94ed32c157fd044fed597a613aac04d7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

94ed32c157fd044fed597a613aac04d7_JaffaCakes118
Size

875KB
MD5

94ed32c157fd044fed597a613aac04d7
SHA1

9c268b1b21f62b8b5df45d7c45451126f89ff5a5
SHA256

c830853dce4f271ea0ec3532fb022f58d45edfb0529cf626d6132deb46c564e1
SHA512

7c0b7004e9057cb90f5ddd7c1a9d75487e81c077c6d79eb7381f514fc325d6292732c0ae1212854bd28ed892e76e13166d674c880a37b4c293903d8e1c3c85ea
SSDEEP

24576:3D+5VOGfaMDL04HzX004LfANoI5e/YN0tH1:TEVOGfaiL7zXtCfANot/tH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
94ed32c157fd044fed597a613aac04d7_JaffaCakes118

Files

94ed32c157fd044fed597a613aac04d7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a352345816c457cd748ef976e09069f0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

PrepareTape
EnumLanguageGroupLocalesA
HeapSize
FindResourceW
AllocConsole
LoadLibraryA
HeapCreate
RemoveLocalAlternateComputerNameA
FreeUserPhysicalPages
InterlockedFlushSList
GetConsoleAliasesA
ReadFileScatter
GetSystemWow64DirectoryA
HeapQueryInformation
GetSystemDefaultLCID
WriteConsoleInputA
GetExitCodeProcess
SetConsoleCtrlHandler
GetPrivateProfileSectionW
SearchPathW
GetDevicePowerState
CopyFileExW
ConvertDefaultLocale
GetTempPathW
DeleteFiber
GetCurrentThread
InterlockedExchangeAdd
SetVolumeLabelA
GetStartupInfoW
FindResourceExA
GetConsoleMode
SetLocaleInfoA
LZStart
GlobalHandle
OpenWaitableTimerA
GetSystemDefaultUILanguage
GetUserDefaultLCID
HeapSummary
WriteProfileSectionA
LockFileEx
FillConsoleOutputCharacterA
DeactivateActCtx
GetDateFormatW
FindVolumeMountPointClose
FileTimeToDosDateTime
GetNumaHighestNodeNumber
TerminateThread
EnumUILanguagesW
GetThreadTimes
FreeConsole
GetProcessTimes
SetErrorMode
WritePrivateProfileSectionA
EnumDateFormatsExA
GlobalMemoryStatus
PeekConsoleInputA
lstrcpynA
LocalSize
GetConsoleCommandHistoryA
EnumSystemLocalesA
CommConfigDialogW
GetCurrentDirectoryA
Module32Next
OpenFileMappingW
OpenMutexW
GetPrivateProfileSectionNamesA
FindAtomW
GetNativeSystemInfo
WriteConsoleOutputCharacterW
SetComputerNameW
SetThreadUILanguage
DeleteVolumeMountPointW
CreateNamedPipeA
GetFileTime
CreateNamedPipeW
RegisterWowBaseHandlers
GetConsoleAliasesLengthW
SetConsoleCursor
VirtualAlloc
ReadConsoleW
Process32FirstW

oleaut32

VarBoolFromI1
VarCyCmp
SafeArrayGetLBound
VarR8FromI2
VarUI2FromUI8
VarUI4FromCy
VarUI4FromI1
VarNot
SysStringLen
CreateTypeLib
VarFormatCurrency
VarDecFromI1
VarI1FromUI4
SetErrorInfo
VarI8FromBool
OleLoadPictureEx
VarI1FromI4
VarOr
VarI8FromR4
VarCat
VarI4FromUI8
VarFormatDateTime
VarDateFromI4
SystemTimeToVariantTime
VarCyCmpR8

cryptui

CryptUIGetViewSignaturesPagesA
EnrollmentCOMObjectFactory_getInstance
CryptUIGetCertificatePropertiesPagesW
CryptUIDlgSelectCertificateA
CryptUIDlgViewCRLW
CryptUIDlgCertMgr
CryptUIDlgViewSignerInfoA
CryptUIDlgViewCertificatePropertiesW
CryptUIGetCertificatePropertiesPagesA
ACUIProviderInvokeUI
CryptUIWizQueryCertRequestNoDS
CryptUIDlgSelectCertificateW
CryptUIWizBuildCTL
CryptUIDlgViewCRLA
CryptUIDlgViewSignerInfoW
CryptUIDlgSelectStoreW
LocalEnroll
CryptUIWizFreeCertRequestNoDS
CryptUIDlgViewCertificatePropertiesA
CryptUIWizCreateCertRequestNoDS
CryptUIGetViewSignaturesPagesW
CryptUIDlgViewContext
CryptUIFreeViewSignaturesPagesW
WizardFree
CryptUIDlgSelectCertificateFromStore

