB - Virtual size: 69KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 7KB - Virtual size: 69KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B