a3e6bfe80b2f82428d7f87543ad41c63_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a3e6bfe80b2f82428d7f87543ad41c63_JaffaCakes118
Size

868KB
MD5

a3e6bfe80b2f82428d7f87543ad41c63
SHA1

0b162cc9c7975e47064daa383eb5538700efba6a
SHA256

4f49ade62fc9266164b4b44840a8be695730a3769feb8c7279d7e167f53c6390
SHA512

c67c48ea62985345fcc5ebece977a25d06865286d772da63c1694094dffcdbffc1619bf76750129793398f88399f55f50fd60b6ed1111a97e3da676ab4a406b9
SSDEEP

12288:D8mNEZYvLJ4OK+rETNOLjkRGSb462Mg41tUjyhIeXEHfse2nD9LIumKdQJFI1:D8jAJ4OZrGFAS12BCAy5blRLFu81

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a3e6bfe80b2f82428d7f87543ad41c63_JaffaCakes118

Files

a3e6bfe80b2f82428d7f87543ad41c63_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0fc4d2b5f6351a1993245e80957520dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

secur32

InitializeSecurityContextA
LsaRegisterLogonProcess
GetComputerObjectNameA
CompleteAuthToken
QueryCredentialsAttributesW
AddSecurityPackageW
EncryptMessage
CredMarshalTargetInfo
LsaEnumerateLogonSessions
LsaDeregisterLogonProcess
MakeSignature
DeleteSecurityContext
DeleteSecurityPackageA
InitSecurityInterfaceA
InitSecurityInterfaceW
SaslGetProfilePackageA
AcceptSecurityContext
VerifySignature
QueryContextAttributesW
AcquireCredentialsHandleA
RevertSecurityContext
LsaFreeReturnBuffer
SaslIdentifyPackageW
FreeContextBuffer
SaslIdentifyPackageA
QuerySecurityContextToken
GetSecurityUserInfo
SecpFreeMemory
SaslEnumerateProfilesW
DecryptMessage
SecpTranslateNameEx
SetContextAttributesW
FreeCredentialsHandle
SealMessage
SetContextAttributesA
EnumerateSecurityPackagesA
TranslateNameW
SaslGetProfilePackageW
GetUserNameExA
ImpersonateSecurityContext
LsaLookupAuthenticationPackage
DeleteSecurityPackageW

sqlunirl

_NDdeShareAdd_@20
_RegEnumKey_@16
_ChooseFont_@4
_PeekMessage@20
_CreateProcess_@40
_CreateIC_@16
_OpenWaitableTimer_@12
_CreateColorSpace_@4
_GetTempPath_@8
_IsCharUpper_@4
_GetCharWidth_@16
_GetClassName_@12
_RegSetValue_@20
_LookupAccountName_@28
_CreateFont@56
_IsCharAlphaNumeric_@4
_RegisterServiceCtrlHandler_@8
_GetKerningPairs_@12
_AddAtom_@4
_CreateProcessAsUser_@44
_GetServiceKeyName_@16
_GetFileAttributes_@4
_LoadCursorFromFile_@4
_GetModuleFileName@12
_NDdeShareEnum_@24
_PolyTextOut_@12
_CreateDialogIndirectParam@20
_IsBadStringPtr_@8
_ChangeServiceConfig_@44
_NDdeGetShareSecurity_@24
_CreateEnhMetaFile_@16
_RegisterEventSource_@8
_GetCharWidthFloat_@16
_NDdeShareGetInfo_@28
_FindWindow_@8

atl

AtlGetObjectSourceInterface
DllGetClassObject
AtlIPersistStreamInit_Load
AtlModuleRegisterServer
AtlComPtrAssign
AtlDevModeW2A
AtlAxCreateDialogA
AtlModuleRegisterClassObjects
AtlModuleLoadTypeLib
AtlModuleExtractCreateWndData
AtlIPersistStreamInit_Save
AtlAxCreateControlEx
AtlComQIPtrAssign
AtlAxDialogBoxA
AtlWaitWithMessageLoop
AtlModuleRegisterWndClassInfoA
AtlModuleAddCreateWndData
AtlModuleUnregisterServer
AtlModuleRevokeClassObjects
AtlAxWinInit
AtlModuleTerm
AtlModuleUnregisterServerEx
AtlMarshalPtrInProc
AtlGetVersion
AtlIPersistPropertyBag_Save
AtlPixelToHiMetric
AtlAxCreateDialogW

