a3843797b8b56e753c909d76d5238273_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a3843797b8b56e753c909d76d5238273_JaffaCakes118
Size

872KB
MD5

a3843797b8b56e753c909d76d5238273
SHA1

5125de2a356ae2d7a38fae6df4e8ac4e2a6e7f94
SHA256

061c73ac036a8bd9521abba6d9b09749cffb375bd84d48460bc51d1386689a9b
SHA512

2250b83fb40c69b586c3ca974f42526ed8135f2cf09d84640abb077832e77b0bb2c30db8dddd6cee1ff3263f6123409c1cebefc1a391300b3c9f03528117224c
SSDEEP

12288:h009TGfJi37ixv3w7xgqNIX/V1u4c/+gNWyfP54x5YUvJIZvdpPRkYwgi6iYw:i06irixvaCqNId1U/yuR4xN4vdpPRby

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a3843797b8b56e753c909d76d5238273_JaffaCakes118

Files

a3843797b8b56e753c909d76d5238273_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e785d7fb2beffc07db57d3d23632f2c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ContinueDebugEvent
SetLocaleInfoW
GetCommandLineA
GetLargestConsoleWindowSize
CreateEventW
SetProcessAffinityMask
LocalAlloc
BaseUpdateAppcompatCache
FormatMessageW
GetSystemPowerStatus
GetConsoleCommandHistoryLengthW
QueueUserAPC
GetConsoleTitleA
VerifyVersionInfoW
GetConsoleAliasExesLengthA
WritePrivateProfileSectionW
SetCalendarInfoA
GetProcessPriorityBoost
CompareStringA
SetCurrentDirectoryA
GetVersion
WriteFileEx
PostQueuedCompletionStatus
GetWindowsDirectoryW
SetCommTimeouts
AddRefActCtx
GetSystemTimeAdjustment
CloseProfileUserMapping
WriteConsoleA
lstrcatA
LoadLibraryA
VirtualAlloc
GetCurrentThread
FreeEnvironmentStringsW
VerifyVersionInfoA
Heap32ListNext
QueryPerformanceCounter
DeactivateActCtx
SetCurrentDirectoryW
LockResource
QueryMemoryResourceNotification
FindResourceExA
lstrcpynA
EscapeCommFunction
GetBinaryType
WriteConsoleInputA
HeapWalk
DosDateTimeToFileTime
GetPriorityClass
lstrcmpiW
SetConsoleNumberOfCommandsA
FindAtomA
RtlMoveMemory
GetComputerNameW
lstrcmp
FatalExit
ReadConsoleOutputCharacterA
ReadFileScatter
RemoveLocalAlternateComputerNameW
SetStdHandle
GetEnvironmentVariableA
RestoreLastError
MoveFileExA
GetTapeParameters
GetCommModemStatus
GetCurrencyFormatW
ScrollConsoleScreenBufferA
FormatMessageA
HeapValidate
RtlCaptureStackBackTrace
MapViewOfFileEx
Module32Next
CreateHardLinkA
GetEnvironmentStringsW
GetWriteWatch
GetSystemDefaultLCID
WriteConsoleOutputAttribute
LocalShrink
ExpandEnvironmentStringsW

cryptui

CryptUIDlgViewCRLA
CryptUIGetCertificatePropertiesPagesA
CryptUIDlgSelectCertificateFromStore
CryptUIWizSubmitCertRequestNoDS
CryptUIDlgViewCRLW
CryptUIFreeCertificatePropertiesPagesA
CryptUIGetCertificatePropertiesPagesW
CryptUIGetViewSignaturesPagesA
CryptUIWizCreateCertRequestNoDS
CryptUIWizFreeCertRequestNoDS
LocalEnroll
CryptUIDlgViewSignerInfoW
CryptUIStartCertMgr
CryptUIDlgSelectStoreW
CryptUIWizQueryCertRequestNoDS
WizardFree
CryptUIGetViewSignaturesPagesW
CryptUIDlgCertMgr
ACUIProviderInvokeUI
CryptUIWizExport
CryptUIDlgViewContext
CryptUIWizImport
CryptUIDlgViewCTLW
CryptUIDlgSelectCertificateA
I_CryptUIProtectFailure
CryptUIDlgViewCertificateW
CryptUIDlgViewSignerInfoA
CryptUIFreeViewSignaturesPagesW
LocalEnrollNoDS
RetrievePKCS7FromCA
CryptUIFreeCertificatePropertiesPagesW
CryptUIWizDigitalSign
CryptUIDlgSelectCA

