a545b1ededbc220293fa2b6f877eb1fe_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a545b1ededbc220293fa2b6f877eb1fe_JaffaCakes118
Size

101KB
MD5

a545b1ededbc220293fa2b6f877eb1fe
SHA1

e0cd61ff1d9172d5a579aaea2d97d4a8eb8a9954
SHA256

b176291a508dfb6b50649b82d02f485087ccf6d6602d6cf907bd2e9eb379b7fa
SHA512

cabf6769e246ccb9a540b837ed6f6d80aac254fb27cfa24eb9989f9b80f77f3e821c46d5578e788c703bb73805525fd017cd7cb6db5a94fe1c60314cfb46b00b
SSDEEP

1536:YS/CsMmotHfGuyqYEaCE81pSGgSGMFu5/jcA/TBN/Bs2hi7adMpUpYfp:Ylmo9fgsaCoTdH3hikMpoYfp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a545b1ededbc220293fa2b6f877eb1fe_JaffaCakes118

Files

a545b1ededbc220293fa2b6f877eb1fe_JaffaCakes118
.exe windows:1 windows x86 arch:x86

851a5690d1dc77adb10f92b20fb0dcb4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHRegWriteUSValueW
SHRegWriteUSValueA
StrCmpW
PathRemoveFileSpecW
PathAddExtensionW
SHEnumKeyExW
SHOpenRegStreamW
ChrCmpIA
StrCatChainW
SHIsLowMemoryMachine
SHCreateShellPalette
PathGetDriveNumberW
PathUnmakeSystemFolderA
StrCSpnIA
UrlApplySchemeW
PathFindExtensionA
PathSetDlgItemPathW
PathIsRootW
SHDeleteKeyW
StrCmpIW
PathIsUNCServerW
PathIsFileSpecA
SHRegOpenUSKeyA
UrlIsNoHistoryA
PathFileExistsW
PathUndecorateA
StrToIntExW
StrRetToBSTR
PathIsDirectoryA
StrSpnW
UrlUnescapeW
StrFromTimeIntervalW
StrChrNW
StrRChrIW
SHRegisterValidateTemplate
PathMakePrettyA
PathSearchAndQualifyW
StrCSpnIW
ChrCmpIW
SHSetThreadRef
StrIsIntlEqualA
UrlHashW
StrCatBuffA
PathFindExtensionW
PathIsLFNFileSpecW

netapi32

I_NetServerSetServiceBits
I_NetLogonUasLogoff
NetDfsSetClientInfo
NetDfsMove
NetReplExportDirEnum
NetDfsGetClientInfo
NetShareEnum
NetServiceGetInfo
NetScheduleJobAdd
NetUserDel
NetServerComputerNameAdd
NlBindingSetAuthInfo
NetpDbgPrint
I_BrowserResetStatistics
NetMessageNameAdd
NetUseEnum
NetLogonGetTimeServiceParentDomain
NetDfsAddStdRootForced
NetAlertRaiseEx
NetpGetFileSecurity
NetServiceInstall
I_BrowserDebugCall
NetConfigGetAll
NetServerEnumEx
NetpAddTlnFtinfoEntry
NetUseAdd
DsAddressToSiteNamesExW
DsAddressToSiteNamesA
Netbios
I_NetServerAuthenticate2
NetLocalGroupEnum
NetAddAlternateComputerName
NetUserChangePassword
RxNetAccessAdd
NetApiBufferReallocate
I_NetLogonControl2
NetBrowserStatisticsGet
NetWkstaTransportEnum
NetShareAdd
NetShareDel
I_NetLogonSamLogoff

wldap32

ldap_count_entries
ldap_search_stW
ber_skip_tag
ldap_stop_tls_s
ldap_err2stringA
ldap_modrdnW
ldap_compareW
ldap_conn_from_msg
ldap_modrdn2
ldap_search_ext
ldap_search_ext_sA
ldap_create_sort_controlA
ldap_bind_sW
ldap_addA
ldap_next_attributeW
ber_scanf
ldap_startup
ldap_modrdn2W
ldap_rename_ext_sA
ldap_bindA
ldap_delete_s
ldap_next_attributeA
ldap_parse_referenceW
ldap_count_values_len
ber_bvfree
ldap_get_dnA

