adbe3933504be45e5a6a070a8ae10486_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

adbe3933504be45e5a6a070a8ae10486_JaffaCakes118
Size

34KB
MD5

adbe3933504be45e5a6a070a8ae10486
SHA1

8632395ff9c537e94bcd3db03a4909fe0c155d9d
SHA256

14a1c8f5f646982f581f48701628d1c5e583ebbdafae582d9df48815428df80f
SHA512

e112ee217aecc2fb9358414d0d31a84729744c5a72887fe57bfde09ef19c769de5b1a7be622a52640571ed9862c54cfe7545853b1a85cd1b99b148122e301162
SSDEEP

768:C2okGrZ5glBqMsA6gWtbuMylxRlfFSvBf0y2wJ7o:6hrZulBqMs9dRylxRlfFSvJ0y2wJ7o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
adbe3933504be45e5a6a070a8ae10486_JaffaCakes118

Files

adbe3933504be45e5a6a070a8ae10486_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e418f3c10b3836a8bb292c9dc893b3f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

catsrvut

ManagedRequestW
RegDBBackup
SysprepComplus2
DllGetClassObject
??_7CComPlusObject@@6B@
DllRegisterServer
?GetITypeLib@CComPlusTypelib@@QAEPAUITypeLib@@XZ
??_7CComPlusInterface@@6B@
??_7CComPlusComponent@@6B@
StartMTSTOCOM
??1CComPlusComponent@@UAE@XZ
??4CComPlusComponent@@QAEAAV0@ABV0@@Z
RunMTSToCom
??1CComPlusInterface@@UAE@XZ
DllCanUnloadNow
SysprepComplus
WinlogonHandlePendingInfOperations
RegDBRestore
??4CComPlusObject@@QAEAAV0@ABV0@@Z
??0CComPlusInterface@@QAE@ABV0@@Z
CGMIsAdministrator
DllUnregisterServer
??_7CComPlusMethod@@6B@
??0CComPlusMethod@@QAE@ABV0@@Z
QueryUserDllW
FindAssemblyModulesW
??0CComPlusObject@@QAE@ABV0@@Z
??0CComPlusComponent@@QAE@ABV0@@Z
??4CComPlusMethod@@QAEAAV0@ABV0@@Z
??4CComPlusTypelib@@QAEAAV0@ABV0@@Z
COMPlusUninstallActionW
??4CComPlusInterface@@QAEAAV0@ABV0@@Z

untfs

?InsertEntry@NTFS_INDEX_TREE@@QAEEKPAXU_MFT_SEGMENT_REFERENCE@@E@Z
?Initialize@NTFS_CLUSTER_RUN@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@VBIG_INT@@KK@Z
?QueryAttributeListAttribute@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVNTFS_ATTRIBUTE@@PAE@Z
?Initialize@NTFS_MFT_INFO@@QAEEXZ
?QueryDefaultClustersPerIndexBuffer@NTFS_SA@@SGKPBVDP_DRIVE@@K@Z
?QueryName@NTFS_ATTRIBUTE_RECORD@@QBEEPAVWSTRING@@@Z
?SetVolumeFlag@NTFS_SA@@QAEEGPAE@Z
??1NTFS_ATTRIBUTE_LIST@@UAE@XZ
??0NTFS_ATTRIBUTE@@QAE@XZ
?Initialize@NTFS_LOG_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
??0NTFS_SA@@QAE@XZ
?Extend@NTFS_MASTER_FILE_TABLE@@QAEEK@Z
?AddExtent@NTFS_EXTENT_LIST@@QAEEVBIG_INT@@00@Z
?QueryFileSizes@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVBIG_INT@@0PAE@Z
?ReadNext@NTFS_FRS_STRUCTURE@@QAEEVBIG_INT@@@Z
??0NTFS_INDEX_TREE@@QAE@XZ
??0NTFS_MFT_INFO@@QAE@XZ
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEVBIG_INT@@PAVNTFS_MFT_FILE@@@Z
?Write@NTFS_BITMAP@@QAEEPAVNTFS_ATTRIBUTE@@PAV1@@Z
?Read@NTFS_SA@@QAEEPAVMESSAGE@@@Z
?Initialize@NTFS_ATTRIBUTE_DEFINITION_TABLE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@E@Z
Extend
?Read@NTFS_MFT_FILE@@UAEEXZ
??0NTFS_UPCASE_FILE@@QAE@XZ

rpcns4

RpcNsProfileEltInqBeginW
RpcNsMgmtBindingUnexportW
RpcNsGroupMbrAddW
RpcNsGroupMbrInqBeginA
RpcNsMgmtHandleSetExpAge
RpcNsBindingImportNext
RpcNsBindingUnexportA
RpcNsGroupMbrInqBeginW
RpcNsBindingExportPnPA
I_RpcReBindBuffer
RpcNsProfileEltInqBeginA
RpcNsBindingExportA
RpcNsProfileEltAddA
RpcNsMgmtEntryCreateW
RpcNsMgmtEntryDeleteA
RpcNsGroupMbrInqNextA
RpcNsEntryObjectInqNext
RpcNsBindingLookupNext
RpcNsGroupDeleteA
RpcNsBindingImportBeginA
RpcNsMgmtEntryCreateA
RpcIfIdVectorFree
RpcNsBindingUnexportPnPA

