8a8feaaf03e27545de8258e0ec113916_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8a8feaaf03e27545de8258e0ec113916_JaffaCakes118
Size

824KB
MD5

8a8feaaf03e27545de8258e0ec113916
SHA1

9e75db2163dfa3a1279dd1a91f1c06e913ca8668
SHA256

c0860e0574817a4ca9cf53c0aa1826da0620ed75c0cd2bb9b4e73347329fa0c9
SHA512

a942153e130cca90f68c1ad2229e2f0d52dffd85fcd6c7b24bd6ffee322ae7e144350d6405a121d4f5a1411e416dbc3c1b50910ec95c32a4ee43dd174c80942c
SSDEEP

12288:slnCcRANGAW94o2f8BpKEERRuhx5emlCmTW65cQeTPEuM0Motbc67tLUI:slnzRAM5OaBqRGx5x1a6CQeb1C65

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8a8feaaf03e27545de8258e0ec113916_JaffaCakes118

Files

8a8feaaf03e27545de8258e0ec113916_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7e52971dbfc5382d94eb7777e7fde8b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

CM_Get_Device_Interface_ListW
CM_Delete_DevNode_Key
CM_Get_Resource_Conflict_DetailsW
CM_Get_HW_Prof_FlagsA
SetupQuerySourceListA
IsUserAdmin
SetupLogErrorA
InstallHinfSectionW
SetupLogFileW
pSetupAccessRunOnceNodeList
SetupInstallServicesFromInfSectionExW
SetupDiCallClassInstaller
pSetupUnmapAndCloseFile
CM_Reenumerate_DevNode
pSetupQueryMultiSzValueToArray
pSetupVerifyCatalogFile
pSetupStringTableInitializeEx
CM_Free_Log_Conf
SetupDiAskForOEMDisk
SetupDiGetDeviceRegistryPropertyA
SetupQueryInfOriginalFileInformationW
SetupOpenInfFileA
CM_Uninstall_DevNode
CMP_UnregisterNotification
CM_Get_DevNode_Custom_PropertyA
CM_Add_Range
SetupQueueCopyIndirectW
SetupInitializeFileLogA
CM_Run_Detection_Ex

msvcrt40

iswpunct
??3@YAXPAX@Z
__p__fmode
??5istream@@QAEAAV0@PAC@Z
_wpgmptr
_execv
__p__tzname
ispunct
_wchdir
__unDName
__p___argv
_mbsnccnt
??4stdiostream@@QAEAAV0@AAV0@@Z
_j0
_ismbbprint
_adj_fptan
??0ifstream@@QAE@PBDHH@Z
?gptr@streambuf@@IBEPADXZ
?get@istream@@QAEAAV1@AAE@Z
fseek
??_8stdiostream@@7Bostream@@@
_inpd
??_Eostream@@UAEPAXI@Z
??6ostream@@QAEAAV0@PAVstreambuf@@@Z
?get@istream@@QAEAAV1@PAEHD@Z
__p__wpgmptr
_execlpe
??_7istrstream@@6B@
strcspn
?setbuf@streambuf@@UAEPAV1@PADH@Z
_mbscpy
__threadhandle
_ismbbgraph
_getcwd
??1stdiostream@@UAE@XZ
_wcsicmp
_wcslwr
wcsstr
??_Eifstream@@UAEPAXI@Z
fputwc
_CIsin
?put@ostream@@QAEAAV1@E@Z
_onexit
strcmp
_cprintf
?get@istream@@QAEAAV1@AAD@Z
isleadbyte
_mbsrchr
_strcmpi
_fstat
wcschr
_wperror
putchar
_outpd
??1fstream@@UAE@XZ
acos
?read@istream@@QAEAAV1@PACH@Z
_setmode
_mbsstr
feof
??5istream@@QAEAAV0@AAI@Z
??4strstream@@QAEAAV0@AAV0@@Z
?put@ostream@@QAEAAV1@C@Z
??4istream_withassign@@QAEAAVistream@@PAVstreambuf@@@Z
?is_open@ofstream@@QBEHXZ
_wchmod
_wmkdir
_execle
??5istream@@QAEAAV0@AAO@Z
?gbump@streambuf@@IAEXH@Z
malloc
?delbuf@ios@@QBEHXZ
_setmaxstdio
wcsspn

