c8424baefccef7c3be123554f54e47e1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c8424baefccef7c3be123554f54e47e1_JaffaCakes118
Size

861KB
MD5

c8424baefccef7c3be123554f54e47e1
SHA1

f9a6656aa6c25a8a1014604590081cdb22c612ef
SHA256

1f6c51782398bbec2079c2277fa91c86f497a2d52c6671ef87ff058791123dde
SHA512

178c6dbad2b8f1e9cf02098bc2101489f32de734dbcc53c58f1048352d89a52d8d23b66682f3eaeab06a00033836885ec649c4d26d42ac8f37f2d74651e2795f
SSDEEP

24576:xcsgEnR2a9f+saKrzCndGU1AoYczJ7G4uQTjEZtsg0Y:KsgEhwIKnP8IJLBTjLb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8424baefccef7c3be123554f54e47e1_JaffaCakes118

Files

c8424baefccef7c3be123554f54e47e1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e3a18e9ad803c7445b1325292963ffe8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

CM_Query_Arbitrator_Free_Data
CM_Unregister_Device_Interface_ExA
CM_Set_HW_Prof
SetupDiGetDeviceInfoListDetailW
CM_Get_Resource_Conflict_DetailsW
CM_Get_Device_ID_List_Size_ExA
pSetupMultiByteToUnicode
SetupGetSourceFileSizeA
pSetupUnmapAndCloseFile
CM_Connect_MachineA
SetupDiSelectDevice
pSetupIsUserAdmin
pSetupGetQueueFlags
CM_Setup_DevNode
CM_Get_HW_Prof_Flags_ExA
CM_Delete_DevNode_Key_Ex
SetupRenameErrorW
SetupDiBuildClassInfoListExW
SetupDiOpenClassRegKeyExW
SetupDiOpenDeviceInfoW
CM_Get_Depth_Ex
InstallHinfSectionA
SetupPrepareQueueForRestoreA
SetupQuerySourceListW
CM_Get_Device_Interface_List_Size_ExA
CM_Get_Sibling
CM_Query_Remove_SubTree_Ex
CM_Get_Device_Interface_List_SizeA
CM_Uninstall_DevNode_Ex
CM_Get_Res_Des_Data
CM_Register_Device_Interface_ExW

resutils

ResUtilFindBinaryProperty
ResUtilGetResourceDependentIPAddressProps
ResUtilStopResourceService
ResUtilGetAllProperties
ResUtilGetSzValue
ResUtilGetPropertiesToParameterBlock
ResUtilSetExpandSzValue
ResUtilSetPropertyTable
ResUtilVerifyService
ResUtilGetSzProperty
ResUtilGetDwordProperty
ResUtilStopService
ClusWorkerTerminate
ResUtilGetResourceDependencyByClass
ResUtilGetCoreClusterResources
ResUtilEnumProperties
ResUtilSetPropertyTableEx
ClusWorkerStart
ResUtilFreeEnvironment
ResUtilEnumResourcesEx
ResUtilIsPathValid
ResUtilPropertyListFromParameterBlock
ResUtilIsResourceClassEqual
ResUtilCreateDirectoryTree
ResUtilSetPropertyParameterBlock
ResUtilFindExpandedSzProperty
ResUtilFindDependentDiskResourceDriveLetter
ResUtilDupString
ResUtilEnumPrivateProperties
ResUtilVerifyPrivatePropertyList
ResUtilGetDwordValue
ResUtilFindSzProperty
ResUtilAddUnknownProperties
ResUtilSetDwordValue
ResUtilDupParameterBlock
ResUtilGetResourceDependency
ResUtilSetPropertyParameterBlockEx
ResUtilFindMultiSzProperty
ResUtilVerifyResourceService
ResUtilGetMultiSzProperty
ResUtilTerminateServiceProcessFromResDll
ResUtilResourcesEqual

polstore

IPSecFreeNegPolData
IPSecFreeMulISAKMPData
IPSecFreeFilterData
IPSecFreePolicyData
IPSecFreeNFAData
IPSecCreateISAKMPData
IPSecClosePolicyStore
IPSecFreeISAKMPData
IPSecSetNFAData
IPSecCreateNFAData
IPSecIsDomainPolicyAssigned
IPSecEnumFilterData
IPSecCreateFilterData
IPSecEnumNFAData
IPSecGetISAKMPData
IPSecGetAssignedPolicyData
IPSecFreeMulNegPolData
IPSecEnumNegPolData
IPSecAllocPolStr
IPSecCopyAuthMethod
IPSecGetNegPolData
IPSecAllocPolMem
IPSecCopyPolicyData
IPSecFreePolStr
IPSecCreatePolicyData
IPSecCopyISAKMPData
IPSecSetPolicyData
IPSecDeleteNFAData
IPSecDeleteFilterData
IPSecFreeMulNFAData
IPSecSetISAKMPData
IPSecFreeMulFilterData
IPSecExportPolicies
IPSecCreateNegPolData
IPSecAssignPolicy
IPSecGetFilterData
IPSecEnumISAKMPData
IPSecCopyFilterSpec
IPSecCopyNegPolData
IPSecEnumPolicyData

