a83faec7f05a2ebd137de8a7b9e10630_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a83faec7f05a2ebd137de8a7b9e10630_JaffaCakes118
Size

58KB
MD5

a83faec7f05a2ebd137de8a7b9e10630
SHA1

9836c259f1815a90022ed1dea878d14a7491c769
SHA256

1aec1d791f90faac32b4193ea122981809414c4b26543338bffdc0052d1e5045
SHA512

676136c2ee49993b83a2c36b97b4a43d949b5187a1f3b0324797b09614acd2379f04024f73ef278e953d9b63b9040abfb2ea55c1bae85c3c3de8466bef7235f7
SSDEEP

1536:VnsTeb0ZfOw5b2WD6cyQjUueYqySxAY4e7pm7:VnqVROw5bhWcyQjUgqy97

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a83faec7f05a2ebd137de8a7b9e10630_JaffaCakes118

Files

a83faec7f05a2ebd137de8a7b9e10630_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ecd086ac50cd7b23482954c13f8217a0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

_strlwr
NtSetSystemEnvironmentValue
ZwQueryObject
RtlValidateHeap
RtlLookupAtomInAtomTable
RtlIntegerToChar
RtlDeleteTimerQueue
RtlSecondsSince1970ToTime
RtlComputeCrc32
NtDeleteObjectAuditAlarm
ZwLockRegistryKey
memcmp
NtOpenSymbolicLinkObject
RtlSetInformationAcl
DbgQueryDebugFilterState
RtlCopySid
_strnicmp
DbgUserBreakPoint
NtDuplicateToken
RtlAllocateHeap
NtCloseObjectAuditAlarm
ZwCreateMailslotFile
ZwInitializeRegistry
ZwResetWriteWatch
NtWaitLowEventPair
ZwNotifyChangeMultipleKeys
RtlSetUserFlagsHeap
NtOpenThreadToken

crypt32

I_CryptUninstallOssGlobal
CertAddStoreToCollection
CryptUnregisterDefaultOIDFunction
CertRegisterPhysicalStore
CertCreateContext
CryptMsgVerifyCountersignatureEncodedEx
RegQueryValueExU
CryptRegisterOIDInfo
CryptMsgCountersignEncoded
CertCreateCTLEntryFromCertificateContextProperties
CertOpenSystemStoreA
CertCompareCertificate
CreateFileU
CryptVerifyCertificateSignatureEx
CertGetCTLContextProperty
CertFindCertificateInStore
CertAddSerializedElementToStore
CertFindAttribute
CertAddCertificateContextToStore
PFXImportCertStore
CertGetSubjectCertificateFromStore
CertFindRDNAttr
CryptSetOIDFunctionValue
I_CryptAllocTls
CryptBinaryToStringW

query

?AllocHeapAndCopy@@YGPAGPBGAAK@Z
??1?$XPtr@VCDbProjectListElement@@@@QAE@XZ
?GetDWORDParam@CMachineAdmin@@QAEHPBGAAK@Z
??1?$XPtr@VCDbProjectListAnchor@@@@QAE@XZ
?GetColumn@CCatState@@QBEPBGI@Z
?CheckHasIndexTable@CiStorage@@SGHPBG@Z
?GetPropInfo@CEmptyPropertyList@@QAEHPBGPAPAVCDbColId@@PAGPAI@Z
?NameToReal@CPidRemapper@@QAEKPBVCFullPropSpec@@@Z
??0CPhysStorage@@IAE@AAVPStorage@@AAVPStorageObject@@KPAVPMmStream@@W4EOpenMode@1@HIH@Z
?GetStringFromLCID@@YGXKPAG@Z
?Skip@CEnumWorkid@@UAGJK@Z
?AddScope@CCatalogAdmin@@QAEXPBG0H00@Z
?InitializeForRead@CDynStream@@QAEXXZ
?UnMarshallTree@CDbCmdTreeNode@@SGPAV1@AAVPDeSerStream@@@Z
SetCatalogState
?ValidateScopeRestriction@@YGHPAVCRestriction@@@Z
?GetStorage@CPropStoreManager@@QAEAAVPStorage@@K@Z
?GetR8@CAllocStorageVariant@@QBENI@Z
?AddArg@CFwEventItem@@QAEXPBG@Z
??0CCategorizationSet@@QAE@I@Z
??1CWordRestriction@@QAE@XZ
??0CDbContentRestriction@@QAE@PBGABVCDbColumnNode@@KK@Z
??0CDbColumns@@QAE@I@Z
??0CException@@QAE@XZ
?IsPaused@CCatalogAdmin@@QAEHXZ
?Open@COLEPropManager@@QAEHABVCFunnyPath@@@Z