mpr

WNetSetLastErrorA
WNetConnectionDialog1A
WNetGetProviderNameA
WNetConnectionDialog
WNetCancelConnectionA
WNetEnumResourceW
WNetGetResourceParentA
WNetSetConnectionA
I_MprSaveConn
WNetAddConnection3A
WNetPropertyDialogW
WNetDirectoryNotifyA
WNetGetUserA
MultinetGetErrorTextW
MultinetGetErrorTextA
WNetGetNetworkInformationA
WNetSetLastErrorW
WNetGetDirectoryTypeA
WNetConnectionDialog1W
WNetUseConnectionW
WNetConnectionDialog2
WNetGetConnection3W
WNetSetConnectionW
WNetGetLastErrorW
WNetGetProviderTypeW
WNetGetPropertyTextW
WNetOpenEnumA

sqlunirl

_RegRestoreKey_@12
_CopyFileEx_@24
_CallNamedPipe_@28
_GetFileVersionInfo_@16
_QueryServiceConfig_@16
_MapVirtualKeyEx_@12
_GetProcAddress_@8
_PrivilegedServiceAuditAlarm_@20
_SetWindowText@8
_DrawTextEx_@24
_CreateIC_@16
__hwrite_@12
_CharNext_@4
_ChangeMenu_@20
_SetComputerName_@4
_CreateEvent_@16
_RegDeleteValue_@8
_GetFileAttributesEx_@12
_CallWindowProc@20
_StartServiceCtrlDispatcher_@4
_CreateWindowStation_@16
_EnumDisplaySettings_@12
_CreateDC_@16
_RegQueryMultipleValues_@20
_CharLower@4
_BuildCommDCBAndTimeouts_@12
_RegReplaceKey_@16
_PrintDlg_@4
_RegisterServiceCtrlHandler_@8
_SHGetPathFromIDList_@8
_GetLogColorSpace_@12
_DrawState_@40
_PostThreadMessage_@16
_LookupPrivilegeValue_@12
_MessageBoxEx_@20
_GetOutlineTextMetrics_@12
_QueryDosDevice_@12
_SetCurrentDirectory_@4
_WritePrivateProfileStruct_@20

msvcrt

iswcntrl
_chsize
_mbbtype
__p__commode
_aligned_realloc
_tell
wcstod
?set_terminate@@YAP6AXXZP6AXXZ@Z
_aligned_free
_CIatan
__set_app_type
_CIexp
_putenv
exit
_getwche
__dllonexit
__getmainargs
_chgsign
fread
freopen
_winver
_kbhit
__p__mbctype
_iob
fabs
setvbuf
_ismbchira
_wcsrev
__wcserror
clock
_wspawnvpe
___lc_handle_func
isprint
_aligned_offset_realloc

query

?CiNtOpen@@YGPAXPBGKKK@Z
??0CDynStream@@QAE@PAVPMmStream@@@Z
?SkipLong@CMemDeSerStream@@UAEXXZ
CIMakeICommand
?Next@CStaticPropertyList@@UAEPBVCPropEntry@@XZ
?ReadProperty@CPropStoreManager@@QAEHKKAAUtagPROPVARIANT@@@Z
?RemoveCatalog@CMachineAdmin@@QAEXPBGH@Z
?CheckHasIndexTable@CiStorage@@SGHPBG@Z
?RequiresFlush@CPhysStorage@@QAEHK@Z
?GetGlobalPropListFile@@YGPAVCPropListFile@@XZ
?QueryScopeAdmin@CScopeEnum@@QAEPAVCScopeAdmin@@XZ
?GetCGIVariableW@CWebServer@@QAEHPBGAAV?$XArray@G@@AAK@Z
?ParseQueryPhrase@CQueryParser@@QAEPAVCDbRestriction@@XZ
??1CRangeKeyRepository@@UAE@XZ
?Clone@COccRestriction@@QBEPAV1@XZ
??0CNormalizer@@QAE@AAVPNoiseList@@@Z
SetCatalogState
_StopFWCiSvcWork@16
?Recognize@CDFA@@QAEEPBG@Z
?Read@CDynStream@@QAEKPAXK@Z
BindIFilterFromStream
?Clone@CRestriction@@QBEPAV1@XZ
?Empty@CRcovStrmWriteTrans@@QAEXXZ
??0CValueNormalizer@@QAE@AAVPKeyRepository@@@Z
??0CUnfilteredRestriction@@QAE@XZ
?SkipULong@CMemDeSerStream@@UAEXXZ
?Serialize@CDbQueryResults@@QBEXAAVPSerStream@@@Z
?Release@CEnumWorkid@@UAGKXZ
?GetEntryBuffer@CGenericCiProxy@@QAEPAEAAK@Z
?ReadProperty@CPropertyStore@@QAEHAAVCPropRecordNoLock@@KPAUtagPROPVARIANT@@PAI@Z
?QueryInterface@CEnumString@@UAGJABU_GUID@@PAPAX@Z
?_FindOrAddAnchor@CDbProjectNode@@AAEPAVCDbProjectListAnchor@@XZ
??0CGetDbProps@@QAE@XZ
?DisableNotification@CRegNotify@@QAEXXZ
?IsStarted@CCatalogAdmin@@QAEHXZ
?AddEntry@CPropertyList@@UAEXPAVCPropEntry@@H@Z
InitializeCIISAPIPerformanceData
?GrowBuffer@CVirtualString@@AAEXK@Z
?GetVPathAuthorization@CMetaDataMgr@@QAEKPBG@Z
?BorrowNewBuffer@CPhysStorage@@QAEPAKK@Z
?ReadProperty@CPropStoreManager@@QAEHKKAAUtagPROPVARIANT@@PAEPAI@Z
?QueryCatalogAdmin@CMachineAdmin@@QAEPAVCCatalogAdmin@@PBG@Z
?GetDATE@CAllocStorageVariant@@QBENI@Z
??0CLangList@@QAE@PAUICiCLangRes@@K@Z
??1CRegChangeEvent@@QAE@XZ
?ReBuild@CPidRemapper@@QAEXABVCPidMapper@@@Z
??1CNodeRestriction@@QAE@XZ
?ReleaseWorkThreads@CWorkQueue@@QAEXXZ
?AddError@CEventItem@@QAEXK@Z
?GetFileSystem@CDriveInfo@@QAE?AW4eFileSystem@1@H@Z
?Marshall@CRestriction@@QBEXAAVPSerStream@@@Z
?BorrowBuffer@CPhysStorage@@QAEPAKKHH@Z
?SetDefaultProperty@CCatState@@QAEXPBG@Z
SvcEntry_CiSvc
?SetAlias@CScopeAdmin@@QAEXPBG@Z
?IsValid@COccRestriction@@QBEHXZ
?AddArg@CFwEventItem@@QAEXPBG@Z
?PutWString@CDbCmdTreeNode@@SGXAAVPSerStream@@PBG@Z
?SetValue@CPropertyRestriction@@QAEXPAU_GUID@@@Z
?AppendListElement@CDbListAnchor@@IAEHPAVCDbCmdTreeNode@@@Z
?EnumVPaths@CMetaDataMgr@@QAEXAAVCMetaDataCallBack@@@Z
?FPSToPROPID@CPidConverter@@UAEJABVCFullPropSpec@@AAK@Z
??1?$XPtr@VCDbCmdTreeNode@@@@QAE@XZ
??3CDbPropSet@@SGXPAX@Z
?Remove@CSort@@QAEXI@Z
?MinPageInUse@CPhysStorage@@QAEHAAK@Z