kernel32

SetNamedPipeHandleState
LoadLibraryA
GetNumberOfConsoleInputEvents
GetDiskFreeSpaceExW
SetConsoleOutputCP
CreateJobSet
ScrollConsoleScreenBufferA
GetSystemWow64DirectoryA
RtlUnwind
GetSystemTimeAsFileTime
CreateRemoteThread
SetTermsrvAppInstallMode
GetConsoleFontSize
TermsrvAppInstallMode
SetProcessShutdownParameters
VirtualProtect
DebugActiveProcessStop
GetCurrentProcessId
LocalReAlloc
QueueUserWorkItem
PostQueuedCompletionStatus
DebugActiveProcess
WriteConsoleInputW
FindNextVolumeMountPointW
WriteProfileSectionW
GetFirmwareEnvironmentVariableW
GetTempPathA
GetFileSizeEx
SetEnvironmentVariableA
IsBadStringPtrW
GetPrivateProfileSectionNamesW
GetConsoleFontInfo
VirtualAlloc
UnlockFile
OpenThread
ReadFileEx
SetThreadPriorityBoost
GetPrivateProfileSectionNamesA
GetLocaleInfoA

query

?fgetsw@CFileBuffer@@QAEKAAV?$XGrowable@G$0BAE@@@@Z
??0CPropStoreManager@@QAE@K@Z
?CloseRecord@CPropStoreManager@@QAEXPAVCCompositePropRecordForWrites@@@Z
??0CDefColumnRegEntry@@QAE@XZ
?SetLPWSTR@CStorageVariant@@QAEXPBGI@Z
?GetStackTrace@@YGXPADK@Z
?SetI8@CStorageVariant@@QAEXT_LARGE_INTEGER@@I@Z
??1CProcess@@QAE@XZ
??0CRequestQueue@@QAE@IIIHIIABU_GUID@@@Z
?Marshall@CRestriction@@QBEXAAVPSerStream@@@Z
??1CCatalogEnum@@QAE@XZ
?SkipUShort@CMemDeSerStream@@UAEXXZ
?SetWeight@CDbCmdTreeNode@@QAEXJ@Z
?ReadProperty@CPropStoreManager@@QAEHKKAAUtagPROPVARIANT@@@Z
??0CCiRegParams@@QAE@PBG@Z
?Marshall@CNatLanguageRestriction@@QBEXAAVPSerStream@@@Z
??0CPropNameArray@@QAE@I@Z
??0CAllocStorageVariant@@QAE@PBGAAVPMemoryAllocator@@@Z
??1?$XPtr@VCDbCmdTreeNode@@@@QAE@XZ
?GetPropInfo@CEmptyPropertyList@@QAEHABVCDbColId@@PAPBGPAGPAI@Z
??1CInternalPropertyRestriction@@QAE@XZ
??0CCatState@@QAE@XZ
?Eof@CMmStreamConsecBuf@@QAEHXZ
?ReadProperty@CPropStoreManager@@QAEHAAVCCompositePropRecord@@KPAUtagPROPVARIANT@@PAI@Z
?GetScodeError@@YGJAAVCException@@@Z
??0CDbColId@@QAE@ABUtagDBID@@@Z
??1CDFA@@QAE@XZ
?ReadProperty@CPropertyStore@@QAEHAAVCPropRecordNoLock@@KPAUtagPROPVARIANT@@PAI@Z
CIRestrictionToFullTree
??1CPropertyStoreWids@@QAE@XZ
?SetEndKey@CRangeRestriction@@QAEXABVCKeyBuf@@@Z
?SetI4@CStorageVariant@@QAEXJI@Z
??0CQueryScanner@@QAE@PBGHKH@Z
?ReadPrimaryProperty@CPropStoreManager@@QAEHKKAAUtagPROPVARIANT@@@Z
?SetPhrase@CNatLanguageRestriction@@QAEXPBG@Z
?_wcstoui64@@YA_KPBGPAPAGH@Z
?IsPaused@CCatalogAdmin@@QAEHXZ
??0CRcovStrmAppendTrans@@QAE@AAVPRcovStorageObj@@@Z
??0CPathParser@@QAE@PBGK@Z
??1CSynRestriction@@QAE@XZ
??0CLocalGlobalPropertyList@@QAE@K@Z
??0CDriveInfo@@QAE@PBGK@Z

