b145eee093356e692f3b79059284f302_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b145eee093356e692f3b79059284f302_JaffaCakes118
Size

43KB
MD5

b145eee093356e692f3b79059284f302
SHA1

500c4da910d5b484b6ede2ac0e27ec6527d1fdc8
SHA256

c9e30b9d8eaf7b689dd27e262327dda653ff68308e5cabd57c0f02b56e8e7417
SHA512

6a9fe3fd0e822e0316873767a1dd7b373099fa79c8aa9b1c15d74a47e6d5d277398d666b113eede9f160653e9087764c8826011bcb4dd5d514a646d08c961a98
SSDEEP

768:tlmniEwMxZhNQruAbqOictJq+nQLnYOXzGx8x0PPQ4RKnxAEhxa5YBZdXd:tEiXMxZcKyHictJq+QLY8y8aP44RQAE/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b145eee093356e692f3b79059284f302_JaffaCakes118

Files

b145eee093356e692f3b79059284f302_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3d23c51469712d7b6a7aa49b9ca3cced

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Heap32ListNext
GetComputerNameA
GenerateConsoleCtrlEvent
Heap32Next
BackupRead
Module32NextW
CreateRemoteThread
PrepareTape
AddConsoleAliasW
GlobalUnWire
WriteProfileSectionW
BeginUpdateResourceA
RegisterWaitForSingleObject
CreateFiberEx
ResumeThread
GetCurrentDirectoryW
EnumResourceNamesW
ReadConsoleInputW
FormatMessageA
EnumDateFormatsExA
IsBadReadPtr
SetMailslotInfo
VirtualProtectEx
GetCommModemStatus
GetModuleHandleA
ExpungeConsoleCommandHistoryW
CreateNamedPipeA
GetGeoInfoA
GetLocaleInfoA
GetProfileStringW
SetEvent
OpenSemaphoreW
GetProfileSectionW
VirtualAlloc
ActivateActCtx
ExitProcess
GetLargestConsoleWindowSize
SetDefaultCommConfigW
SetTapeParameters
EscapeCommFunction
ReadFileScatter
SetHandleInformation
FindFirstChangeNotificationA
EnumSystemLocalesA
HeapDestroy
lstrcpyW
SetSystemTimeAdjustment
IsValidCodePage
GetFirmwareEnvironmentVariableA
UTRegister
GetComputerNameExW
ChangeTimerQueueTimer
SetCommTimeouts
LoadLibraryA
CopyFileExA

ole32

CoLockObjectExternal
OleSetContainedObject
RevokeDragDrop
HGLOBAL_UserMarshal
CoRegisterPSClsid
HBRUSH_UserSize
CoCreateFreeThreadedMarshaler
CLSIDFromString
StgIsStorageILockBytes
OleTranslateAccelerator
CoBuildVersion
ComPs_NdrDllCanUnloadNow
OleCreateFromFileEx
IsValidPtrIn
GetHGlobalFromILockBytes
ComPs_NdrDllGetClassObject
HICON_UserSize
CreateDataAdviseHolder
GetErrorInfo
CoAddRefServerProcess
StgOpenStorageEx
CoFreeLibrary
CoUnmarshalHresult
IsEqualGUID
CreateErrorInfo

msls31

LsdnFinishBySubline
LsPointUV2FromPointUV1
LsdnQueryPenNode
LsSetCompression
LsQueryLinePointPcp
LsFindNextBreakSubline
LsDisplayLine
LsSqueezeSubline
LsGetRubyLsimethods
LsdnFinishDeleteAll
LsGetLineDur
LsGetTatenakayokoLsimethods
LsQueryFLineEmpty
LsSetBreaking
LsdnGetFormatDepth
LsCreateLine
LsGetMinDurBreaks
LsdnQueryObjDimRange
LssbFDonePresSubline
LsdnFinishByPen
LsQueryTextCellDetails
LsDestroySubline
LssbGetPlsrunsFromSubline
LsdnSkipCurTab
LsCreateSubline
LsEnumLine
LsLwMultDivR

ifsutil

?QueryVolumeName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z
?Initialize@DP_DRIVE@@QAEEPBVWSTRING@@PAVMESSAGE@@EEG@Z
?WriteToFile@IFS_SYSTEM@@SGEPBVWSTRING@@PAXKE@Z
?QueryCanonicalNtDriveName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@@Z
?QueryNtfsVersion@IFS_SYSTEM@@SGEPAE0PAVLOG_IO_DP_DRIVE@@PAX@Z
?NtDriveNameToDosDriveName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@@Z
?QueryNtfsTime@IFS_SYSTEM@@SGXPAT_LARGE_INTEGER@@@Z
?Write@IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
?Verify@IO_DP_DRIVE@@QAEEVBIG_INT@@0PAVNUMBER_SET@@@Z
??1VOL_LIODPDRV@@UAE@XZ
?GetNextDataSlot@TLINK@@QAEAAVBIG_INT@@XZ
?SetVolumeLabelAndPrintFormatReport@VOL_LIODPDRV@@QAEEPBVWSTRING@@PAVMESSAGE@@@Z
?GetDrive@SUPERAREA@@QAEPAVIO_DP_DRIVE@@XZ
??0LOG_IO_DP_DRIVE@@QAE@XZ
?DumpHashTable@SPARSE_SET@@QAEXXZ
?AddEntry@AUTOREG@@SGEPBVWSTRING@@@Z
?QueryParentsWithChildren@DIGRAPH@@QBEEPAVNUMBER_SET@@K@Z
?Initialize@SECRUN@@QAEEPAVMEM@@PAVIO_DP_DRIVE@@VBIG_INT@@K@Z
?SetCache@IO_DP_DRIVE@@QAEXPAVDRIVE_CACHE@@@Z
?GetAt@MOUNT_POINT_MAP@@QAEEKPAVWSTRING@@0@Z

netapi32

NetQueryDisplayInformation
NetUserSetGroups
NetDfsMove
NetMessageBufferSend
NetDfsAdd
NetpCleanFtinfoContext
NetpHexDump
NetWkstaTransportEnum
I_BrowserQueryEmulatedDomains
NetReplExportDirAdd
DsAddressToSiteNamesExA
NetServerComputerNameAdd
NetUseEnum
NetServerDiskEnum
I_NetServerAuthenticate2
NetReplSetInfo
NetLocalGroupAddMember
NetUserAdd
NetGetJoinInformation
I_NetServerTrustPasswordsGet

expsrv

rtcChangeDir
__vbaNextEachAry
__vbaFPException
__vbaBoolErrVar
rtcGetTimeValue
__vbaUI1Cy
rtcVarType
BASIC_CLASS_Invoke
__vbaAryMove
__vbaVarNeg
__vbaExceptHandler
rtcLowerCaseBstr
_adj_fptan
__vbaLenVarB
__vbaCySgn
TipSetOption
__vbaForEachCollAd
rtcUpperCaseVar
__vbaVargUnk
rtcFileLen
__vbaUI1I2
rtcRemoveDir
__vbaFailedFriend
__vbaVarTextCmpGt
rtcFileAttributes
EbLoadRunTime
__vbaSetSystemError
__vbaVarForInit
rtcOctBstrFromVar

dataclen

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 1024B - Virtual size: 562B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d23c51469712d7b6a7aa49b9ca3cced

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

msls31

ifsutil

netapi32

expsrv

dataclen

Sections

.text Size: 1024B - Virtual size: 562B

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 17KB - Virtual size: 72KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 512B - Virtual size: 64B

.text
Size: 1024B - Virtual size: 562B

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 17KB - Virtual size: 72KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 512B - Virtual size: 64B