a3e5315923283d6a1063f9b503594e3d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a3e5315923283d6a1063f9b503594e3d_JaffaCakes118
Size

857KB
MD5

a3e5315923283d6a1063f9b503594e3d
SHA1

bc61887eb3d3e4953998f83dd906afcaa23ab82a
SHA256

2febf7ddde0ca9bd7257ba307b1e613c1b0aaecc846bbc5391cba4477cd840f0
SHA512

694c9abc534f172000447b28125dec092aeeb483f0fcc5f632e4e122a12ea6709dd2db8aeed341e86fa58b4ce1723d21c17d817bfb3d5cfca87bdd9803f6d14b
SSDEEP

12288:6pWIuPibg9BGVVKLypKp5aLLwhXKZpvbjLBcsK1M1CYRR75Rw/9caEfUoFqWAJzl:6lBUS8LTkwKZpv3FTJagUoFqWwdME

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a3e5315923283d6a1063f9b503594e3d_JaffaCakes118

Files

a3e5315923283d6a1063f9b503594e3d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

bbe8bd9a3f51762394636ecee81f6df6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

avifil32

AVIPutFileOnClipboard
AVIBuildFilterA
AVIStreamReadData
EditStreamSetInfoA
AVISave
DllGetClassObject
IID_IAVIStream
AVIFileOpenA
AVISaveW
AVIStreamInfo
EditStreamPaste
AVIClearClipboard
AVIStreamWrite
AVIStreamOpenFromFileA
EditStreamSetInfo
AVIFileEndRecord
AVIStreamInfoW
AVIFileCreateStreamW
AVIStreamBeginStreaming
AVIStreamStart
AVIFileInfo
AVIFileInfoW
AVIGetFromClipboard
AVISaveOptions
AVIFileRelease
AVIStreamLength
IID_IGetFrame
AVIStreamOpenFromFile
AVIStreamGetFrameClose

ufat

??0FAT_SA@@QAE@XZ
?IsValidLastAccessTime@FAT_DIRENT@@QBEEXZ
?IsValidLastWriteTime@FAT_DIRENT@@QBEEXZ
??1FAT_DIRENT@@UAE@XZ
??0REAL_FAT_SA@@QAE@XZ
?InitFATChkDirty@REAL_FAT_SA@@QAEEPAVLOG_IO_DP_DRIVE@@PAVMESSAGE@@@Z
?QueryNthCluster@FAT@@QBEKKK@Z
?Initialize@CLUSTER_CHAIN@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z
?Index12@FAT@@ABEKK@Z
?QueryLastWriteTime@FAT_DIRENT@@QBEEPAT_LARGE_INTEGER@@@Z
?Initialize@REAL_FAT_SA@@UAEEPAVLOG_IO_DP_DRIVE@@PAVMESSAGE@@E@Z
??1FILEDIR@@UAE@XZ
?QueryCensusAndRelocate@FAT_SA@@QAEEPAU_CENSUS_REPORT@@PAVINTSTACK@@PAE@Z
?GetEa@EA_SET@@QAEPAU_EA@@KPAJPAE@Z
?SearchForDirEntry@FATDIR@@QAEPAXPBVWSTRING@@@Z
??1EA_HEADER@@UAE@XZ
??0EA_SET@@QAE@XZ
Format
?QueryName@FAT_DIRENT@@QBEEPAVWSTRING@@@Z
?Initialize@EA_SET@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z
?Write@CLUSTER_CHAIN@@UAEEXZ
?Initialize@ROOTDIR@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@KJ@Z
FormatEx
?QueryEaSetClusterNumber@EA_HEADER@@QBEGG@Z
?QueryLastAccessTime@FAT_DIRENT@@QBEEPAT_LARGE_INTEGER@@@Z
?QueryLengthOfChain@FAT@@QBEKKPAK@Z
?QueryFreeSectors@REAL_FAT_SA@@QBEKXZ
?QueryAllocatedClusters@FAT@@QBEKXZ
??1CLUSTER_CHAIN@@UAE@XZ
Recover
??0CLUSTER_CHAIN@@QAE@XZ
Chkdsk
?Set12@FAT@@AAEXKK@Z
?QueryCreationTime@FAT_DIRENT@@QBEEPAT_LARGE_INTEGER@@@Z
?Initialize@EA_HEADER@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z
??1ROOTDIR@@UAE@XZ
?Initialize@FAT_DIRENT@@QAEEPAX@Z
?Initialize@FILEDIR@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@K@Z
??0FILEDIR@@QAE@XZ
?IsValidCreationTime@FAT_DIRENT@@QBEEXZ
?AllocChain@FAT@@QAEKKPAK@Z

