a10a2ddb6938e2ecfe756b800df65260_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a10a2ddb6938e2ecfe756b800df65260_JaffaCakes118
Size

378KB
MD5

a10a2ddb6938e2ecfe756b800df65260
SHA1

82a0362fa2cb738a8295b42d3dc710fa3ece887a
SHA256

ccb1570ca87c7c06d05d5a76de6ae6d2588e7282aca0dc212bdd6899bb65da02
SHA512

2b65fdbeffcc7b28b108358b4abc33bb27e9540f001b86267fa84c49c86e5aa3086f6ffeb0dd47d237784a4d1d6193f5ee38dbfa4ef507f9dc0b550149120add
SSDEEP

6144:H24MgftM+6yz2G+tCJ9Lt7Z2l0gOWoNZCJB5rRycT2fPlZZ/AOGyrJ+VAlWIECJq:HogftM+6yz2GaE9Lt7Z2l0gloNZCJB5X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a10a2ddb6938e2ecfe756b800df65260_JaffaCakes118

Files

a10a2ddb6938e2ecfe756b800df65260_JaffaCakes118
.exe windows:6 windows x86 arch:x86

ce92ebab3c44f5a3a66169fb0de4971a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\BldNetMCP\rel\mcp_drv\rel73\mcp\drivers\net\apps2\bin\nSvcAppFlt.pdb

Imports

nmi

ord2
ord3
ord1
?GetString@nCException@@QAEXPAPA_W@Z
?GetErrcode@nCException@@QBEXAAW4tagERRCODE@@@Z
??1nCException@@QAE@XZ
?GetString@nCException@@QBEXAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

nv_common

??0nCLog@@QAE@XZ
?LogTrace@nCLog@@QAA_NPB_WJ0ZZ
?LogError@nCLog@@QAA_NJPB_WJ0ZZ
?Flush@nCLog@@QAEHXZ
??1nCLog@@QAE@XZ
?Initialize@nCLog@@QAEXIIPB_W0@Z

psapi

GetModuleFileNameExW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

specialcase

?SPGetValue@nCSpecialCase@@QAGXPAPA_WPAVnCManagedObject@@@Z
??0nCSpecialCase@@QAE@PAVnCNMI@@ABUtagAccessHandle@@@Z
?SPSetValue@nCSpecialCase@@QAG?AW4tagERRCODE@@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PAVnCManagedObject@@W4tagOptimizeType@@@Z

kernel32

SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
OutputDebugStringW
GetComputerNameW
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
CloseHandle
GetCurrentProcess
GetCurrentThread
GetCommandLineW
GetVersionExW
RaiseException
InitializeCriticalSection
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
Sleep
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetLongPathNameW
OpenProcess
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
GetOEMCP
GetCPInfo
HeapSize
FreeLibrary
GetLastError
lstrlenW
GetModuleFileNameW
GetModuleHandleW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
CreateFileW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStartupInfoA
QueryPerformanceCounter
GetTimeZoneInformation
SetEndOfFile
ReadFile
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetTickCount
SetConsoleCtrlHandler
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualQuery
SetFilePointer
GetConsoleCP
GetConsoleMode
DeleteCriticalSection
FlushFileBuffers
SetStdHandle
IsValidCodePage
GetModuleFileNameA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
GetLocaleInfoW
GetStdHandle
WriteFile
ExitProcess
VirtualAlloc
FatalAppExitA
VirtualFree
HeapCreate
HeapDestroy
SetLastError
TlsFree
TlsSetValue
TlsAlloc
GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
RtlUnwind
HeapFree
HeapAlloc
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcessHeap
GetStartupInfoW
DebugBreak
WideCharToMultiByte
lstrlenA
GetProcAddress
LoadLibraryA
GetModuleHandleA
TlsGetValue

user32

CharNextW
PostThreadMessageW
DispatchMessageW
LoadStringW
MessageBoxW
wsprintfW
UnregisterClassA
GetMessageW

advapi32

OpenProcessToken
StartServiceCtrlDispatcherW
ControlService
DeleteService
CreateServiceW
GetTokenInformation
OpenThreadToken
SetSecurityDescriptorGroup
IsValidSid
GetLengthSid
CopySid
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
SetServiceStatus
RegisterServiceCtrlHandlerW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeSecurity
CoInitializeEx
CoRegisterClassObject
CoRevokeClassObject
CoInitialize
StringFromGUID2
CoCreateInstance
CoUninitialize

oleaut32

SysStringLen
SysAllocString
VarUI4FromStr
SysFreeString
LoadTypeLi
UnRegisterTypeLi
LoadRegTypeLi
SysAllocStringLen
RegisterTypeLi

shlwapi

SHDeleteKeyW

Sections

.text
Size: 276KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.FWLSvcS
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce92ebab3c44f5a3a66169fb0de4971a

Headers

File Characteristics

PDB Paths

Imports

nmi

nv_common

psapi

version

specialcase

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

Sections

.text Size: 276KB - Virtual size: 272KB

.rdata Size: 72KB - Virtual size: 69KB

.data Size: 8KB - Virtual size: 15KB

.FWLSvcS Size: 4KB - Virtual size: 2B

.rsrc Size: 12KB - Virtual size: 9KB

.text
Size: 276KB - Virtual size: 272KB

.rdata
Size: 72KB - Virtual size: 69KB

.data
Size: 8KB - Virtual size: 15KB

.FWLSvcS
Size: 4KB - Virtual size: 2B

.rsrc
Size: 12KB - Virtual size: 9KB