ntdll

ZwAccessCheckByTypeAndAuditAlarm
RtlFindMostSignificantBit
RtlOemStringToUnicodeSize
ZwRestoreKey
NtDuplicateToken
isgraph
NtWaitHighEventPair
ZwNotifyChangeMultipleKeys
ZwEnumerateSystemEnvironmentValuesEx
ZwMapUserPhysicalPages
ZwIsProcessInJob
NtSetDefaultHardErrorPort
RtlPrefixUnicodeString
ZwUnloadDriver
RtlUnlockBootStatusData
NtAlertThread
NtCreateEvent
RtlTraceDatabaseCreate
isspace
NtOpenThreadTokenEx
NtMakePermanentObject
RtlConvertToAutoInheritSecurityObject
RtlGetLengthWithoutTrailingPathSeperators
RtlUlonglongByteSwap
DbgUiIssueRemoteBreakin
RtlRemoteCall
_strlwr

kernel32

ReadConsoleOutputCharacterA
LeaveCriticalSection
CreateFileMappingW
EnumSystemCodePagesA
AddVectoredExceptionHandler
DeleteCriticalSection
LocalReAlloc
ProcessIdToSessionId
TerminateThread
GetStringTypeExA
lstrcmp
EnumSystemLanguageGroupsA
SetSystemTimeAdjustment
GetSystemDirectoryW
EnterCriticalSection
Process32FirstW
GetCurrentProcess
lstrcmpiA
GetEnvironmentVariableA
GlobalWire
VirtualAlloc
GetPrivateProfileSectionW
CloseProfileUserMapping
ReadFileScatter
RegisterWaitForInputIdle
SetDefaultCommConfigW
GetCurrentThread
LoadLibraryExW
LoadResource
GetAtomNameW
FindFirstVolumeMountPointW
PrivCopyFileExW
ReadConsoleOutputCharacterW
SetFileAttributesW
OpenWaitableTimerW
CreateDirectoryW
LoadLibraryA
SetHandleCount
PeekNamedPipe
WriteConsoleOutputW
DisconnectNamedPipe
GetEnvironmentStringsA
BaseFlushAppcompatCache
DnsHostnameToComputerNameW
FindResourceExW
GetDriveTypeW
LZCopy
InitializeCriticalSection