opengl32

glIndexPointer
glNormal3f
glMapGrid1d
glIndexs
glMap1f
glDeleteTextures
glTexCoord3sv
glPassThrough
glRasterPos2d
glTexCoord3i
glMateriali
wglGetCurrentDC
glEvalPoint2
glPushClientAttrib
glNormal3d
wglGetProcAddress
glGetTexGeniv
glTexGeniv
glClipPlane
glColor3iv
glRectsv
glVertex4sv
glRasterPos3dv
glInterleavedArrays
glGetError
glTexParameteriv
glRasterPos4d
GlmfPlayGlsRecord
glMapGrid2d
wglMakeCurrent
glGetMapdv
glTexCoord1fv
wglGetLayerPaletteEntries
glIndexub
glPixelMapusv
glEvalCoord2dv
glVertex3iv
glPopName
glEvalCoord1fv
glRectiv
glTexCoord4f
glPixelTransferf
glLightiv
glRasterPos2sv
glDepthMask
glCopyTexSubImage2D
glColor4us
glVertex3f
glGetMapiv
glCopyTexSubImage1D
wglCreateLayerContext
glFlush
glEndList
glColor3uiv
glVertex2iv
glIndexiv
glVertex4dv
glIndexubv
glIsEnabled
wglSwapLayerBuffers
glLightModelf

user32

SetScrollPos
IsIconic
MoveWindow

apphelp

ApphelpCheckMsiPackage
SdbGetStringTagPtr
ApphelpShowDialog
SdbFindFirstMsiPackage_Str
SdbReadWORDTagRef
SdbFindNextTag
ApphelpUpdateCacheEntry
SdbReadBinaryTag
SdbTagRefToTagID
SdbTagIDToTagRef
SdbReadQWORDTag
SdbReleaseDatabase
SdbGetTagDataSize
SdbReadDWORDTagRef
SdbReadBYTETagRef
SdbGetTagFromTagID
SdbOpenApphelpInformation
SdbUnregisterDatabase
SdbGetPermLayerKeys
ApphelpCheckRunApp
SetPermLayers
ApphelpFixMsiPackage
AllowPermLayer

w32topl

ToplSTHeapAdd
ToplSTHeapInit
ToplEdgeSetFromVertex
ToplIterGetObject
ToplHeapExtractMin
ToplGraphCreate
ToplIterFree
ToplHeapIsElementOf
ToplListCreate
ToplListFree
ToplMakeGraphState
ToplGraphMakeRing
ToplGraphDestroy
ToplScheduleCacheCreate
ToplGraphSetVertexIter
ToplScheduleMerge
ToplScheduleImport
ToplListNumberOfElements
ToplEdgeDisassociate
ToplFree
ToplScheduleIsEqual
ToplIterCreate
ToplVertexDestroy
ToplVertexCreate
ToplScheduleExportReadonly
ToplScheduleCacheDestroy
ToplVertexGetOutEdge
ToplGetAlwaysSchedule
ToplEdgeSetVtx
ToplListAddElem
ToplHeapIsEmpty
ToplDeleteComponents
ToplGraphNumberOfVertices
ToplGetSpanningTreeEdgesForVtx
ToplScheduleValid
ToplScheduleCreate
ToplEdgeInit
ToplVertexNumberOfInEdges
ToplGraphFree
ToplListSetIter
ToplVertexSetId
ToplVertexNumberOfOutEdges
ToplScheduleDuration
ToplEdgeSetWeight
ToplEdgeGetToVertex

localspl

SplGetPrinterExtra
InitializePrintProvidor
SplSetForm
SplEnumMonitors
OpenPrintProcessor
GetPrintProcessorCapabilities
SplGetForm
SplXcvData
SplEnumPorts
SplGetPrinterDriverEx
SplAddPrinter
SplReenumeratePorts
SplGetPrinterDriver
SplCopyFileEvent
SplGetPrinterData
SplGetPrinterExtraEx
ClosePrintProcessor
SplMonitorIsInstalled
SplOpenPrinter
SplResetPrinter
SplConfigChange
SplGetPrinterDriverDirectory
DllMain
SplLoadLibraryTheCopyFileModule
SplEnumPrintProcessorDatatypes
LclPromptUIPerSessionUser
SplEnumForms
LclIsSessionZero
SplSetPrinter
SplDeleteSpooler
SplAddMonitor
SplSetPrinterExtra
SplDeletePort
SplEnumPrinters

