b3f846bcd494eee601bcd45dcc7e59eb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b3f846bcd494eee601bcd45dcc7e59eb_JaffaCakes118
Size

28KB
MD5

b3f846bcd494eee601bcd45dcc7e59eb
SHA1

652d95abc606214aefb44703110da7c822d8b30b
SHA256

ac728a378a7d0de0a89262caa04babb87da026d08fb57e4ac654d87f96dd1836
SHA512

ca8c932852ee8b2fae2d66f623c6b7ee8eea3755a7e3c37294c7743da7edb43fa693b6c9b79a26b6488bc22dec2325bc8c50c0d3cadc64fb3f0497c1d580165a
SSDEEP

384:ZrPdfUsG0epGnNFnwX6v/rrJg7PtI9JhYx/0vTnjpfhvnKa91CpPG:4sGFpGnLo6rVExx/0vPRFic

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3f846bcd494eee601bcd45dcc7e59eb_JaffaCakes118

Files

b3f846bcd494eee601bcd45dcc7e59eb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

533748026f4fd6a3a07b5a3f48371b6a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

cryptui

CryptUIDlgViewCTLW
CryptUIDlgViewCertificateA
CryptUIFreeCertificatePropertiesPagesA
CryptUIDlgViewContext
CryptUIWizSubmitCertRequestNoDS
CryptUIWizImport
CryptUIDlgSelectCA
CryptUIDlgSelectStoreW
I_CryptUIProtect
CryptUIWizBuildCTL
LocalEnrollNoDS
ACUIProviderInvokeUI
CryptUIDlgFreeCAContext
CryptUIDlgViewSignerInfoA
WizardFree
CryptUIWizQueryCertRequestNoDS
CryptUIFreeViewSignaturesPagesW
CryptUIDlgViewCertificatePropertiesW
CryptUIDlgViewCRLW
CryptUIDlgViewCRLA
CryptUIFreeViewSignaturesPagesA
RetrievePKCS7FromCA
CryptUIWizCertRequest
CryptUIDlgViewCertificatePropertiesA
CryptUIDlgViewCTLA
CryptUIGetCertificatePropertiesPagesW
EnrollmentCOMObjectFactory_getInstance
CryptUIDlgSelectCertificateFromStore
LocalEnroll
CryptUIWizCreateCertRequestNoDS
CryptUIStartCertMgr
CryptUIDlgCertMgr
DllRegisterServer
CryptUIFreeCertificatePropertiesPagesW
CryptUIDlgSelectStoreA
CryptUIDlgViewSignerInfoW
CryptUIDlgViewCertificateW
CryptUIDlgSelectCertificateA
CryptUIWizExport
CryptUIDlgSelectCertificateW
CryptUIGetViewSignaturesPagesW

adsldpc

BuildADsParentPath
SchemaOpen
FreeADsMem
LdapValueFree
ADsSetObjectAttributes
GetLDAPTypeName
GetSyntaxOfAttribute
ADsEnumClasses
LdapcKeepHandleAround
LdapGetSyntaxOfAttributeOnServer
SchemaClose
FindEntryInSearchTable
ADsEnumAttributes
LdapcSetStickyServer
LdapModifyS
??1CLexer@@QAE@XZ
LdapGetSchemaObjectCount
ReadSecurityDescriptorControlType
LdapFirstEntry
BuildADsParentPathFromObjectInfo2
LdapDeleteS
LdapCloseObject
LdapAddExtS
LdapControlsFree
?SetAtDisabler@CLexer@@QAEXH@Z
ADsDeleteDSObject
ConvertU2TrusteeToSid
LdapDeleteExtS
ADSIDeleteDSObject
LdapValueFreeLen
AdsTypeFreeAdsObjects
LdapTypeFreeLdapObjects
SchemaGetClassInfoByIndex
ADsCreateAttributeDefinition
BuildLDAPPathFromADsPath
ADSICreateDSObject
ADsCreateClassDefinition
ADsWriteAttributeDefinition
AllocADsMem
MapADSTypeToLDAPType

