b7fce2af3c0ddadb7185c4d97d61ac84_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b7fce2af3c0ddadb7185c4d97d61ac84_JaffaCakes118
Size

556KB
MD5

b7fce2af3c0ddadb7185c4d97d61ac84
SHA1

d86d8fdf0fa12d6d390544d0243e13a7b406398c
SHA256

e1cb007ccfc5f0cf248dc05fb750c023e4c7e4b3b4eab64b3cdf4f06c9386753
SHA512

19e34036072335b77e928c398343ca5092983137efd7f1b514300a3d633494bbe04e2483056aa1c5c04daf9539f571d8bb09934fe9419f598f54dc59d0a20aa7
SSDEEP

12288:QGLKHz7vIJDKAnkfv6FTspNCNeztf362YNCrk2:jQvIJWAkX6Fwjjt362RI2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7fce2af3c0ddadb7185c4d97d61ac84_JaffaCakes118

Files

b7fce2af3c0ddadb7185c4d97d61ac84_JaffaCakes118
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

vds.pdb

Exports

Exports

??0?$CVdsCoTaskPtr@G@@QAE@XZ
??0?$CVdsHandleImpl@$0A@@@QAE@XZ
??0?$CVdsHandleImpl@$0PPPPPPPP@@@QAE@XZ
??0?$CVdsHeapPtr@D@@QAE@XZ
??0?$CVdsHeapPtr@G@@QAE@XZ
??0?$CVdsHeapPtr@J@@QAE@XZ
??0?$CVdsHeapPtr@UFMIFS_DEF_FS_OUT@@@@QAE@XZ
??0?$CVdsHeapPtr@U_AUCTION_THREAD_PARAMETER@@@@QAE@XZ
??0?$CVdsHeapPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QAE@XZ
??0?$CVdsHeapPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QAE@XZ
??0?$CVdsHeapPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QAE@XZ
??0?$CVdsHeapPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QAE@XZ
??0?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINT@@@@QAE@XZ
??0?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QAE@XZ
??0?$CVdsHeapPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QAE@XZ
??0?$CVdsHeapPtr@U_VDS_DRIVE_LAYOUT_INFORMATION_EX@@@@QAE@XZ
??0?$CVdsPtr@D@@QAE@XZ
??0?$CVdsPtr@G@@QAE@XZ
??0?$CVdsPtr@J@@QAE@XZ
??0?$CVdsPtr@UFMIFS_DEF_FS_OUT@@@@QAE@XZ
??0?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QAE@XZ
??0?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QAE@XZ
??0?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QAE@XZ
??0?$CVdsPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QAE@XZ
??0?$CVdsPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QAE@XZ
??0?$CVdsPtr@U_MOUNTMGR_MOUNT_POINT@@@@QAE@XZ
??0?$CVdsPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QAE@XZ
??0?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QAE@XZ
??0?$CVdsPtr@U_VDS_DRIVE_LAYOUT_INFORMATION_EX@@@@QAE@XZ
??0CPrvEnumObject@@QAE@XZ
??0CVdsCriticalSection@@QAE@PAU_RTL_CRITICAL_SECTION@@@Z
??0CVdsPnPNotificationBase@@QAE@XZ
??0CVdsStructuredExceptionTranslator@@QAE@XZ
??0CVdsUnlockIt@@QAE@AAJ@Z
??1?$CVdsCoTaskPtr@G@@QAE@XZ
??1?$CVdsHandleImpl@$0A@@@QAE@XZ
??1?$CVdsHandleImpl@$0PPPPPPPP@@@QAE@XZ
??1?$CVdsHeapPtr@D@@QAE@XZ
??1?$CVdsHeapPtr@G@@QAE@XZ
??1?$CVdsHeapPtr@J@@QAE@XZ
??1?$CVdsHeapPtr@UFMIFS_DEF_FS_OUT@@@@QAE@XZ
??1?$CVdsHeapPtr@U_AUCTION_THREAD_PARAMETER@@@@QAE@XZ
??1?$CVdsHeapPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QAE@XZ
??1?$CVdsHeapPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QAE@XZ
??1?$CVdsHeapPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QAE@XZ
??1?$CVdsHeapPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QAE@XZ
??1?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINT@@@@QAE@XZ
??1?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QAE@XZ
??1?$CVdsHeapPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QAE@XZ
??1?$CVdsHeapPtr@U_VDS_DRIVE_LAYOUT_INFORMATION_EX@@@@QAE@XZ
??1?$CVdsPtr@D@@QAE@XZ
??1?$CVdsPtr@G@@QAE@XZ