kernel32

IsDBCSLeadByteEx
MoveFileWithProgressW
GetConsoleAliasesLengthA
GetFileAttributesW
GetConsoleAliasExesLengthA
SetConsoleWindowInfo
GetTempFileNameA
VirtualAlloc
EnumSystemCodePagesA
ResumeThread
GetFileAttributesA
lstrcatA
CreateProcessInternalA
UTRegister
VerifyVersionInfoA
LoadLibraryA
TlsAlloc
CreateThread
BuildCommDCBAndTimeoutsA
GetTickCount
ConvertDefaultLocale
GlobalUnWire
PrepareTape
OpenMutexA
SetConsoleCursor
ReleaseSemaphore
EnumTimeFormatsA
GetConsoleFontSize
PeekConsoleInputA
GlobalFindAtomA
DeleteTimerQueueTimer
LZCreateFileW
GetBinaryType
RtlCaptureStackBackTrace
SetTapePosition
EnumResourceTypesA
HeapAlloc
CreateRemoteThread
lstrcat
FindResourceA
GetCurrentDirectoryA
GetConsoleScreenBufferInfo
DebugBreak
GetNamedPipeHandleStateA
CreateSemaphoreW
ReadConsoleInputW
HeapUnlock
GetCommandLineA
SetClientTimeZoneInformation
GlobalFlags
ReadProcessMemory
TlsGetValue
GetGeoInfoW
SetWaitableTimer
CreateTimerQueue
CallNamedPipeW
GlobalWire
CommConfigDialogA
GetConsoleInputWaitHandle
FreeLibrary
RequestDeviceWakeup
GetConsoleCharType
InitializeCriticalSection
GetConsoleAliasesW
FindResourceW
ReadConsoleOutputAttribute
SetThreadIdealProcessor
EnumCalendarInfoW

msvcirt

?get@istream@@QAEAAV1@PAEHD@Z
?pbackfail@stdiobuf@@UAEHH@Z
??_8ostream@@7B@
?setf@ios@@QAEJJ@Z
??1ostream_withassign@@UAE@XZ
??_7filebuf@@6B@
??1ostrstream@@UAE@XZ
?x_maxbit@ios@@0JA
?clear@ios@@QAEXH@Z
?rdbuf@ios@@QBEPAVstreambuf@@XZ
?clrlock@streambuf@@QAEXXZ
??0Iostream_init@@QAE@AAVios@@H@Z
?unlock@streambuf@@QAEXXZ
??_Dfstream@@QAEXXZ
??_Eios@@UAEPAXI@Z
?gptr@streambuf@@IBEPADXZ
??1ostream@@UAE@XZ
??0strstream@@QAE@PADHH@Z
??_Eostream@@UAEPAXI@Z
?seekpos@streambuf@@UAEJJH@Z
??0streambuf@@IAE@PADH@Z
??0exception@@QAE@ABV0@@Z
?tie@ios@@QAEPAVostream@@PAV2@@Z
?flush@ostream@@QAEAAV1@XZ
?rdbuf@ofstream@@QBEPAVfilebuf@@XZ
??4Iostream_init@@QAEAAV0@ABV0@@Z
??_Dostrstream@@QAEXXZ
??0streambuf@@IAE@XZ
??1strstreambuf@@UAE@XZ
??_Estdiobuf@@UAEPAXI@Z
?freeze@strstreambuf@@QAEXH@Z

Sections

.text
Size: 365KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 305KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3a18e9ad803c7445b1325292963ffe8

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

resutils

polstore

kernel32

msvcirt

Sections

.text Size: 365KB - Virtual size: 365KB

.rdata Size: 188KB - Virtual size: 188KB

.data Size: 305KB - Virtual size: 1.8MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 365KB - Virtual size: 365KB

.rdata
Size: 188KB - Virtual size: 188KB

.data
Size: 305KB - Virtual size: 1.8MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B