b2ee92c29eae8123451eb9ef5587c193_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b2ee92c29eae8123451eb9ef5587c193_JaffaCakes118
Size

412KB
MD5

b2ee92c29eae8123451eb9ef5587c193
SHA1

bc6e10651d1e7519acbbc92dfc8fd8c25c399147
SHA256

d990924cfcddde28afb485f5db56afcecf4480633c3f8b30579e90d75894aefc
SHA512

e1d813f78d86df0eae93726be7f6bedb25e148b20034ac18ddb5cf1bde0f286a18674380231cc35261186006f2d7bd607321c622090d7b2f29c068f4f83801a3
SSDEEP

6144:Vm0i7l5LGMs5vFKTq+k+9kRVDlFxRa9O4y/JDv5X6UVuuF63RcNKdAiSL8M9vwv:IbKMK4a+eRtO9hyBDRmdhBdAis7vs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b2ee92c29eae8123451eb9ef5587c193_JaffaCakes118

Files

b2ee92c29eae8123451eb9ef5587c193_JaffaCakes118
.exe windows:5 windows x86 arch:x86

bfcd0cb951801cb7964a9dc2ed16f1dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

cryptui

CryptUIGetCertificatePropertiesPagesW
I_CryptUIProtectFailure
CryptUIDlgViewSignerInfoA
LocalEnroll
CryptUIDlgViewCRLW
CryptUIWizSubmitCertRequestNoDS
CryptUIWizCreateCertRequestNoDS
CryptUIDlgViewSignerInfoW
CryptUIFreeViewSignaturesPagesW
CryptUIDlgSelectCA
I_CryptUIProtect
CryptUIDlgSelectCertificateA
LocalEnrollNoDS
CryptUIGetViewSignaturesPagesW
CryptUIWizFreeCertRequestNoDS
CryptUIDlgViewContext
CryptUIGetCertificatePropertiesPagesA
WizardFree
ACUIProviderInvokeUI
CryptUIDlgSelectStoreW
CryptUIDlgCertMgr
CryptUIDlgSelectCertificateFromStore
CryptUIWizCertRequest
CryptUIDlgSelectStoreA
CryptUIDlgViewCTLW
CryptUIDlgViewCertificatePropertiesA
CryptUIDlgViewCertificateA
RetrievePKCS7FromCA
CryptUIDlgViewCertificatePropertiesW
CryptUIStartCertMgr
CryptUIWizImport
CryptUIDlgFreeCAContext
CryptUIWizQueryCertRequestNoDS

sqlunirl

_CharPrev_@8
_CreateWaitableTimer_@12
_GetCommandLine_@0
_CharUpperBuff_@8
_SendNotifyMessage_@16
_CopyFileEx_@24
_GetTextFace_@12
_FindFirstChangeNotification_@12
_GetEnhMetaFileDescription_@12
_GetProfileString_@20
_ChangeDisplaySettings_@8
_FreeEnvironmentStrings@4
_PostThreadMessage_@16
_RegisterClassEx_@4
_DrawText@20
_RemoveFontResource_@4
_RegUnLoadKey_@8
_DrawTextEx_@24
_GetKeyboardLayoutName_@4
_LoadBitmap@8
_MoveFile@8
_FindResourceEx_@16
_GetTempPath_@8
__lopen_@8
_PropertySheet_@4
_MapVirtualKeyEx_@12
_EnumResourceNames_@16
_LoadMenu@8
_GetShortPathName_@12
_VerQueryValue_@16
_EnumWindowStations_@8
_FindText_@4
_SetFileSecurity_@12
_trename
_GetProp@8
_GetFileAttributesEx_@12
_GetDlgItemText@16
_NDdeIsValidShareName_@4
_AddFontResource_@4
_NDdeGetErrorString_@12
_NDdeShareEnum_@24
_CommDlg_OpenSave_GetFilePath@12
_RegSetValueEx_@24
_IsDialogMessage@8

cfgmgr32

CM_Get_Next_Res_Des_Ex
CM_Get_Device_ID_List_SizeA
CM_Register_Device_Interface_ExW
CM_Get_Device_Interface_AliasW
CM_Query_Resource_Conflict_List
CM_Set_DevNode_Problem
CM_Connect_MachineW
CM_Invert_Range_List
CM_Move_DevNode
CM_Get_Device_Interface_ListW
CM_Delete_DevNode_Key
CM_Add_IDA
CM_Add_Empty_Log_Conf
CM_Setup_DevNode
CM_Get_Class_Name_ExA
CM_Set_Class_Registry_PropertyW
CM_Get_Device_Interface_AliasA
CM_Free_Range_List
CM_Set_HW_Prof_FlagsW
CM_Reenumerate_DevNode
CM_Set_HW_Prof_Flags_ExW
CM_Query_Arbitrator_Free_Size_Ex
CM_Delete_Class_Key_Ex
CM_Get_Sibling
CM_Register_Device_Driver_Ex
CM_Add_Empty_Log_Conf_Ex
CM_Get_Device_Interface_Alias_ExW
CM_Query_And_Remove_SubTree_ExA
CM_Remove_SubTree
CM_Unregister_Device_Interface_ExA
CM_Free_Res_Des
CM_Get_Device_ID_ExA
CM_Get_Hardware_Profile_InfoA
CM_Open_Class_KeyW
CM_Get_Next_Log_Conf

