8cf1f9d29e635ac2ebf5295ac54d3134_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8cf1f9d29e635ac2ebf5295ac54d3134_JaffaCakes118
Size

86KB
MD5

8cf1f9d29e635ac2ebf5295ac54d3134
SHA1

d0fcb5a25aa5a0b8c8030419172b8be07ca469a4
SHA256

e883d24987cbf81ce17510b7e6deb81f150b9ac10d8f1da95595a2bfa8100565
SHA512

cf1a449aa02f74018c2fa39203382a2a4ba3f6fad48e10c700ba9427b4af7601c786ae12d7e0b187016693c1708df6f695f27cdaad68defc6a6059b6014a8a59
SSDEEP

1536:srR385W2ZRk08xY8prXDwZ9pX5RNTs0q8smMkAu/brdUUj2M995MCSSIY:srO5W2ZRkrUZ9DRNTs0NXAu/bH9jEY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8cf1f9d29e635ac2ebf5295ac54d3134_JaffaCakes118

Files

8cf1f9d29e635ac2ebf5295ac54d3134_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c561fed4a6fa2e5085f8b0986ab4e34b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crtdll

towlower
_gcvt
_CIfmod
isdigit
_ltow
_spawnve
_memicmp
_mbsnbicmp
iswalpha
sprintf
_ismbclower
_mbsncmp
_tolower
_CItanh
_chmod
_CItan
__dllonexit

setupapi

SetupOpenLog
CM_Get_Hardware_Profile_InfoA
pSetupStringTableAddString
MyRealloc
SetupSetFileQueueAlternatePlatformA
SetupSetPlatformPathOverrideW
SetupFindNextMatchLineA
SetupGetMultiSzFieldW
SetupQueueCopyA
SetupGetNonInteractiveMode
SetupAddToSourceListA
pSetupGetInfSections
SetupQuerySourceListA
SetupCancelTemporarySourceList
SetupDiGetDeviceInfoListDetailA
CM_Free_Range_List
CM_Open_Class_Key_ExW
pSetupSetQueueFlags
SetupGetBackupInformationW
pSetupGetGlobalFlags
CM_Get_Device_ID_List_ExA

crypt32

CryptGetKeyIdentifierProperty
CertOpenSystemStoreW
CryptSIPCreateIndirectData
CryptVerifyCertificateSignatureEx
CertRegisterSystemStore
CertDeleteCertificateFromStore
CryptSIPRemoveProvider
CryptHashMessage
CertSetCertificateContextPropertiesFromCTLEntry
CertEnumCertificateContextProperties
CryptEnumKeyIdentifierProperties
CryptUnregisterOIDInfo
I_CryptReadTrustedPublisherDWORDValueFromRegistry
CertUnregisterPhysicalStore
CryptSetKeyIdentifierProperty
RegQueryInfoKeyU
CryptEnumOIDInfo
CryptEncryptMessage
CertRDNValueToStrA
CryptSignHashU
I_CertProtectFunction
CryptRegisterOIDInfo
CryptRegisterDefaultOIDFunction
CryptHashToBeSigned
CryptDecodeObject

msvcrt20

?sputn@streambuf@@QAEHPBDH@Z
??_7ostream_withassign@@6B@
??0ios@@IAE@ABV0@@Z
putwc
??0ostream@@IAE@ABV0@@Z
??_7strstream@@6B@
??6ostream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
_wopen
_tolower
_mbstok

query

?Close@CPropSetMap@COLEPropManager@@QAEXXZ
??1COccRestriction@@QAE@XZ
?ciIsValidPointer@@YGHPBX@Z
??0CLocalGlobalPropertyList@@QAE@K@Z
?Remove@CWorkQueue@@QAEXPAVPWorkItem@@@Z
?FindPropid@CPidLookupTable@@QAEHABVCFullPropSpec@@AAKH@Z
?IsValid@COccRestriction@@QBEHXZ
?GetNumber@CQueryScanner@@QAEHAA_KAAH@Z
?EndTransaction@CPropStoreManager@@QAEXKHKK@Z
?ReadProperty@CPropStoreManager@@QAEHAAVCCompositePropRecord@@KAAUtagPROPVARIANT@@@Z
??0CPropertyRestriction@@QAE@XZ
??0CDbColumns@@QAE@I@Z
?Setup@CPropStoreManager@@QAEXKKKKHK@Z
??0CWordRestriction@@QAE@ABVCKeyBuf@@KKKH@Z
??1?$XPtr@VCDbColumnNode@@@@QAE@XZ
?InsertChild@CDbCmdTreeNode@@IAEXPAV1@@Z
?ReadPrimaryProperty@CPropStoreManager@@QAEHKKAAUtagPROPVARIANT@@@Z
?Refresh@CCiRegParams@@QAEXPAUICiAdminParams@@H@Z
?GetScodeError@@YGJAAVCException@@@Z
?VT_VARIANT_GT@@YGHABUtagPROPVARIANT@@0@Z
?WriteProperty@CPropStoreManager@@QAEJAAVCCompositePropRecordForWrites@@KABVCStorageVariant@@@Z
?Next@CEnumString@@UAGJKPAPAGPAK@Z

kernel32

IsBadCodePtr
GetStartupInfoA
TransmitCommChar
GetTickCount
ExpungeConsoleCommandHistoryW
CompareFileTime
GetCurrentThreadId
HeapCreate
GetCurrentConsoleFont
RemoveDirectoryA
CreateToolhelp32Snapshot
VirtualAlloc
GlobalUnlock
AddLocalAlternateComputerNameW
QueryPerformanceCounter
LoadLibraryA
ReadProcessMemory
EnumResourceTypesA
GetCurrentProcessId
GetSystemTimeAsFileTime
RequestWakeupLatency
VirtualLock
ExpandEnvironmentStringsA
SetTermsrvAppInstallMode
GetConsoleNlsMode
InterlockedFlushSList

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c561fed4a6fa2e5085f8b0986ab4e34b

Headers

DLL Characteristics

File Characteristics

Imports

crtdll

setupapi

crypt32

msvcrt20

query

kernel32

Sections

.text Size: 33KB - Virtual size: 32KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 19KB - Virtual size: 25KB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 292B

.text
Size: 33KB - Virtual size: 32KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 19KB - Virtual size: 25KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 292B