ole32

CoReleaseMarshalData
SNB_UserMarshal
CoCreateInstanceEx
HPALETTE_UserSize
OleDoAutoConvert
HBITMAP_UserMarshal
HBRUSH_UserSize
CoGetStandardMarshal
CoMarshalInterThreadInterfaceInStream
CoReleaseServerProcess
StgOpenPropStg
CreateILockBytesOnHGlobal
OleSaveToStream
OleSetClipboard
CoSetState
WdtpInterfacePointer_UserMarshal
SNB_UserFree
CoGetStdMarshalEx
UtConvertDvtd32toDvtd16
CoGetProcessIdentifier
CoSetCancelObject
CreateStdProgressIndicator
OleIsCurrentClipboard
HMETAFILEPICT_UserSize
HPALETTE_UserFree
PropVariantCopy

dnsapi

DnsValidateName_W
Dns_UpdateLib
Reg_ReadGlobalsEx
DnsAcquireContextHandle_W
DnsReleaseContextHandle
Dns_WriteRecordStructureToPacketEx
Dns_RecvTcp
Dns_CreateMulticastSocket
Dns_InitializeMsgRemoteSockaddr
Dns_SetRecordDatalength
DnsRegisterClusterAddress
Dns_WriteQuestionToMessage
DnsRecordSetCopyEx
DnsCopyStringEx
DnsUpdateTest_UTF8
DnsFlushResolverCacheEntry_UTF8
DnsRecordTypeForName
Dns_ParseMessage
GetCurrentTimeInSeconds
DnsReplaceRecordSetUTF8
NetInfo_Build
NetInfo_IsForUpdate
DnsNameCompareEx_A
DnsApiSetDebugGlobals
DnsValidateUtf8Byte
DnsNameCopy

msvcrt

_time64
strcpy
_adj_fdivr_m64
__set_app_type
_mbctoupper
asin
__doserrno
??_Gbad_typeid@@UAEPAXI@Z
_resetstkoflw
_mbsnicoll
wcstod
localeconv
__p__commode
_strnicoll
_rotr
__isascii
_ismbbkalnum
mblen
_ismbcprint
_write
asctime
??0__non_rtti_object@@QAE@ABV0@@Z
iswascii
_tzset
_wgetdcwd
_CIexp
??_7bad_typeid@@6B@
__getmainargs
_outpd

crtdll

_errno
_CIcosh
getc
_strninc
_scalb
fgetwc
_read
_spawnlpe
_c_exit
cos
_memccpy
strspn
printf
isdigit
iswpunct
vsprintf
_write
_mbslwr
_flsbuf
_mbstrlen
_execv
_jn
_HUGE_dll
fsetpos
tolower
swprintf
_spawnvp
_heapmin
_strinc
_putch
_fullpath
srand
vfprintf
__toascii
_getdllprocaddr

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 596KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e52971dbfc5382d94eb7777e7fde8b2

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

msvcrt40

kernel32

query

ole32

dnsapi

msvcrt

crtdll

Sections

.text Size: 116KB - Virtual size: 115KB

.rdata Size: 104KB - Virtual size: 103KB

.data Size: 596KB - Virtual size: 2.0MB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 352B

.text
Size: 116KB - Virtual size: 115KB

.rdata
Size: 104KB - Virtual size: 103KB

.data
Size: 596KB - Virtual size: 2.0MB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 352B