ole32

HICON_UserFree
GetRunningObjectTable
OleBuildVersion
CoUnmarshalHresult
HENHMETAFILE_UserFree
OleRegEnumVerbs
HMENU_UserSize
HICON_UserMarshal
CoRegisterPSClsid
CLIPFORMAT_UserMarshal
UtGetDvtd16Info
PropStgNameToFmtId
CLIPFORMAT_UserSize
OleQueryCreateFromData
SetDocumentBitStg
OleCreateDefaultHandler
CoInstall
ReadFmtUserTypeStg
CoSetCancelObject
StgCreatePropStg
WdtpInterfacePointer_UserFree
CoFreeLibrary
OpenOrCreateStream
CLSIDFromProgID
CoTestCancel
CoCreateGuid
CoImpersonateClient
SetConvertStg
OleConvertIStorageToOLESTREAMEx
DllGetClassObjectWOW
OleConvertOLESTREAMToIStorage
CoPopServiceDomain
CLSIDFromProgIDEx
CoGetMalloc
GetHGlobalFromStream
CoTreatAsClass
HMETAFILE_UserSize
WriteClassStm
IsAccelerator
SetErrorInfo
WdtpInterfacePointer_UserSize
CoRegisterSurrogate

msacm32

acmFilterTagEnumW
acmDriverClose
acmDriverPriority
acmFormatEnumA
acmStreamOpen
acmFormatDetailsA
acmStreamMessage
acmDriverEnum
acmFilterDetailsW
acmFormatEnumW
acmMessage32
acmDriverID
acmStreamPrepareHeader
acmDriverOpen
acmDriverDetailsW
acmFilterTagDetailsW
acmFilterTagEnumA
acmFormatTagEnumA
acmDriverMessage
XRegThunkEntry
acmFilterChooseA
acmFilterEnumA
acmFormatChooseW
acmFilterDetailsA
acmDriverAddW
acmMetrics
acmDriverDetailsA
acmFormatTagDetailsA
acmStreamConvert
acmFormatDetailsW
acmStreamUnprepareHeader
acmFormatChooseA
acmStreamClose
acmFormatTagDetailsW
acmFilterChooseW
acmFormatSuggest
acmDriverAddA
acmStreamReset
acmFormatTagEnumW
acmGetVersion
acmStreamSize
acmFilterEnumW
acmFilterTagDetailsA
acmDriverRemove

kernel32

NlsGetCacheUpdateCount
LZCreateFileW
FindFirstFileExW
GetStringTypeW
LocalShrink
SetHandleContext
RegisterWowBaseHandlers
ReadConsoleOutputAttribute
WriteProfileStringW
VerLanguageNameA
FindFirstVolumeMountPointW
ReadFile
DnsHostnameToComputerNameA
Beep
lstrcatA
GetStartupInfoA
GetConsoleAliasExesA
GetVersion
EnumCalendarInfoExA
SetCurrentDirectoryA
QueryInformationJobObject
GetNumberOfConsoleMouseButtons
GetCommConfig
PrivMoveFileIdentityW
GetPrivateProfileStringA
VirtualAlloc
CreateFiberEx
GetWindowsDirectoryW
LocalLock
GetConsoleCursorMode
SetFileShortNameA
ChangeTimerQueueTimer
GetEnvironmentVariableA
LZClose
Sleep
MoveFileWithProgressW
OpenMutexA

opengl32

glMultMatrixd
glTexCoord3f
wglMakeCurrent
glTexCoord2fv
glColor4dv
glColor3ubv
glAlphaFunc
glVertex3d
glTexCoord3i
glLoadIdentity
glVertex4i
glTexCoord3s
wglUseFontBitmapsW
glRasterPos2s
glRasterPos4f
glEdgeFlagPointer
glColorMask
glMatrixMode
glTexCoord3fv
glMapGrid1f
glTexParameteriv
glScissor
glNormal3fv
glMapGrid2f
glColor4s
glColor4iv
glPopClientAttrib

wshcon

DllRegisterServer
DllGetClassObject
DllUnregisterServer
DllCanUnloadNow
DLLGetDocumentation