ifsutil

??1DP_DRIVE@@UAE@XZ
??1TLINK@@UAE@XZ
?QueryMediaByte@DP_DRIVE@@QBEEXZ
?SetVolumeLabelAndPrintFormatReport@VOL_LIODPDRV@@QAEEPBVWSTRING@@PAVMESSAGE@@@Z
?QueryContainingRange@NUMBER_SET@@QBEEVBIG_INT@@PAV2@1@Z
?QueryNtfsTime@IFS_SYSTEM@@SGXPAT_LARGE_INTEGER@@@Z
?GetBuffer@TLINK@@QAEPAXPAX@Z
?Initialize@TLINK@@QAEEG@Z
?GetDrive@SECRUN@@QAEPAVIO_DP_DRIVE@@XZ
??0CANNED_SECURITY@@QAE@XZ
?Initialize@CANNED_SECURITY@@QAEEXZ
?GetFirst@TLINK@@QAEPAXXZ
?CheckAndAdd@NUMBER_SET@@QAEEVBIG_INT@@PAE@Z
?Remove@NUMBER_SET@@QAEEVBIG_INT@@@Z
?IsFrontEndPresent@AUTOREG@@SGEPBVWSTRING@@0@Z
??0DIGRAPH_EDGE@@QAE@XZ
?WriteToFile@IFS_SYSTEM@@SGEPBVWSTRING@@PAXKE@Z
??1VOL_LIODPDRV@@UAE@XZ
?QueryChildren@DIGRAPH@@QBEEKPAVNUMBER_SET@@@Z
?SetCache@IO_DP_DRIVE@@QAEXPAVDRIVE_CACHE@@@Z
?QueryDriveHandle@DP_DRIVE@@QBEPAXXZ
?SendSonyMSInquiryCmd@DP_DRIVE@@QAEEPAUSONY_MS_INQUIRY_DATA@@@Z
?FileSetAttributes@IFS_SYSTEM@@SGEPBVWSTRING@@KPAK@Z
??1CANNED_SECURITY@@UAE@XZ
?CheckAndRemove@NUMBER_SET@@QAEEVBIG_INT@@PAE@Z
??0READ_WRITE_CACHE@@QAE@XZ
?Add@NUMBER_SET@@QAEEPBV1@@Z
?InvalidateVolume@IO_DP_DRIVE@@QAEEXZ
??0LOG_IO_DP_DRIVE@@QAE@XZ
?QueryAutochkTimeOut@VOL_LIODPDRV@@SGEPAK@Z
??0SPARSE_SET@@QAE@XZ
??1SUPERAREA@@UAE@XZ
?DumpHashTable@SPARSE_SET@@QAEXXZ
?IsFileSystemEnabled@IFS_SYSTEM@@SGEPBVWSTRING@@PAE@Z
?AddNext@NUMBER_SET@@QAEEVBIG_INT@@@Z
??0SUPERAREA@@IAE@XZ
?EnableVolumeCompression@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?GetCannedSecurityDescriptor@CANNED_SECURITY@@QAEPAXW4_CANNED_SECURITY_TYPE@@PAK@Z
?Look@INTSTACK@@QBE?AVBIG_INT@@K@Z
?Initialize@MOUNT_POINT_MAP@@QAEEXZ
?Initialize@VOL_LIODPDRV@@IAEEPBVWSTRING@@0PAVSUPERAREA@@PAVMESSAGE@@E@Z
?AddDriveName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z

msdart

?IsWinNt4orLater@CMdVersionInfo@@SAHXZ
?sm_wDefaultSpinCount@CSmallSpinLock@@1GA
SetMemHook
?ConvertExclusiveToShared@CSmallSpinLock@@QAEXXZ
MpHeapDestroy
??1CLKRHashTable@@QAE@XZ
?Size@CLKRHashTable@@QBEKXZ
?GetDefaultSpinCount@CReaderWriterLock3@@SGGXZ
??4CReaderWriterLock2@@QAEAAV0@ABV0@@Z
?_H1@CLKRLinearHashTable@@ABEKK@Z
?Size@CLKRLinearHashTable@@QBEKXZ
?SetSpinCount@CFakeLock@@QAE_NG@Z
?_TryReadLock@CReaderWriterLock@@AAE_NXZ
?_CalcKeyHash@CLKRHashTable@@ABEKK@Z
?ReadLock@CSmallSpinLock@@QAEXXZ
UMSEnterCSWraper
??1CLockedSingleList@@QAE@XZ
?RemoveEntry@CLockedDoubleList@@QAEXQAVCListEntry@@@Z
?TryReadLock@CReaderWriterLock3@@QAE_NXZ
?DeleteKey@CLKRLinearHashTable@@QAE?AW4LK_RETCODE@@K@Z
?WriteLock@CReaderWriterLock2@@QAEXXZ
?sm_wDefaultSpinCount@CCritSec@@1GA
?Apply@CLKRLinearHashTable@@QAEKP6G?AW4LK_ACTION@@PBXPAX@Z1W4LK_LOCKTYPE@@@Z
?ConvertSharedToExclusive@CLKRLinearHashTable@@QBEXXZ
?IsValid@CLKRHashTable@@QBE_NXZ
MPCSInitialize
?SetDefaultSpinAdjustmentFactor@CReaderWriterLock2@@SGXN@Z
?FindRecord@CLKRHashTable@@QBE?AW4LK_RETCODE@@PBX@Z
?RemoveHead@CLockedDoubleList@@QAEQAVCListEntry@@XZ
?IsReadLocked@CSpinLock@@QBE_NXZ
?ConvertSharedToExclusive@CSmallSpinLock@@QAEXXZ
??4CFakeLock@@QAEAAV0@ABV0@@Z
?IsWriteLocked@CSmallSpinLock@@QBE_NXZ
??0CCritSec@@QAE@XZ
?ConvertExclusiveToShared@CLKRHashTable@@QBEXXZ
?ConvertExclusiveToShared@CLKRLinearHashTable@@QBEXXZ
?SetDefaultSpinAdjustmentFactor@CSpinLock@@SGXN@Z
?_ReadOrWriteUnlock@CLKRLinearHashTable@@ABEX_N@Z
?sm_wDefaultSpinCount@CSpinLock@@1GA
?_DeleteKey@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@KK@Z
?InitializeVersionInfo@CMdVersionInfo@@CAHXZ

