946e6e558fefb37736f4c809db5516fd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

946e6e558fefb37736f4c809db5516fd_JaffaCakes118
Size

822KB
MD5

946e6e558fefb37736f4c809db5516fd
SHA1

a379f6465001ca4141e9e59386a73b6449cc8200
SHA256

21a9a9d904a1827024f23f363a16f6222e261c8b3c06a8f479f87824dff69955
SHA512

909821fee1ae56d675efb0179da482e360a24693443b4350349727b1306f9950f362e0db716bb8cf186b7c3e16cb50b9d3e8e547736b0d8a379c424252470f81
SSDEEP

12288:0yjBX5k1pK3CAhbTlGSsR4i5QEcTNTU4Ozy9LboLhjpmK1ocHx646aCnmYqViYGy:0dK3Cqc3Z55cTlUfWvARpbocH2wgU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
946e6e558fefb37736f4c809db5516fd_JaffaCakes118

Files

946e6e558fefb37736f4c809db5516fd_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ae697dea778650c1cb4d279335674773

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetTextFaceW
SetDCBrushColor
EngCreateDeviceBitmap
BeginPath
GetColorSpace
CreateDiscardableBitmap
GdiPlayPrivatePageEMF
SetWindowExtEx
GetPixel
GetGlyphOutlineW
EnumMetaFile
GdiConvertToDevmodeW
GdiSetAttrs
SetBitmapAttributes
Polygon
GetMetaFileW
GdiEntry14
GdiDrawStream
GetTextExtentPoint32A
DdEntry24
TextOutW
CopyEnhMetaFileW
GetGlyphOutlineWow
EnumFontsA
GetStringBitmapW
AddFontResourceW
SetBrushOrgEx
EngBitBlt
TranslateCharsetInfo
CloseMetaFile
DdEntry48

kernel32

RequestWakeupLatency
GetWriteWatch
GlobalHandle
UnregisterWait
GetConsoleScreenBufferInfo
BaseUpdateAppcompatCache
MapViewOfFileEx
OpenProfileUserMapping
GlobalFlags
SetConsoleInputExeNameA
FlushInstructionCache
UnregisterWaitEx
PeekConsoleInputA
lstrlenW
LoadLibraryA
TerminateThread
lstrcpynW
GetCommConfig
WriteProfileStringA
Thread32First
WaitForSingleObject
GetUserDefaultUILanguage
WriteProfileStringW
SetFilePointerEx
LocalSize
FillConsoleOutputAttribute
GetConsoleWindow
SetConsoleIcon
SetConsoleNumberOfCommandsW
SetLocalPrimaryComputerNameW
SetConsoleTitleW
VirtualAlloc
ReadConsoleA
LZDone
GetConsoleTitleW
FreeLibrary
IsBadReadPtr
VirtualQuery
MoveFileExA

vssapi

?GetCurrentLevel@CVssWriter@@IBG?AW4_VSS_APPLICATION_LEVEL@@XZ
?Uninitialize@CVssJetWriter@@QAGXXZ
?OnPostSnapshot@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
??0CVssJetWriter@@QAE@XZ
?InstallAlternateWriter@CVssWriter@@QAGJU_GUID@@0@Z
?OnVSSShutdown@CVssWriter@@UAG_NXZ
?OnPostRestoreBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?IsPartialFileSupportEnabled@CVssWriter@@IBG_NXZ
?OnContinueIOOnVolume@CVssWriter@@UAG_NPAGU_GUID@@1@Z
?OnAbortBegin@CVssJetWriter@@UAGXXZ
?GetBackupType@CVssWriter@@IBG?AW4_VSS_BACKUP_TYPE@@XZ
?CreateVssBackupComponents@@YGJPAPAVIVssBackupComponents@@@Z
?OnBackupCompleteBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnVSSApplicationStartup@CVssWriter@@UAG_NXZ
VssFreeSnapshotProperties
??0CVssWriter@@QAE@XZ
?GetCurrentSnapshotSetId@CVssWriter@@IBG?AU_GUID@@XZ
?OnPrepareBackupEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
?OnPrepareSnapshotBegin@CVssJetWriter@@UAG_NXZ
?SetWriterFailure@CVssWriter@@IAGJJ@Z
?OnPreRestoreBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPostRestoreEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
?IsPathAffected@CVssWriter@@IBG_NPBG@Z
?OnPreRestoreEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
?OnPrepareBackup@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?CreateVssSnapshotSetDescription@@YGJU_GUID@@JPAPAVIVssSnapshotSetDescription@@@Z
?CreateVssExamineWriterMetadata@@YGJPAGPAPAVIVssExamineWriterMetadata@@@Z
?OnPrepareBackupBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnThawEnd@CVssJetWriter@@UAG_N_N@Z
?OnPrepareSnapshotEnd@CVssJetWriter@@UAG_N_N@Z
?Unsubscribe@CVssWriter@@QAGJXZ
?OnFreezeBegin@CVssJetWriter@@UAG_NXZ
?OnBackupCompleteEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
?IsBootableSystemStateBackedUp@CVssWriter@@IBG_NXZ
?Subscribe@CVssWriter@@QAGJK@Z
?OnBackupComplete@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnIdentify@CVssJetWriter@@UAG_NPAVIVssCreateWriterMetadata@@@Z
?OnBackOffIOOnVolume@CVssWriter@@UAG_NPAGU_GUID@@1@Z
?OnFreezeEnd@CVssJetWriter@@UAG_N_N@Z
??1CVssJetWriter@@UAE@XZ
?OnThawBegin@CVssJetWriter@@UAG_NXZ
?OnPreRestore@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z