kernel32

SetConsoleMode
Module32FirstW
LCMapStringW
GetCompressedFileSizeW
GetSystemDefaultLCID
GetVolumePathNameW
GetCommConfig
CreateFileW
HeapUnlock
VirtualAlloc
InitializeCriticalSection
GetConsoleScreenBufferInfo
GlobalCompact
CreateActCtxA
TransactNamedPipe
RequestDeviceWakeup
HeapValidate
LCMapStringA
GetVersion
CreateFiberEx
EnumUILanguagesW
LoadLibraryA
LoadLibraryExA
VirtualUnlock
GetNumberOfConsoleInputEvents
GetFirmwareEnvironmentVariableW
AddConsoleAliasA

clusapi

GetClusterResourceState
GetClusterResourceKey
GetClusterQuorumResource
OnlineClusterResource
MoveClusterGroup
ClusterNetworkEnum
OpenClusterNode
ClusterRegGetKeySecurity
OpenCluster
CanResourceBeDependent
ClusterNodeCloseEnum
GetClusterNetInterfaceKey
GetClusterNotify
SetClusterGroupNodeList
RemoveClusterResourceNode
CreateClusterNotifyPort
RemoveClusterResourceDependency
ClusterRegSetKeySecurity
OnlineClusterGroup
CloseClusterNotifyPort
ResumeClusterNode
GetClusterFromNetInterface
ChangeClusterResourceGroup
SetClusterNetworkName
CreateClusterGroup
RegisterClusterNotify
ClusterResourceTypeCloseEnum
GetClusterNetworkKey
ClusterControl
ClusterNodeEnum
ClusterRegEnumKey
OpenClusterNetwork
ClusterRegQueryInfoKey
ClusterResourceOpenEnum
ClusterNodeOpenEnum
GetClusterFromNode
GetClusterFromNetwork

rastls

RasEapGetInfo
RasEapFreeMemory
DllGetClassObject
RasEapInvokeInteractiveUI
RasEapGetIdentity
RasEapInvokeConfigUI

ntdll

LdrGetDllHandle
NtSetInformationToken
_alldiv
ZwImpersonateClientOfPort
ZwSetHighEventPair
RtlGetOwnerSecurityDescriptor
RtlSetUserValueHeap
NtSetDefaultLocale
NtRenameKey
NtSuspendThread
LdrSetDllManifestProber
RtlLargeIntegerNegate
NtMakeTemporaryObject
ZwLoadDriver
wcslen
NtReadFileScatter
RtlMapSecurityErrorToNtStatus
DbgPrintEx
ZwCancelIoFile
ZwLockVirtualMemory
islower
NtSetInformationProcess
floor
LdrInitShimEngineDynamic
NtSetLowWaitHighEventPair
RtlCaptureStackBackTrace
RtlGetElementGenericTableAvl
RtlGetLastNtStatus
RtlCreateActivationContext
NtSetBootOptions
NtSetSystemPowerState
ZwDeleteFile

rasman

RasPortReserve
RasGetCalledIdInfo
RasEnumLanNets
RasGetNumPortOpen
RasRpcRemoteGetSystemDirectory
RasRpcRemoteRasDeleteEntry
RasGetCustomScriptDll
RasGetPortUserData
RasGetInfoEx
RasGetHConnFromEntry
RasPortGetStatistics
RasGetUnicodeDeviceName
RasPortReceiveEx
RasSignalNewConnection
RasSecurityDialogSend
RasSetConnectionParams
RasRpcEnumConnections
RasPortConnectComplete
RasPortClose
RasRpcGetUserPreferences
RasGetDeviceName
RasInitialize
RasSetDialParams
RasPortGetInfo
RasFreeBuffer
RasRpcSetUserPreferences
RasPortGetProtocolCompression
RasRpcDeviceEnum
RasPortSetFraming
RasPortBundle
RasSendCreds
RasmanUninitialize

Sections

.text
Size: 335KB - Virtual size: 335KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 313KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bbe8bd9a3f51762394636ecee81f6df6

Headers

DLL Characteristics

File Characteristics

Imports

avifil32

ufat

kernel32

clusapi

rastls

ntdll

rasman

Sections

.text Size: 335KB - Virtual size: 335KB

.rdata Size: 205KB - Virtual size: 205KB

.data Size: 313KB - Virtual size: 1.8MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 335KB - Virtual size: 335KB

.rdata
Size: 205KB - Virtual size: 205KB

.data
Size: 313KB - Virtual size: 1.8MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B