kernel32

lstrcat
GetSystemTimeAsFileTime
BackupRead
VirtualAlloc
ExitProcess
SetConsoleTitleA
GetConsoleCommandHistoryLengthA
ExitThread
GetAtomNameW
WTSGetActiveConsoleSessionId
ReadFileScatter
MapUserPhysicalPagesScatter
GetConsoleAliasExesW
GetCPInfo
GetStartupInfoA
FindFirstVolumeW
GetLogicalDriveStringsA
FlushViewOfFile
LoadLibraryA
DebugBreak
HeapCreate
IsWow64Process
GetPrivateProfileSectionW
LZOpenFileW

winmm

mciGetDeviceIDW
SendDriverMessage
midiInStart
mmsystemGetVersion
midiInGetNumDevs
waveInGetDevCapsW
mod32Message
midiInPrepareHeader
midiOutOpen
mciSetYieldProc
midiInClose
mixerGetControlDetailsW
mmioRenameA
waveInUnprepareHeader
joyGetDevCapsA
mmioOpenW
mmGetCurrentTask
mciSendCommandW
joyGetNumDevs
waveOutSetVolume
sndPlaySoundW
mmioInstallIOProcA
waveOutOpen
mciGetDeviceIDFromElementIDA

mfcsubs

?Format@CString@@QAAXIZZ
?ElementAt@CStringArray@@QAEAAVCString@@H@Z
??H@YG?AVCString@@PBGABV0@@Z
??M@YG_NPBGABVCString@@@Z
??_7CMapStringToPtr@@6B@
?GetData@CString@@IBEPAUCStringData@@XZ
??1CMapStringToPtr@@UAE@XZ
??H@YG?AVCString@@ABV0@PBG@Z
?IsEmpty@CString@@QBEHXZ
??ACStringArray@@QAEAAVCString@@H@Z
??1CObject@@UAE@XZ
?MakeLower@CString@@QAEXXZ
?GetUpperBound@CStringArray@@QBEHXZ
??4CString@@QAEABV0@PBE@Z
??1CCriticalSection@@UAE@XZ
??O@YG_NABVCString@@PBG@Z
?GetSize@CStringArray@@QBEHXZ
?Release@CString@@KGXPAUCStringData@@@Z
??0CSyncObject@@QAE@PBG@Z
?InsertAt@CStringArray@@QAEXHPBGH@Z
?GetBuffer@CString@@QAEPAGH@Z
?TrimRight@CString@@QAEXXZ
?GetAt@CStringArray@@QBE?AVCString@@H@Z
?LookupKey@CMapStringToPtr@@QBEHPBGAAPBG@Z
?SpanIncluding@CString@@QBE?AV1@PBG@Z
??9@YG_NPBGABVCString@@@Z
?AllocBuffer@CString@@IAEXH@Z
??M@YG_NABVCString@@PBG@Z
??4CString@@QAEABV0@PBG@Z

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ecd086ac50cd7b23482954c13f8217a0

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

crypt32

query

kernel32

winmm

mfcsubs

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 17KB - Virtual size: 109KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 212B

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 17KB - Virtual size: 109KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 212B