winmm

midiOutGetNumDevs
mciGetDeviceIDW
mxd32Message
mciSendStringA
midiInGetErrorTextW
joySetCapture
mciGetYieldProc
waveOutPrepareHeader
waveInStart
PlaySound
midiOutGetErrorTextA
mmioOpenW
waveInPrepareHeader
midiDisconnect
waveOutClose
joyGetNumDevs
aux32Message
waveInReset
mmioCreateChunk
midiInClose
mixerGetLineControlsA
waveOutPause
mixerClose
midiOutReset
midiStreamOpen
timeKillEvent
waveOutSetPitch
waveOutGetNumDevs
waveOutRestart
timeGetDevCaps
mid32Message
joySetThreshold
mmioStringToFOURCCA
mixerGetNumDevs
timeBeginPeriod
mixerGetLineInfoA
waveInGetID
joyConfigChanged
midiStreamProperty
mciGetDriverData
midiStreamPause
mmDrvInstall
mciGetDeviceIDFromElementIDA
waveOutGetDevCapsW

polstore

IPSecCopyAuthMethod
IPSecAssignPolicy
IPSecOpenPolicyStore
IPSecFreeMulPolicyData
IPSecAllocPolStr
IPSecEnumNegPolData
IPSecDeleteISAKMPData
IPSecSetFilterData
IPSecSetNFAData
IPSecFreeFilterSpec
IPSecGetISAKMPData
IPSecDeleteFilterData
IPSecCopyFilterData
IPSecCopyNegPolData
IPSecFreeFilterData
IPSecCopyFilterSpec
IPSecCreateNegPolData
IPSecGetFilterData
IPSecFreeNegPolData
IPSecCopyPolicyData
IPSecSetPolicyData
IPSecDeletePolicyData
IPSecCopyISAKMPData
IPSecFreeNFAData
IPSecClosePolicyStore
IPSecDeleteNegPolData
IPSecExportPolicies
IPSecFreeMulISAKMPData
IPSecEnumPolicyData
IPSecUnassignPolicy
IPSecDeleteNFAData
IPSecSetNegPolData
IPSecCreateNFAData
IPSecGetNegPolData
IPSecIsDomainPolicyAssigned
IPSecFreeMulNegPolData
IPSecFreeMulNFAData
IPSecCreateISAKMPData

clusapi

SetClusterQuorumResource
ClusterResourceTypeOpenEnum
ClusterRegCreateKey
ClusterNetworkCloseEnum
ClusterRegGetKeySecurity
CloseClusterGroup
OpenClusterNetInterface
OpenClusterNetwork
GetClusterInformation
OpenClusterResource
OpenCluster
ClusterEnum
GetClusterFromResource
CloseClusterResource
SetClusterGroupNodeList
ClusterRegSetKeySecurity
CloseCluster
AddClusterResourceNode
CanResourceBeDependent
GetClusterNodeState
OpenClusterNode
ClusterOpenEnum
ClusterRegDeleteKey
GetClusterNetworkKey
ClusterNetworkGetEnumCount
CreateClusterResourceType
GetNodeClusterState
ClusterRegQueryInfoKey
ClusterRegQueryValue
ClusterRegEnumKey
GetClusterFromNetInterface

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 714KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae697dea778650c1cb4d279335674773

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

kernel32

vssapi

winmm

polstore

clusapi

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 79KB - Virtual size: 78KB

.data Size: 714KB - Virtual size: 2.1MB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 288B

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 79KB - Virtual size: 78KB

.data
Size: 714KB - Virtual size: 2.1MB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 288B