advapi32

ElfReadEventLogA
LookupAccountNameW
CryptGetUserKey
RegOpenKeyExA
UnregisterTraceGuids
BackupEventLogA
SystemFunction018
LsaFreeMemory
AddAccessDeniedAce
StartTraceW
CloseTrace
ConvertStringSidToSidW
SystemFunction007
WmiSetSingleItemA
ReadEventLogA
OpenEventLogA
SystemFunction001
OpenTraceW
EnumDependentServicesA
LsaLookupPrivilegeName
SetServiceBits
CryptGetKeyParam
InitiateSystemShutdownA
GetTrusteeFormA
SystemFunction028
MD5Final
SystemFunction016
CryptDestroyKey
RegEnumKeyExW
WmiNotificationRegistrationW
GetInheritanceSourceA
CryptEnumProvidersW
CryptAcquireContextA
RegOpenKeyA
AddAccessDeniedObjectAce
ElfClearEventLogFileW
ElfCloseEventLog
FlushTraceW
MD5Update
CryptGetDefaultProviderA
SetEntriesInAclW
SetEntriesInAccessListA
CredReadDomainCredentialsW
ConvertToAutoInheritPrivateObjectSecurity
CredGetSessionTypes
ConvertStringSDToSDDomainA
QueryServiceObjectSecurity
SetNamedSecurityInfoExW
RegEnumValueA
AccessCheckByTypeResultListAndAuditAlarmByHandleW
CryptSetKeyParam
ClearEventLogW
DeleteService
CopySid
SystemFunction006
WmiExecuteMethodW
AbortSystemShutdownW
CredProfileLoaded
CryptSetProvParam
SystemFunction040
LookupAccountSidA

query

LoadTextFilter
??0CTimeLimit@@QAE@KK@Z
?LookupSDID@CSdidLookupTable@@QAEKPAXK@Z
?ParseTree@CParseCommandTree@@QAEXPAVCDbCmdTreeNode@@@Z
??0CColumnSet@@QAE@I@Z
?ParseOneLine@CPropertyList@@SGXAAVCQueryScanner@@HAAV?$XPtr@VCPropEntry@@@@@Z
?Open@CMmStream@@QAEXPBGKKKKH@Z
CIState
??1CColumns@@QAE@XZ
?Init@CFileMapView@@QAEXXZ
?AddKey@CSynRestriction@@QAEXABVCKeyBuf@@@Z
?Add@CWorkQueue@@QAEXPAVPWorkItem@@@Z
??1CKeyArray@@QAE@XZ
?GetGlobalPropListFile@@YGPAVCPropListFile@@XZ
?WriteProperty@CPropStoreManager@@QAEJKKABVCStorageVariant@@@Z
??0CKeyArray@@QAE@HH@Z
??1CImpersonateSystem@@QAE@XZ
?GetPropInfo@CEmptyPropertyList@@QAEHPBGPAPAVCDbColId@@PAGPAI@Z
?QueryInterface@CFwPropertyMapper@@UAGJABU_GUID@@PAPAX@Z
LoadIFilter
?SetPath@CScopeAdmin@@QAEXPBG@Z
??0CPersDeComp@@QAE@AAVPDirectory@@KAAVCPhysIndex@@KHH@Z
??1?$XPtr@VCDbProjectListElement@@@@QAE@XZ
??1CRegNotify@@MAE@XZ
?Init@CMmStreamConsecBuf@@QAEXPAVPMmStream@@@Z
?Release@CWorkQueue@@QAEXPAVCWorkThread@@@Z
?IsWaitingForDocument@CFilterDaemon@@QAEHXZ
?SetCurrentProperty@CQueryParser@@AAEXPBGW4PropertyType@@@Z
?GetColumn@CCatState@@QBEPBGI@Z
?GetPropInfoFromId@CEmptyPropertyList@@UAGJPBUtagDBID@@PAPAGPAGPAI@Z
??0CRangeKeyRepository@@QAE@XZ
?FillMax@CKeyArray@@QAEHH@Z
?IsValid@COccRestriction@@QBEHXZ
?Clone@CDbCmdTreeNode@@QBEPAV1@H@Z
?GetCategory@CCatState@@QBEPBGI@Z

Sections

.text
Size: 310KB - Virtual size: 310KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 311KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e785d7fb2beffc07db57d3d23632f2c0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

cryptui

advapi32

query

Sections

.text Size: 310KB - Virtual size: 310KB

.rdata Size: 311KB - Virtual size: 311KB

.data Size: 1024B - Virtual size: 1.7MB

.rsrc Size: 248KB - Virtual size: 248KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 310KB - Virtual size: 310KB

.rdata
Size: 311KB - Virtual size: 311KB

.data
Size: 1024B - Virtual size: 1.7MB

.rsrc
Size: 248KB - Virtual size: 248KB

.reloc
Size: 1024B - Virtual size: 1024B