msdart

?_LockSpin@CSpinLock@@AAEXXZ
?RemoveHead@CDoubleList@@QAEQAVCListEntry@@XZ
??0CSmallSpinLock@@QAE@XZ
??4CLKRHashTableStats@@QAEAAV0@ABV0@@Z
?_H1@CLKRLinearHashTable@@CGKKK@Z
??0CCritSec@@QAE@XZ
MpHeapAlloc
?IsWriteUnlocked@CReaderWriterLock3@@QBE_NXZ
?CreateHolder@@YGJPAUIGPDispenser@@HIPAPAUIGPHolder@@@Z
?sm_wDefaultSpinCount@CReaderWriterLock@@1GA
?IsReadLocked@CLKRLinearHashTable@@QBE_NXZ
MpHeapCreate
MPInitializeCriticalSectionAndSpinCount
?ReadUnlock@CCritSec@@QAEXXZ
?TryReadLock@CFakeLock@@QAE_NXZ
MPCSInitialize
?_TryReadLock@CReaderWriterLock3@@AAE_NXZ
?IsReadLocked@CLKRHashTable@@QBE_NXZ
?ReadUnlock@CReaderWriterLock3@@QAEXXZ
?ReadUnlock@CLKRLinearHashTable@@QBEXXZ
?_WriteLockSpin@CReaderWriterLock3@@AAEXXZ
?SetDefaultSpinCount@CReaderWriterLock3@@SGXG@Z
?IsWin98orLater@CMdVersionInfo@@SAHXZ
?IsValid@CLKRHashTable@@QBE_NXZ
?_ReadLockSpin@CReaderWriterLock2@@AAEXXZ
?IsWriteLocked@CReaderWriterLock2@@QBE_NXZ
?SetSpinCount@CSmallSpinLock@@QAE_NG@Z
?TryWriteLock@CReaderWriterLock3@@QAE_NXZ
?_SubTable@CLKRHashTable@@ABEPAVCLKRLinearHashTable@@K@Z
?GetStatistics@CLKRHashTable@@QBE?AVCLKRHashTableStats@@XZ
?_BucketAddress@CLKRLinearHashTable@@ABEKK@Z
??0CFakeLock@@QAE@XZ
?ReadLock@CReaderWriterLock2@@QAEXXZ
?SetSpinCount@CReaderWriterLock3@@QAE_NG@Z
??4CLockedSingleList@@QAEAAV0@ABV0@@Z
?_ReadLockSpin@CReaderWriterLock3@@AAEXW4SPIN_TYPE@1@@Z
?_DeleteIf@CLKRLinearHashTable@@AAEKP6G?AW4LK_PREDICATE@@PBXPAX@Z1AAW42@@Z
?IsUnlocked@CLockedDoubleList@@QBE_NXZ
?SetDefaultSpinCount@CSpinLock@@SGXG@Z
?GetDefaultSpinAdjustmentFactor@CReaderWriterLock3@@SGNXZ
?RemoveTail@CDoubleList@@QAEQAVCListEntry@@XZ
MpHeapReAlloc
?DeleteKey@CLKRHashTable@@QAE?AW4LK_RETCODE@@K@Z
?IsWinNt4orLater@CMdVersionInfo@@SAHXZ

kernel32

FindFirstVolumeMountPointA
FillConsoleOutputCharacterA
ExpungeConsoleCommandHistoryA
HeapDestroy
GetLogicalDriveStringsW
VirtualAlloc
CreateSocketHandle
DeleteVolumeMountPointW
LoadLibraryExA
SetConsoleCursorPosition
GetCompressedFileSizeW
SetUnhandledExceptionFilter
FileTimeToSystemTime
GetACP
GetSystemDirectoryW
GetCurrentThread
FindResourceA
LZCreateFileW
GetShortPathNameA
GetVolumePathNamesForVolumeNameA
LocalAlloc
LocalUnlock
DeleteFileA
HeapWalk
TransmitCommChar
CreateMailslotA
GetShortPathNameW
DosPathToSessionPathA
GetModuleHandleW
GetHandleInformation
OpenProfileUserMapping
ReadConsoleOutputCharacterW
LoadLibraryA

dhcpsapi

DhcpScanDatabase
DhcpRemoveSubnetElement
DhcpServerQueryAttributes
DhcpGetAllOptions
DhcpEnumSubnetClients
DhcpCreateOptionV5
DhcpGetServerBindingInfo
DhcpServerBackupDatabase
DhcpEnumClasses
DhcpSetThreadOptions
DhcpGetClassInfo
DhcpDeleteClientInfo
DhcpEnumSubnetElementsV4
DhcpSetSubnetInfo
DhcpGetThreadOptions
DhcpEnumMScopes
DhcpGetOptionInfo
DhcpSetServerBindingInfo
DhcpSetClientInfo
DhcpGetAllOptionValues
DhcpDeleteSubnet
DhcpEnumOptions
DhcpGetOptionInfoV5
DhcpAddSubnetElement
DhcpEnumOptionValuesV5
DhcpDsCleanup
DhcpGetClientInfo
DhcpDeleteSuperScopeV4
DhcpServerRedoAuthorization
DhcpDeleteServer
DhcpGetVersion
DhcpModifyClass
DhcpCreateOption
DhcpScanMDatabase
DhcpEnumSubnetElements

winmm

waveInGetDevCapsW
waveOutReset
NotifyCallbackData
waveInGetPosition
mmioSetBuffer
auxOutMessage
joyGetDevCapsA
WOWAppExit
mmioSetInfo
waveInGetDevCapsA
auxGetDevCapsA
PlaySoundA
SendDriverMessage
mixerGetDevCapsA
mmGetCurrentTask
joy32Message
mixerGetLineInfoA
midiOutUnprepareHeader
midiOutGetErrorTextA
mciGetDeviceIDFromElementIDW
mmioRead
midiOutGetVolume
mciSetDriverData
joyGetDevCapsW
mmDrvInstall
auxSetVolume
waveOutUnprepareHeader
midiOutReset
waveOutSetPitch
WOW32DriverCallback
mmioOpenA
mciSendCommandW
midiOutCacheDrumPatches
midiOutShortMsg
mmioCreateChunk
midiStreamStop
midiOutGetDevCapsA
PlaySound
mixerOpen

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

851a5690d1dc77adb10f92b20fb0dcb4

Headers

File Characteristics

Imports

shlwapi

netapi32

wldap32

msdart

kernel32

dhcpsapi

winmm

Sections

.text Size: 41KB - Virtual size: 41KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 34KB - Virtual size: 166KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 880B

.text
Size: 41KB - Virtual size: 41KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 34KB - Virtual size: 166KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 880B