query

?IsValid@CAllocStorageVariant@@QBEHXZ
?AddTable@CDbNestingNode@@QAEHPAVCDbCmdTreeNode@@@Z
FsCiShutdown
?MakeMetadataICommand@@YGJPAPAUIUnknown@@W4CiMetaData@@PBG2PAU1@@Z
DllGetClassObject
?ReInit@CQueryUnknown@@QAEXKPAPAVCRowset@@@Z
??0CRcovStrmTrans@@IAE@AAVPRcovStorageObj@@W4RcovOpType@@@Z
_AbortMerges@16
??0CPropNameArray@@QAE@I@Z
??1CLangList@@QAE@XZ
?MultiByteToXArrayWideChar@@YGKPBEKIAAV?$XArray@G@@@Z
DoneCIPerformanceData
?IsSameDrive@CDriveInfo@@QAEHPBG@Z
??0CDbNatLangRestriction@@QAE@PBGABVCDbColumnNode@@K@Z
SetupCacheEx
?FillMax@CKeyArray@@QAEHH@Z
?WritePropertyInNewRecord@CPropStoreManager@@QAEKKABVCStorageVariant@@@Z
?SkipLong@CMemDeSerStream@@UAEXXZ
?Read@CDynStream@@QAEKPAXK@Z
?SetProperty@CDbPropBaseRestriction@@QAEHABVCDbColumnNode@@@Z
?Map@CMmStreamConsecBuf@@QAEXK@Z
??0CDbColumnNode@@QAE@ABUtagDBID@@H@Z
?ReBuild@CPidRemapper@@QAEXABVCPidMapper@@@Z
?wcsipattern@@YGPAGPAGPBG@Z
??1CRestriction@@QAE@XZ
?_ftFile@CGlobalPropFileRefresher@@0U_FILETIME@@A
?My_wcstoui64@@YA_KPBGPAPAGH@Z
?Flush@CPropStoreManager@@QAEXXZ
?CheckHasIndexTable@CiStorage@@SGHPBG@Z
?ciDelete@@YGXPAX@Z
?UnMarshall@CDbColId@@QAEHAAVPDeSerStream@@@Z
?SetBSTR@CAllocStorageVariant@@QAEXPAGAAVPMemoryAllocator@@@Z
?SetR8@CStorageVariant@@QAEXNI@Z
?MinPageInUse@CPhysStorage@@QAEHAAK@Z
?Refresh@CDefColumnRegEntry@@QAEXH@Z
?StrLen@CKey@@QBEIXZ

unimdmat

UmLogStringA
UmDialModem
UmDeinitializeModemDriver
UmCloseModem
UmGetDiagnostics
UmInitializeModemDriver
UmSetSpeakerPhoneState
UmMonitorModem
UmLogDiagnostics
UmDuplicateDeviceHandle
UmHangupModem
UmWaveAction
UmAnswerModem
UmOpenModem
UmAbortCurrentModemCommand
UmIssueCommand
UmSetPassthroughMode
UmInitModem
UmGenerateDigit

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 347KB - Virtual size: 346KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 381KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0fc4d2b5f6351a1993245e80957520dc

Headers

DLL Characteristics

File Characteristics

Imports

secur32

sqlunirl

atl

ntdll

kernel32

ifsutil

msdart

query

unimdmat

Sections

.text Size: 136KB - Virtual size: 135KB

.rdata Size: 347KB - Virtual size: 346KB

.data Size: 381KB - Virtual size: 1.8MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 984B

.text
Size: 136KB - Virtual size: 135KB

.rdata
Size: 347KB - Virtual size: 346KB

.data
Size: 381KB - Virtual size: 1.8MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 984B