ulib

??0BDSTRING@@QAE@ABV0@@Z
??0CONT_MEM@@QAE@XZ
??1DSTRING@@UAE@XZ
?DisableLineMode@KEYBOARD@@QAEEXZ
??0FSTRING@@QAE@ABV0@@Z
?RemoveNode@SYSTEM@@SGEPAPAVFSNODE@@E@Z
?Initialize@MACHINE@@QAEEXZ
?IsInSetup@MESSAGE@@UAEEXZ
?Fatal@PROGRAM@@UBEXXZ
?SetDtrControl@COMM_DEVICE@@QAEEW4DTR_CONTROL@@@Z
?DoParsing@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
?Initialize@WSTRING@@QAEEPBV1@KK@Z
??1OBJECT@@UAE@XZ
?QueryWCExpansion@PATH@@QAEPAV1@PAV1@@Z
?Initialize@TIMEINFO_ARGUMENT@@QAEEPAD@Z
?Cast@SCREEN@@SGPAV1@PBVOBJECT@@@Z
?SetOutputCodePage@SCREEN@@QAEEK@Z
?SetConsoleConversions@WSTRING@@SGXXZ
?Initialize@LIST@@QAEEXZ
?QueryIterator@ARRAY@@UBEPAVITERATOR@@XZ
??1BYTE_STREAM@@UAE@XZ
?Stricmp@WSTRING@@SGHPAG0@Z
??0WSTRING@@QAE@ABV0@@Z
??0MESSAGE@@QAE@XZ
?_UseAnsiConversionsPrev@WSTRING@@0EA
?Insert@LIST@@QAEEPAVOBJECT@@PAVITERATOR@@@Z
?GetStandardInput@PROGRAM@@UAEPAVSTREAM@@XZ
?WaitForUserSignal@MESSAGE@@UAEEXZ
?IsKeyAvailable@KEYBOARD@@QBEEPAE@Z
?MakeFile@SYSTEM@@SGPAVFSN_FILE@@PBVPATH@@@Z

softpub

SoftpubCleanup
DriverCleanupPolicy
SoftpubInitialize
DllRegisterServer
SoftpubLoadDefUsageCallData
OpenPersonalTrustDBDialog
SoftpubLoadSignature
DriverFinalPolicy
GenericChainFinalProv
SoftpubCheckCert
DllUnregisterServer
AddPersonalTrustDBPages
GenericChainCertificateTrust
HTTPSFinalProv
SoftpubDumpStructure
SoftpubLoadMessage
DriverInitializePolicy
HTTPSCertificateTrust
FindCertsByIssuer
OfficeCleanupPolicy
SoftpubDefCertInit
OfficeInitializePolicy
SoftpubAuthenticode
SoftpubFreeDefUsageCallData

user32

SetFocus

query

?GetChar@CMemDeSerStream@@UAEXPADK@Z
??1CPidRemapper@@QAE@XZ
?ValidateScopeRestriction@@YGHPAVCRestriction@@@Z
?QueryCatalogEnum@CMachineAdmin@@QAEPAVCCatalogEnum@@XZ
?IsCIStopped@CMachineAdmin@@QAEHXZ
?IsCIPaused@CMachineAdmin@@QAEHXZ
CIMakeICommand
?GetVPathAuthorization@CMetaDataMgr@@QAEKPBG@Z
?Shrink@CDynStream@@QAEXAAVPStorage@@K@Z
??1CDFA@@QAE@XZ
?GetStackTrace@@YGXPADK@Z
?Query@CQueryParser@@AAEPAVCDbRestriction@@PAVCDbNodeRestriction@@@Z
SvcEntry_CiSvc
?MakePath@CFullPath@@QAEXPBG@Z
?LokNewWorkId@CPropertyStore@@AAEKKHH@Z
??0CFileMapView@@QAE@PBG@Z
?GetStorage@CPropStoreManager@@QAEAAVPStorage@@K@Z
??0CDbQueryResults@@QAE@XZ
?Grow@CDynStream@@QAEXAAVPStorage@@K@Z
?SkipUShort@CMemDeSerStream@@UAEXXZ
?ReadProperty@CPropStoreManager@@QAEHAAVCCompositePropRecord@@KAAUtagPROPVARIANT@@PAEPAI@Z
?SetProperty@CFullPropSpec@@QAEXK@Z
??1CPhysStorage@@UAE@XZ
?Marshall@CNodeRestriction@@QBEXAAVPSerStream@@@Z

osuninst

ExecuteUninstall
ProvideUiAlerts
RemoveUninstallImage
GetUninstallImageSize
IsUninstallImageValid

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

533748026f4fd6a3a07b5a3f48371b6a

Headers

DLL Characteristics

File Characteristics

Imports

cryptui

adsldpc

ole32

msacm32

kernel32

opengl32

wshcon

ulib

softpub

user32

query

osuninst

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 1KB - Virtual size: 2KB

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 1KB - Virtual size: 2KB