a97fd4f0e6a8f5e1fe6c30d76cd0393e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a97fd4f0e6a8f5e1fe6c30d76cd0393e_JaffaCakes118
Size

822KB
MD5

a97fd4f0e6a8f5e1fe6c30d76cd0393e
SHA1

0f9cff70c49d18423ecc8f2d5287983eed55e652
SHA256

5853d7dd1566e19c46d36069aaca5f6feb6889dbfcefbb0e0819ed38d31fa90d
SHA512

4fb93bc5c3dacd43e2522f2a5981b2b74e18edc6e9e0f53fbdada9e6c6f529c0505d89e81a7607a010047720f34648603423884d2c6952eb166f57dab675376b
SSDEEP

12288:3vuKVXI0sGWO85v3bzVGcWwsn/zGufVneJBcTLkQnpuzT6sbHX6NE+bElOtwm8b:3HUJ3bJ3nS/jVne3cTLz2+sb3YEl/m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a97fd4f0e6a8f5e1fe6c30d76cd0393e_JaffaCakes118

Files

a97fd4f0e6a8f5e1fe6c30d76cd0393e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4459036be3e33b5594b7ff285940b1e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winsta

WinStationSetPoolCount
WinStationGetTermSrvCountersValue
_WinStationUpdateUserConfig
WinStationFreeGAPMemory
WinStationFreeMemory
WinStationGetProcessSid
WinStationRemoveLicense
ServerLicensingGetPolicyInformationA
ServerLicensingGetPolicyInformationW
WinStationQueryInformationA
WinStationSendMessageA
WinStationEnumerateProcesses
_WinStationBeepOpen
WinStationWaitSystemEvent
_WinStationWaitForConnect
_WinStationFUSCanRemoteUserDisconnect
WinStationRegisterConsoleNotification
ServerLicensingDeactivateCurrentPolicy
WinStationEnumerate_IndexedW
WinStationQueryInformationW
ServerQueryInetConnectorInformationA
WinStationEnumerateA
WinStationGetLanAdapterNameA
WinStationVirtualOpen
WinStationGetAllProcesses
WinStationActivateLicense
ServerLicensingGetPolicy
WinStationTerminateProcess

user32

SendIMEMessageExA
PostMessageW
RegisterClipboardFormatA
ImpersonateDdeClientWindow
HiliteMenuItem
GetScrollBarInfo
TileChildWindows
RegisterClipboardFormatW
DefFrameProcW
GetClientRect
GetCapture
EnableScrollBar
RegisterClassW
SetForegroundWindow
DlgDirListComboBoxA
DefMDIChildProcA
UnlockWindowStation
GetWindowRgn
IsMenu
WINNLSGetIMEHotkey
UnloadKeyboardLayout
EnumDisplaySettingsW
LoadMenuW
RegisterUserApiHook
FillRect
EnumWindows
GetAltTabInfoW
EndDialog
DialogBoxParamA
LookupIconIdFromDirectoryEx
ArrangeIconicWindows
WindowFromDC
UnpackDDElParam
GetClipboardOwner
GetRawInputDeviceInfoA
PrivateExtractIconExW
CharLowerA
GetInputState
CreateCursor
DdeGetLastError
DlgDirListComboBoxW
SystemParametersInfoA
SetLayeredWindowAttributes
GetKeyboardLayout
GetDC
GetAncestor
SystemParametersInfoW
FreeDDElParam
InvertRect
EnumDesktopsW
ClipCursor
AnyPopup
DestroyWindow
ScreenToClient
RemovePropW
SetRect

msdart

?First@CLockedDoubleList@@QAEQAVCListEntry@@XZ
?ReadOrWriteLock@CFakeLock@@QAE_NXZ
?WriteUnlock@CReaderWriterLock@@QAEXXZ
?DeleteIf@CLKRHashTable@@QAEKP6G?AW4LK_PREDICATE@@PBXPAX@Z1@Z
??4CSmallSpinLock@@QAEAAV0@ABV0@@Z
?ValidSignature@CLKRLinearHashTable@@QBE_NXZ
?IsWriteUnlocked@CCritSec@@QBE_NXZ
?IsWinNT4@CMdVersionInfo@@SAHXZ
?Unlock@CLockedDoubleList@@QAEXXZ
?_CmpExch@CReaderWriterLock@@AAE_NJJ@Z
?GetDefaultSpinAdjustmentFactor@CReaderWriterLock3@@SGNXZ
?IsReadLocked@CLKRHashTable@@QBE_NXZ
?ReadLock@CReaderWriterLock2@@QAEXXZ
??0CLockedDoubleList@@QAE@XZ
?WriteUnlock@CSpinLock@@QAEXXZ
?sm_dblDfltSpinAdjFctr@CReaderWriterLock@@1NA
?_TryReadLock@CReaderWriterLock@@AAE_NXZ
?IsWriteLocked@CReaderWriterLock3@@QBE_NXZ
?_LockSpin@CReaderWriterLock@@AAEX_N@Z
?ConvertSharedToExclusive@CReaderWriterLock@@QAEXXZ
MpHeapAlloc
?IsWriteUnlocked@CReaderWriterLock@@QBE_NXZ
?IsWriteUnlocked@CFakeLock@@QBE_NXZ
?_TryLock@CSpinLock@@AAE_NXZ
?GetDefaultSpinCount@CReaderWriterLock@@SGGXZ
??4CSpinLock@@QAEAAV0@ABV0@@Z
?sm_lpOSVERSIONINFO@CMdVersionInfo@@0PAU_OSVERSIONINFOW@@A
?IsWriteUnlocked@CSpinLock@@QBE_NXZ
?CreateHolder@@YGJPAUIGPDispenser@@HIPAPAUIGPHolder@@@Z
?ReadLock@CLKRLinearHashTable@@QBEXXZ
?_ReadLockSpin@CReaderWriterLock@@AAEXXZ