crtdll

_fileno
vfprintf
_CIatan2
fgetc
_ultoa
clock
_strupr
_global_unwind2
tmpnam
_yn
srand
_spawnle
_chgsign
_wtoi
ungetwc
strlen
system
sin
mblen
_ismbbkpunct
_sleep
_abnormal_termination
_lrotl
_mbschr
??3@YAXPAX@Z
_getpid
_strnicmp
_strnextc
feof
_chdir
freopen
_mbslwr
setlocale
tan
_fputchar
_wcsnset
_strdate
_mktemp
wcsncat
_mbsnbcnt
_findfirst
_lsearch
fgetpos
_findclose

wldap32

ldap_extended_operation_sW
ldap_modrdn_s
ber_bvdup
ldap_control_freeA
ldap_modrdn2_s
ldap_delete_extA
ldap_perror
ldap_add
ldap_stop_tls_s
ldap_get_values
ldap_start_tls_sW
ldap_modify_sW
ldap_search_ext_sA
ldap_first_attribute
ldap_compare_extW
ldap_extended_operation
ldap_memfreeW
ldap_rename_ext_s
ldap_get_option
ldap_search_stA
ldap_search
ldap_add_extW
ldap_memfreeA
ldap_get_next_page
ldap_get_dnW
ldap_rename_ext_sA
LdapGetLastError

kernel32

ReadConsoleInputW
ResumeThread
AddConsoleAliasA
OutputDebugStringW
GetConsoleProcessList
GetEnvironmentVariableA
EnumResourceNamesW
FindFirstFileExA
UnlockFile
SetConsoleTitleA
SetTimeZoneInformation
SetConsoleKeyShortcuts
InterlockedPushEntrySList
OpenWaitableTimerA
OpenJobObjectA
FreeEnvironmentStringsA
GetVersionExA
GetConsoleCommandHistoryLengthW
FoldStringW
AddVectoredExceptionHandler
GetDriveTypeW
QueueUserWorkItem
lstrcpynW
Module32First
SearchPathW
GetVolumeNameForVolumeMountPointA
CreateMailslotA
SetTimerQueueTimer
CreateMutexW
GetFileSize
CancelTimerQueueTimer
EnumLanguageGroupLocalesA
VirtualQueryEx
SetFilePointer
VirtualAlloc
Process32Next
lstrcmpiW
GetConsoleAliasExesLengthW
OpenSemaphoreA
EnumDateFormatsExA
InitializeSListHead
GetSystemTime
GetConsoleAliasW
GetOverlappedResult
SetProcessAffinityMask
TerminateJobObject
SetFileApisToOEM
GetFirmwareEnvironmentVariableA
MoveFileA
AddConsoleAliasW
OpenFileMappingA
SetConsoleOutputCP
VirtualUnlock

netapi32

I_NetLogonControl2
NetUseAdd
I_NetServerPasswordGet
I_NetServerSetServiceBits
NetGroupDelUser
NetMessageNameGetInfo
DsRoleDnsNameToFlatName
DsGetDcNameA
DsGetDcNextA
NetGroupAddUser
NetUnjoinDomain
DsGetDcNameWithAccountA
NetAuditClear
NetWkstaUserGetInfo
NetUserModalsSet
NetServiceControl
I_NetAccountSync
NetWkstaSetInfo
NetFileClose
I_NetServerAuthenticate2
NetUserGetInfo
DsRoleDcAsDc
NetServerGetInfo
I_NetlogonComputeServerDigest
NetConfigSet
DsRoleDemoteDc
NetWkstaUserEnum
NetpInitFtinfoContext
I_NetLogonSamLogonEx
NetLocalGroupGetMembers
I_BrowserResetStatistics
I_NetLogonSamLogonWithFlags
NetErrorLogRead
NetServerEnum
I_NetDatabaseDeltas
NetUserGetLocalGroups
NetServerTransportEnum
I_NetDatabaseRedo
NetpAllocFtinfoEntry
NetapipBufferAllocate
DsGetDcSiteCoverageA
NetShareEnum
NetLogonGetTimeServiceParentDomain

comdlg32

PrintDlgW
Ssync_ANSI_UNICODE_Struct_For_WOW
dwOKSubclass
GetSaveFileNameW
PrintDlgA
LoadAlterBitmap
PageSetupDlgA
CommDlgExtendedError
ReplaceTextA
GetOpenFileNameW
PrintDlgExW
ChooseColorW
ChooseFontW
PrintDlgExA
ReplaceTextW
FindTextW
PageSetupDlgW
GetOpenFileNameA
WantArrows
GetSaveFileNameA
FindTextA
dwLBSubclass
GetFileTitleA
ChooseColorA
ChooseFontA
GetFileTitleW

gdi32

RectVisible

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 658B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e418f3c10b3836a8bb292c9dc893b3f8

Headers

DLL Characteristics

File Characteristics

Imports

catsrvut

untfs

rpcns4

opengl32

user32

apphelp

w32topl

localspl

crtdll

wldap32

kernel32

netapi32

comdlg32

gdi32

Sections

.text Size: 15KB - Virtual size: 15KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 658B

.text
Size: 15KB - Virtual size: 15KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 658B