??1?$CVdsPtr@J@@QAE@XZ
??1?$CVdsPtr@UFMIFS_DEF_FS_OUT@@@@QAE@XZ
??1?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QAE@XZ
??1?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QAE@XZ
??1?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QAE@XZ
??1?$CVdsPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QAE@XZ
??1?$CVdsPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QAE@XZ
??1?$CVdsPtr@U_MOUNTMGR_MOUNT_POINT@@@@QAE@XZ
??1?$CVdsPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QAE@XZ
??1?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QAE@XZ
??1?$CVdsPtr@U_VDS_DRIVE_LAYOUT_INFORMATION_EX@@@@QAE@XZ
??1CPrvEnumObject@@QAE@XZ
??1CVdsCriticalSection@@QAE@XZ
??1CVdsDebugLog@@QAE@XZ
??1CVdsPnPNotificationBase@@QAE@XZ
??1CVdsStructuredExceptionTranslator@@QAE@XZ
??1CVdsUnlockIt@@QAE@XZ
??4?$CVdsHandleImpl@$0A@@@QAEPAXPAX@Z
??4?$CVdsHandleImpl@$0PPPPPPPP@@@QAEPAXPAX@Z
??4?$CVdsHeapPtr@D@@QAEPADPAD@Z
??4?$CVdsHeapPtr@G@@QAEPAGPAG@Z
??4?$CVdsHeapPtr@J@@QAEPAJPAJ@Z
??4?$CVdsHeapPtr@UFMIFS_DEF_FS_OUT@@@@QAEPAUFMIFS_DEF_FS_OUT@@PAU1@@Z
??4?$CVdsHeapPtr@U_AUCTION_THREAD_PARAMETER@@@@QAEPAU_AUCTION_THREAD_PARAMETER@@PAU1@@Z
??4?$CVdsHeapPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QAEPAU_FORMAT_VOLUME_THREAD_PARAMETER@@PAU1@@Z
??4?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINT@@@@QAEPAU_MOUNTMGR_MOUNT_POINT@@PAU1@@Z
??4?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QAEPAU_MOUNTMGR_MOUNT_POINTS@@PAU1@@Z
??4?$CVdsHeapPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QAEPAU_SHRINK_VOLUME_THREAD_PARAMETER@@PAU1@@Z
??8?$CVdsHandleImpl@$0A@@@QBE_NPAX@Z
??8?$CVdsHandleImpl@$0PPPPPPPP@@@QBE_NPAX@Z
??8?$CVdsPtr@D@@QBE_NPAD@Z
??8?$CVdsPtr@G@@QBE_NPAG@Z
??8?$CVdsPtr@J@@QBE_NPAJ@Z
??8?$CVdsPtr@UFMIFS_DEF_FS_OUT@@@@QBE_NPAUFMIFS_DEF_FS_OUT@@@Z
??8?$CVdsPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QBE_NPAU_FORMAT_VOLUME_THREAD_PARAMETER@@@Z
??8?$CVdsPtr@U_MOUNTMGR_MOUNT_POINT@@@@QBE_NPAU_MOUNTMGR_MOUNT_POINT@@@Z
??8?$CVdsPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QBE_NPAU_MOUNTMGR_MOUNT_POINTS@@@Z
??8?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QBE_NPAU_SHRINK_VOLUME_THREAD_PARAMETER@@@Z
??9?$CVdsHandleImpl@$0PPPPPPPP@@@QBE_NPAX@Z
??9?$CVdsPtr@G@@QBE_NPAG@Z
??9?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QBE_NPAU_AUCTION_THREAD_PARAMETER@@@Z
??9?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QBE_NPAU_DRIVE_LAYOUT_INFORMATION_EX@@@Z
??A?$CVdsPtr@G@@QAEAAGH@Z
??A?$CVdsPtr@J@@QAEAAJJ@Z
??A?$CVdsPtr@UFMIFS_DEF_FS_OUT@@@@QAEAAUFMIFS_DEF_FS_OUT@@K@Z
??B?$CVdsHandleImpl@$0A@@@QAEPAXXZ
??B?$CVdsHandleImpl@$0PPPPPPPP@@@QAEPAXXZ
??B?$CVdsPtr@G@@QBEPAGXZ
??B?$CVdsPtr@J@@QBEPAJXZ
??B?$CVdsPtr@UFMIFS_DEF_FS_OUT@@@@QBEPAUFMIFS_DEF_FS_OUT@@XZ
??B?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QBEPAU_AUCTION_THREAD_PARAMETER@@XZ
??B?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QBEPAU_CLEAN_DISK_HANDLER_PARAMETER@@XZ
??B?$CVdsPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QBEPAU_FORMAT_VOLUME_THREAD_PARAMETER@@XZ
??B?$CVdsPtr@U_MOUNTMGR_MOUNT_POINT@@@@QBEPAU_MOUNTMGR_MOUNT_POINT@@XZ
??B?$CVdsPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QBEPAU_MOUNTMGR_MOUNT_POINTS@@XZ
??B?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QBEPAU_SHRINK_VOLUME_THREAD_PARAMETER@@XZ
??B?$CVdsPtr@U_VDS_DRIVE_LAYOUT_INFORMATION_EX@@@@QBEPAU_VDS_DRIVE_LAYOUT_INFORMATION_EX@@XZ
