ac3a72d2a390945ab027c2ba0aa7f7d2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ac3a72d2a390945ab027c2ba0aa7f7d2_JaffaCakes118
Size

156KB
MD5

ac3a72d2a390945ab027c2ba0aa7f7d2
SHA1

ca4a80be40e85b808126b66437497d8f7f930f46
SHA256

bf00eada8236ced5202770fea332e4ff9226d6567383054121509d0454b7d5d7
SHA512

1180a3817b36bfe90633c1dee8fcd5bb5d9b05a6a18d84d2c72e8521d6c73b4280d7b6d84fd72031c0427011ba779a96a08f33bbbd3c07d73727ac6250375efa
SSDEEP

3072:ifa6HngXZBfh7KcTLt2EJyizNmd9qdIRfq1ukNbogKRH2EvJPvfp:ifaSng5muRwyNErRfq1ukNmRH2ExPvfp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac3a72d2a390945ab027c2ba0aa7f7d2_JaffaCakes118

Files

ac3a72d2a390945ab027c2ba0aa7f7d2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7b4b0ba1c351b9d343e1e96ccf5d5580

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcat
IsBadReadPtr
SetCriticalSectionSpinCount
UnlockFileEx
LoadLibraryA
ConvertDefaultLocale
HeapLock
ExpandEnvironmentStringsW
LocalFlags
GetConsoleAliasExesA
GetStringTypeExA
CreateDirectoryExW
ProcessIdToSessionId
GetFileAttributesExW
CancelIo
RegisterWaitForSingleObjectEx
DeactivateActCtx
GetEnvironmentStringsA
WriteFileGather
SearchPathW
CreateMutexW
ChangeTimerQueueTimer
FindFirstFileA
EnumUILanguagesA
HeapCompact
LoadResource
OpenProfileUserMapping
LocalReAlloc
SetUserGeoID
GetCommandLineW
SetTermsrvAppInstallMode
DosDateTimeToFileTime
GetCurrencyFormatA
GetNumaProcessorNode
VirtualAlloc
GetNumaAvailableMemoryNode
DeleteFileA
SetComputerNameA
GetExpandedNameA
SetLastError
OpenSemaphoreW
SetEvent
GetCurrentThread
LZOpenFileW
GetComPlusPackageInstallStatus
GlobalAlloc
UnregisterWait
CreateJobSet
FindNextFileA
GetNumaNodeProcessorMask
GetModuleHandleExW
HeapWalk
_lcreat
IsBadWritePtr
GetProfileSectionW
FreeLibrary
HeapUnlock
GetGeoInfoW
FindFirstChangeNotificationW
GetComputerNameA
QueueUserAPC
Toolhelp32ReadProcessMemory
GetHandleContext
GetBinaryType
CreateTapePartition
GetLogicalDriveStringsW
OpenWaitableTimerA
SetFileShortNameW
ResetEvent
CreateActCtxW
EnumCalendarInfoW

advapi32

CryptHashSessionKey
CryptSetKeyParam
ElfDeregisterEventSource
CreateProcessAsUserW
SaferSetPolicyInformation
QueryServiceConfigW
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetSecurityDescriptorSacl
WmiQueryAllDataMultipleA
CreatePrivateObjectSecurityEx
BuildExplicitAccessWithNameA
EqualPrefixSid
LsaCreateSecret
BackupEventLogW
RegLoadKeyW
AccessCheckAndAuditAlarmW
CreatePrivateObjectSecurity
GetEffectiveRightsFromAclA
MSChapSrvChangePassword
RegUnLoadKeyA
SetSecurityDescriptorControl
CloseCodeAuthzLevel
WmiQuerySingleInstanceA
CredDeleteA
CredMarshalCredentialW
CredGetTargetInfoA
BuildExplicitAccessWithNameW
ObjectOpenAuditAlarmA
SetEntriesInAccessListA
LsaEnumeratePrivileges
MD4Init
AddAccessDeniedAceEx
ChangeServiceConfigA
WmiQueryGuidInformation
AccessCheckByTypeResultListAndAuditAlarmA
RegConnectRegistryA
FlushTraceA
IsValidAcl
WmiQuerySingleInstanceW
ControlTraceW
CryptGetProvParam
EnumDependentServicesW
RegEnumValueA
SystemFunction006

oleaut32

CreateStdDispatch
VarUI8FromI1
VarCyFromStr
VarR8FromUI1
BSTR_UserUnmarshal
LPSAFEARRAY_UserUnmarshal
VarUI4FromDec
VarUI4FromUI2
VarUI2FromI8
VarBstrFromDec
VarI4FromUI1
VarDateFromUdate
GetAltMonthNames
GetErrorInfo
VarDecFromI2
VarDecNeg
VarBstrFromBool
QueryPathOfRegTypeLib
VarDecFromDate
VarI8FromR4
GetVarConversionLocaleSetting
VarCyMulI4
VarI2FromI4
SafeArrayAllocDescriptor
VarR8Round
SafeArrayLock
VarUI4FromR8
VarI8FromDisp
VarPow
VectorFromBstr
VarR4FromI1
BSTR_UserFree
VarR4FromR8
VarI4FromI1
CreateDispTypeInfo
VarDecAdd
BSTR_UserSize
VarDecFromI1
LPSAFEARRAY_Marshal
VarUI4FromUI1
VarUI4FromI1

duser

GetStdColorPenF
DUserDeleteGadget
DUserCastClass
PeekMessageExW
GetGadgetFocus
IsInsideContext
DUserGetGutsData
UnregisterGadgetMessageString
GetGadgetStyle
DUserRegisterSuper
UnregisterGadgetProperty
SetGadgetOrder
RegisterGadgetProperty
InitGadgets
SetGadgetStyle
DUserSendMethod
GetStdColorI
GetStdColorF
GetGadgetCenterPoint
ForwardGadgetMessage
DUserFindClass
CreateGadget
CreateAction
PeekMessageExA
GetGadgetSize
GetMessageExA
GetMessageExW
GetGadget
SetActionTimeslice

rasman

RasDeviceConnect
RasStartRasAutoIfRequired
RasGetDialParams
RasRpcDisconnect
RasRpcDeleteEntry
RasInitialize
RasEnumLanNets
RasPortEnumProtocols
RasFreeBuffer
RasRpcPortGetInfo
RasDeviceEnum
RasCompressionGetInfo
RasGetCalledIdInfo
RasSecurityDialogGetInfo
RasSetKey
RasPortClearStatistics
RasRegisterPnPHandler
RasPortReceiveEx
RasGetDeviceName
RasPortRetrieveUserData
RasRpcPortEnum
RasGetConnectInfo
RasReferenceCustomCount
RasRpcGetUserPreferences
IsRasmanProcess

ir50_qcx

CompressFramesInfo
CompressQuery
AllocInstanceData
SetScalability
DllMain
CompressBegin
CompressEnd
FreeInstanceData
Compress
SetCPUID

Sections

.text
Size: 58KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b4b0ba1c351b9d343e1e96ccf5d5580

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

oleaut32

duser

rasman

ir50_qcx

Sections

.text Size: 58KB - Virtual size: 60KB

.rdata Size: 62KB - Virtual size: 64KB

.data Size: 512B - Virtual size: 192KB

.rsrc Size: 35KB - Virtual size: 36KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 58KB - Virtual size: 60KB

.rdata
Size: 62KB - Virtual size: 64KB

.data
Size: 512B - Virtual size: 192KB

.rsrc
Size: 35KB - Virtual size: 36KB

.reloc
Size: 1024B - Virtual size: 4KB