cfgmgr32

CM_Query_Arbitrator_Free_Data
CM_Enable_DevNode_Ex
CM_Get_DevNode_Registry_Property_ExW
CMP_RegisterNotification
CM_Next_Range
CM_Get_Device_ID_List_SizeW
CM_Open_DevNode_Key_Ex
CM_Get_Device_Interface_List_ExW
CM_Register_Device_Interface_ExW
CM_Get_Device_ID_ListW
CM_Register_Device_Interface_ExA
CM_Query_Remove_SubTree_Ex
CM_Get_HW_Prof_FlagsW
CM_Test_Range_Available
CM_Detect_Resource_Conflict
CM_Get_Class_Key_Name_ExW
CM_Get_Device_Interface_Alias_ExA
CM_Get_HW_Prof_FlagsA
CM_Add_Range
CM_Get_Next_Log_Conf_Ex
CMP_Init_Detection
CM_Query_And_Remove_SubTree_ExA
CM_Get_Device_ID_List_ExW
CM_Get_Res_Des_Data
CM_Get_Sibling_Ex
CM_Remove_SubTree
CM_Set_HW_Prof_Ex
CM_Get_Hardware_Profile_InfoW

linkinfo

IsValidLinkInfo
CreateLinkInfoW
DisconnectLinkInfo
ResolveLinkInfoW
ResolveLinkInfo
GetCanonicalPathInfoW
GetCanonicalPathInfoA
GetCanonicalPathInfo
CreateLinkInfoA
CompareLinkInfoReferents
CompareLinkInfoVolumes
GetLinkInfoData
ResolveLinkInfoA
CreateLinkInfo
DestroyLinkInfo

clbcatq

OpenComponentLibraryOnStreamEx
DowngradeAPL
ActivatorUpdateForIsRouterChanges
SetSetupOpen
SetSetupSave
GetSimpleTableDispenser
GetCatalogObject2
OpenComponentLibraryOnMemEx
CoRegCleanup
UpdateFromComponentChange
GetComputerObject
SetupOpen
DeleteAllActivatorsForClsid
InprocServer32FromString
UpdateFromAppChange
CheckMemoryGates
CLSIDFromStringByBitness
ComPlusMigrate
GetCatalogObject
CreateComponentLibraryEx
DllGetClassObject
ServerGetApplicationType
SetupSave
OpenComponentLibraryEx

Sections

.tixt
Size: 348KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 322KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a352345816c457cd748ef976e09069f0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

oleaut32

cryptui

mpr

sqlunirl

msvcrt

query

cfgmgr32

linkinfo

clbcatq

Sections

.tixt Size: 348KB - Virtual size: 348KB

.rdata Size: 200KB - Virtual size: 200KB

.data Size: 322KB - Virtual size: 1.7MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.tixt
Size: 348KB - Virtual size: 348KB

.rdata
Size: 200KB - Virtual size: 200KB

.data
Size: 322KB - Virtual size: 1.7MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B