a73e5bee6cad61c3e4a10eb461b7f06c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a73e5bee6cad61c3e4a10eb461b7f06c_JaffaCakes118
Size

57KB
MD5

a73e5bee6cad61c3e4a10eb461b7f06c
SHA1

36db67777c7a10ba9cbfa51af5d0c95613eda22c
SHA256

4c3fd110724a6dae9f766e3f8f54556efa5d59ee7ec60ea001dbf6524840a471
SHA512

d89793f2ae126809497f384c726b2eede01cf7a9fb5b087886d934b7a6271381eb975142ed008ee29403e3d2eb70bfd76a5d9f8b6d896117123c2e0697df3f95
SSDEEP

1536:5/kORUh5EkWtPgHx2fGAR1fgBnLyakncCiHqIqzbFpsbT1pH:5jR1kEPgHKgQuqfFp8pH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a73e5bee6cad61c3e4a10eb461b7f06c_JaffaCakes118

Files

a73e5bee6cad61c3e4a10eb461b7f06c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

49096fd0851a8373f83a5ac327beab2f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

utildll

NetBIOSDeviceEnumerate
FormDecoratedAsyncDeviceName
CalculateDiffTime
ConfigureModem
StandardErrorMessage
CompareElapsedTime
GetUnknownString
StrConnectState
WinEnumerateDevices
QueryCurrentWinStation
RegGetNetworkDeviceName
ElapsedTimeString
TestUserForAdmin
CurrentDateTimeString
GetAssociatedPortName
DateTimeString
CtxGetAnyDCName
EnumerateMultiUserServers
StrSdClass
StrAsyncConnectState
InstallModem

rasman

RasProtocolEnum
RasSetDialParams
RasPortClose
RasPortDisconnect
RasStartRasAutoIfRequired
RasGetDeviceConfigInfo
RasRpcDeleteEntry
RasPortGetProtocolCompression
RasGetDevConfig
RasReferenceCustomCount
RasPortSetInfo
RasDoIke
RasRpcSetUserPreferences
RasRpcUnloadDll
RasSetConnectionParams
RasBundleGetStatisticsEx
RasGetInfoEx
RasRpcDeviceEnum
RasBundleClearStatisticsEx
RasRpcRemoteGetSystemDirectory
RasGetTimeSinceLastActivity
RasPortEnumProtocols
RasPortReceiveEx
RasRpcGetCountryInfo
RasGetProtocolInfo
RasPortClearStatistics
RasConnectionGetStatistics
RasGetDeviceName
RasGetUserCredentials
RasLinkGetStatistics
RasServerPortClose
RasBundleGetStatistics
RasRegisterPnPHandler
RasEnumLanNets
RasPortGetStatisticsEx
RasGetEapUserInfo
RasGetCalledIdInfo
RasGetDialParams
RasSetDevConfig
RasGetInfo
RasGetConnectionParams
RasEnableIpSec
RasSecurityDialogGetInfo
RasGetConnectionUserData
RasSetConnectionUserData
RasEnumConnectionPorts
RasAddConnectionPort
RasmanUninitialize
RasGetFramingCapabilities
RasDeviceConnect
RasPortOpenEx
RasPortReceive
RasPortSetProtocolCompression
RasRpcEnumConnections
RasGetNumPortOpen
RasFindPrerequisiteEntry
RasRpcGetUserPreferences
RasGetNdiswanDriverCaps

oleaut32

VarMod
VarDecCmp
VectorFromBstr
SetVarConversionLocaleSetting
VarDecFromDate
VarUI4FromCy
SysAllocString
GetAltMonthNames
VarSub
VarI2FromI1
VarCyFromStr
OaBuildVersion
DosDateTimeToVariantTime
VarBoolFromDate
VarUI2FromDec
OACreateTypeLib2
VarUI1FromUI8
VarI2FromUI8
VarR4FromUI4
VARIANT_UserMarshal
VarBstrFromUI4
VarCyRound
SafeArrayGetUBound
VarFormatDateTime
SysStringLen

kernel32

DebugActiveProcessStop
SetFirmwareEnvironmentVariableW
LockFile
WritePrivateProfileStringA
SetProcessPriorityBoost
Thread32First
VirtualAlloc
ReleaseSemaphore
TlsFree
GetNamedPipeHandleStateW
GetThreadPriorityBoost
RegisterConsoleIME
FindFirstFileExW
GetLocaleInfoW
CreateProcessW
GetFirmwareEnvironmentVariableA
SetEnvironmentVariableW
HeapCreate
TlsAlloc
SetConsoleOS2OemFormat
_lclose
LoadLibraryA
SetWaitableTimer

untfs

?ResetIterator@NTFS_INDEX_TREE@@QAEXXZ
??1NTFS_BITMAP@@UAE@XZ
?QueryFlags@NTFS_MFT_INFO@@SGEPAXG@Z
?Initialize@NTFS_BAD_CLUSTER_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?Write@NTFS_FRS_STRUCTURE@@QAEEXZ
??1NTFS_FRS_STRUCTURE@@UAE@XZ
?NtfsUpcaseCompare@@YGJPBGK0KPBVNTFS_UPCASE_TABLE@@E@Z
Format
??1NTFS_LOG_FILE@@UAE@XZ
?QueryLcnFromVcn@NTFS_EXTENT_LIST@@QBEEVBIG_INT@@PAV2@1@Z
??1NTFS_ATTRIBUTE_RECORD@@UAE@XZ
?Create@NTFS_FILE_RECORD_SEGMENT@@QAEEPBU_STANDARD_INFORMATION@@G@Z
?Read@NTFS_ATTRIBUTE@@QAEEPAXVBIG_INT@@KPAK@Z
??1NTFS_BAD_CLUSTER_FILE@@UAE@XZ
?Write@NTFS_BITMAP@@QAEEPAVNTFS_ATTRIBUTE@@PAV1@@Z
?QueryDefaultClustersPerIndexBuffer@NTFS_SA@@SGKPBVDP_DRIVE@@K@Z
??1NTFS_FILE_RECORD_SEGMENT@@UAE@XZ
?ReadNext@NTFS_FRS_STRUCTURE@@QAEEVBIG_INT@@@Z
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEXZ
?Initialize@NTFS_EXTENT_LIST@@QAEEVBIG_INT@@0@Z
?Initialize@NTFS_UPCASE_TABLE@@QAEEPAVNTFS_ATTRIBUTE@@@Z
?ComputeDupInfoSignature@NTFS_MFT_INFO@@CGXPAU_DUPLICATED_INFORMATION@@QAE@Z

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

49096fd0851a8373f83a5ac327beab2f

Headers

DLL Characteristics

File Characteristics

Imports

utildll

rasman

oleaut32

kernel32

untfs

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 17KB - Virtual size: 82KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 204B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 17KB - Virtual size: 82KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 204B