comctl32

CreatePropertySheetPageA
ImageList_DrawEx
ImageList_SetOverlayImage
InitCommonControlsEx
ImageList_DragLeave
CreatePropertySheetPage
ImageList_Duplicate
ImageList_GetFlags
CreateStatusWindowA
DrawInsert
ImageList_DrawIndirect
UninitializeFlatSB
FlatSB_GetScrollInfo
InitCommonControls
ShowHideMenuCtl
ImageList_Read
ImageList_GetIcon
ImageList_GetBkColor
FlatSB_GetScrollRange
ImageList_SetFilter
ImageList_Destroy
ImageList_EndDrag
CreateMappedBitmap
InitMUILanguage
DrawStatusTextW
ImageList_DragMove
ImageList_GetImageInfo
DestroyPropertySheetPage
ImageList_Replace
PropertySheetW
FlatSB_SetScrollRange
DllGetVersion
GetMUILanguage
ImageList_LoadImageW

ntdll

strcpy
ZwCreatePort
NtAccessCheckByType
RtlLargeIntegerSubtract
NtResumeThread
ZwAccessCheckAndAuditAlarm
RtlAllocateAndInitializeSid
NtCreateSection
RtlUpperString
RtlQueryHeapInformation
NtQueryObject
RtlGetSetBootStatusData
ZwReplyWaitReceivePortEx
ZwCreatePagingFile
NtOpenSymbolicLinkObject
NtQuerySecurityObject
RtlInterlockedFlushSList
RtlMakeSelfRelativeSD
ZwTerminateProcess
RtlActivateActivationContext
NtQueryEvent
ZwSetInformationThread
ZwExtendSection
wcschr
NtInitiatePowerAction
ZwSystemDebugControl
_ltow
ZwOpenTimer
ZwCompactKeys
RtlCopySid
NtFindAtom
vDbgPrintExWithPrefix
RtlCaptureStackBackTrace
RtlCreateTagHeap

kernel32

GetFileInformationByHandle
FlushFileBuffers
GetModuleHandleA
SetHandleCount
GetTapeStatus
WTSGetActiveConsoleSessionId
UpdateResourceW
SetFileShortNameW
DeviceIoControl
WaitNamedPipeW
DeleteCriticalSection
SetProcessPriorityBoost
HeapSummary
TzSpecificLocalTimeToSystemTime
LocalShrink
WaitCommEvent
Module32First
SetConsoleTextAttribute
AddConsoleAliasA
GetPrivateProfileStringA
SetVolumeMountPointA
WritePrivateProfileStructA
WriteFileGather
GetPrivateProfileSectionNamesW
CreateTimerQueue
DefineDosDeviceA
SetUserGeoID
LoadLibraryA
GetDiskFreeSpaceA
GetNamedPipeHandleStateW
GetCurrentConsoleFont
GetPrivateProfileIntW
LockFile
FindActCtxSectionStringA
FindActCtxSectionStringW
WriteConsoleOutputCharacterW
QueryPerformanceCounter
EnumCalendarInfoA
DelayLoadFailureHook
SetConsoleCursor
LZDone
VirtualAlloc
GetCurrentDirectoryA

expsrv

__vbaFpCmpCy
EbIsProjectOnStack
rtcTan
__vbaCyAdd
__vbaCyMulI2
rtcIPMT
__vbaStrCy
_adj_fdivr_m16i
__vbaStrCmp
rtcIRR
__vbaVarTstLe
__vbaEnd
rtcSaveSetting
EbResetProjectNormal
__vbaVarLateMemCallSt
rtcGetMonthOfYear
__vbaLateMemSt
rtcMidCharVar
PutMemStr
rtcCommandVar
rtcGetTimeValue
rtcFileAttributes
__vbaI2Cy
_CIcos
__vbaAryDestruct
rtcGetDayOfWeek
rtcStringBstr
__vbaStrToUnicode
__vbaNextEachCollVar
__vbaVarAbs
__vbaVarTstEq

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 189KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 604KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4459036be3e33b5594b7ff285940b1e0

Headers

DLL Characteristics

File Characteristics

Imports

winsta

user32

msdart

comctl32

ntdll

kernel32

expsrv

Sections

.text Size: 21KB - Virtual size: 20KB

.rdata Size: 189KB - Virtual size: 188KB

.data Size: 604KB - Virtual size: 1.9MB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 236B

.text
Size: 21KB - Virtual size: 20KB

.rdata
Size: 189KB - Virtual size: 188KB

.data
Size: 604KB - Virtual size: 1.9MB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 236B