??C?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QBEPAU_AUCTION_THREAD_PARAMETER@@XZ
??C?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QBEPAU_CLEAN_DISK_HANDLER_PARAMETER@@XZ
??C?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QBEPAU_DRIVE_LAYOUT_INFORMATION_EX@@XZ
??C?$CVdsPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QBEPAU_EXTEND_VOLUME_HANDLER_PARAMETER@@XZ
??C?$CVdsPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QBEPAU_FORMAT_VOLUME_THREAD_PARAMETER@@XZ
??C?$CVdsPtr@U_MOUNTMGR_MOUNT_POINT@@@@QBEPAU_MOUNTMGR_MOUNT_POINT@@XZ
??C?$CVdsPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QBEPAU_MOUNTMGR_MOUNT_POINTS@@XZ
??C?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QBEPAU_SHRINK_VOLUME_THREAD_PARAMETER@@XZ
??C?$CVdsPtr@U_VDS_DRIVE_LAYOUT_INFORMATION_EX@@@@QBEPAU_VDS_DRIVE_LAYOUT_INFORMATION_EX@@XZ
??I?$CVdsHandleImpl@$0PPPPPPPP@@@QAEPAPAXXZ
??I?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QAEPAPAU_DRIVE_LAYOUT_INFORMATION_EX@@XZ
??I?$CVdsPtr@U_VDS_DRIVE_LAYOUT_INFORMATION_EX@@@@QAEPAPAU_VDS_DRIVE_LAYOUT_INFORMATION_EX@@XZ
?AllowCancel@CVdsAsyncObjectBase@@QAEXXZ
?Attach@?$CVdsPtr@G@@QAEXPAG@Z
?Attach@?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QAEXPAU_CLEAN_DISK_HANDLER_PARAMETER@@@Z
?Attach@?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QAEXPAU_DRIVE_LAYOUT_INFORMATION_EX@@@Z
?Attach@?$CVdsPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QAEXPAU_EXTEND_VOLUME_HANDLER_PARAMETER@@@Z
?Attach@?$CVdsPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QAEXPAU_FORMAT_VOLUME_THREAD_PARAMETER@@@Z
?Attach@?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QAEXPAU_SHRINK_VOLUME_THREAD_PARAMETER@@@Z
?Close@?$CVdsHandleImpl@$0PPPPPPPP@@@QAEXXZ
?Detach@?$CVdsHandleImpl@$0A@@@QAEPAXXZ
?Detach@?$CVdsHandleImpl@$0PPPPPPPP@@@QAEPAXXZ
?Detach@?$CVdsPtr@G@@QAEPAGXZ
?Detach@?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QAEPAU_AUCTION_THREAD_PARAMETER@@XZ
?Detach@?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QAEPAU_CLEAN_DISK_HANDLER_PARAMETER@@XZ
?Detach@?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QAEPAU_DRIVE_LAYOUT_INFORMATION_EX@@XZ
?Detach@?$CVdsPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QAEPAU_FORMAT_VOLUME_THREAD_PARAMETER@@XZ
?Detach@?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QAEPAU_SHRINK_VOLUME_THREAD_PARAMETER@@XZ
?DisallowCancel@CVdsAsyncObjectBase@@QAEXXZ
?GetOutputType@CVdsAsyncObjectBase@@QAE?AW4_VDS_ASYNC_OUTPUT_TYPE@@XZ
?IsCancelRequested@CVdsAsyncObjectBase@@QAEHXZ
?SetOutput@CVdsAsyncObjectBase@@QAEXU_VDS_ASYNC_OUTPUT@@@Z
?SetOutputType@CVdsAsyncObjectBase@@QAEXW4_VDS_ASYNC_OUTPUT_TYPE@@@Z
?SetPositionToLast@CPrvEnumObject@@QAEXXZ
?ZeroAsyncOut@CVdsAsyncObjectBase@@QAEXXZ
?m_NoDebuggerLogging@CVdsDebugLog@@QAEHXZ
?m_TracingLogEnabled@CVdsDebugLog@@QAEHXZ

Sections

.text
Size: 361KB - Virtual size: 360KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rol
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

PDB Paths

Exports

Exports

Sections

.text Size: 361KB - Virtual size: 360KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 18KB - Virtual size: 17KB

.rol Size: 1KB - Virtual size: 4KB

.text
Size: 361KB - Virtual size: 360KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 18KB - Virtual size: 17KB

.rol
Size: 1KB - Virtual size: 4KB