kernel32

WritePrivateProfileStringW
IsDBCSLeadByte
WriteProfileSectionW
EnumSystemCodePagesA
GetPrivateProfileStructA
BaseDumpAppcompatCache
IsBadHugeReadPtr
SetTimeZoneInformation
GetSystemDirectoryA
ReleaseMutex
GlobalFindAtomW
GetNativeSystemInfo
GetExitCodeProcess
LocalAlloc
AddRefActCtx
SetWaitableTimer
LZCopy
SetLastConsoleEventActive
SetVolumeLabelA
SwitchToThread
QueryPerformanceCounter
SetConsoleMaximumWindowSize
SetConsoleScreenBufferSize
BaseUpdateAppcompatCache
OutputDebugStringA
_lwrite
GlobalMemoryStatus
SetConsoleNlsMode
OpenFileMappingA
LoadResource
IsValidLocale
EnumSystemLanguageGroupsA
LoadLibraryA
ReadDirectoryChangesW
GetSystemTimeAsFileTime
UnhandledExceptionFilter
GlobalGetAtomNameW
lstrcmpW
SetLocalTime
FreeEnvironmentStringsA
GetGeoInfoA
BaseFlushAppcompatCache
ReadConsoleOutputAttribute
PulseEvent
EnumSystemLocalesW
SetTapeParameters
SetComPlusPackageInstallStatus
VirtualFreeEx
GetOverlappedResult
ReadFile
DeleteVolumeMountPointA
Heap32ListNext
BuildCommDCBAndTimeoutsA
SetThreadContext
EnumLanguageGroupLocalesA
UnlockFileEx
GetStartupInfoW
GetDiskFreeSpaceExW
LocalUnlock
WriteConsoleOutputCharacterA
GetModuleHandleW
CancelTimerQueueTimer
AllocConsole
UnlockFile
GetACP
VirtualAlloc

msi

MsiSetInstallLevel
MsiDatabaseOpenViewA
MsiFormatRecordA
MsiSourceListForceResolutionW
MsiQueryFeatureStateW
MsiRecordDataSize
MsiGetProductPropertyW
MsiApplyPatchA
MsiSetFeatureAttributesW
MsiAdvertiseProductW
MsiProvideQualifiedComponentW
MsiProcessAdvertiseScriptA
MsiGetProductCodeFromPackageCodeW
MsiLoadStringW
MsiGetUserInfoA
MsiReinstallProductW
MsiGetFileSignatureInformationA
MsiCreateAndVerifyInstallerDirectory
MsiEnumComponentCostsW
MsiAdvertiseProductExA
MsiProvideQualifiedComponentExA
MsiRecordSetStringW
MsiGetProductInfoA
MsiGetFileHashA
MsiInstallProductA
MsiEnumRelatedProductsA
MsiReinstallFeatureW
MsiSourceListForceResolutionA
MsiNotifySidChangeW
MsiConfigureFeatureFromDescriptorA
MsiRecordGetStringA
MsiGetProductPropertyA
MsiSourceListAddSourceA
MsiIsProductElevatedA
MsiDecomposeDescriptorA
MsiProvideComponentFromDescriptorW
MsiDatabaseOpenViewW
MsiUseFeatureA
MsiGetSummaryInformationA
MsiDatabaseIsTablePersistentW
MsiGetFeatureStateA
MsiGetSourcePathA
MsiGetFeatureCostW
MsiSetComponentStateA

msdart

?GetSpinCount@CSpinLock@@QBEGXZ
??1CLockedSingleList@@QAE@XZ
?sm_wDefaultSpinCount@CFakeLock@@1GA
??0CSpinLock@@QAE@XZ
?DeleteRecord@CLKRHashTable@@QAE?AW4LK_RETCODE@@PBX@Z
?GetDefaultSpinAdjustmentFactor@CReaderWriterLock2@@SGNXZ
?GetSpinCount@CFakeLock@@QBEGXZ
?_InsertThisIntoGlobalList@CLKRHashTable@@AAEXXZ
?sm_llGlobalList@CLKRHashTable@@0VCLockedDoubleList@@A
SetMemHook
?ConvertSharedToExclusive@CReaderWriterLock3@@QAEXXZ
FXMemDetach
?SetSpinCount@CReaderWriterLock@@QAE_NG@Z
?ReadOrWriteLock@CFakeLock@@QAE_NXZ
?Lock@CLockedSingleList@@QAEXXZ
?IsWriteUnlocked@CSmallSpinLock@@QBE_NXZ
?WriteUnlock@CReaderWriterLock3@@QAEXXZ
?ConvertSharedToExclusive@CReaderWriterLock@@QAEXXZ
?ConvertSharedToExclusive@CReaderWriterLock2@@QAEXXZ
?First@CLockedDoubleList@@QAEQAVCListEntry@@XZ
?Push@CSingleList@@QAEXQAVCSingleListEntry@@@Z
?GetDefaultSpinAdjustmentFactor@CReaderWriterLock3@@SGNXZ
?WriteLock@CSmallSpinLock@@QAEXXZ
?SetBucketLockSpinCount@CLKRLinearHashTable@@QAEXG@Z
MPInitializeCriticalSectionAndSpinCount
?ReleaseVersionInfo@CMdVersionInfo@@SAXXZ
?SetSpinCount@CCritSec@@QAE_NG@Z
?s_aBucketSizes@?1??BucketSizes@CLKRHashTableStats@@SGPBJXZ@4QBJB
??1CFakeLock@@QAE@XZ

Sections

.text
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 405KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bfcd0cb951801cb7964a9dc2ed16f1dc

Headers

DLL Characteristics

File Characteristics

Imports

cryptui

sqlunirl

cfgmgr32

kernel32

msi

msdart

Sections

.text Size: 146KB - Virtual size: 146KB

.rdata Size: 312KB - Virtual size: 312KB

.data Size: 405KB - Virtual size: 1.8MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 146KB - Virtual size: 146KB

.rdata
Size: 312KB - Virtual size: 312KB

.data
Size: 405KB - Virtual size: 1.8MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B