cde94ba62d73e39489d23a4647ad6c87_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cde94ba62d73e39489d23a4647ad6c87_JaffaCakes118
Size

60KB
MD5

cde94ba62d73e39489d23a4647ad6c87
SHA1

120140d1a15c85d3ff2b3d03fe37b6c3222b93ce
SHA256

53c504c7c87c12849684b21162010a479e1c03483689e08ff27422d45d76e948
SHA512

ed6188992f94d46818c15c41b234a5d91af55e8666cfa3169310e8de185acba11e8fcecd5bc9ea2dc6fbf950d456c471cbbd5b7ee4852275fb5326e89173dd7a
SSDEEP

1536:jwP4zt7BOtMLh/s/SWSCJvzinfsGZRquZQtx9n4:jwgJtOehI7JaOB4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cde94ba62d73e39489d23a4647ad6c87_JaffaCakes118

Files

cde94ba62d73e39489d23a4647ad6c87_JaffaCakes118
.exe windows:5 windows x86 arch:x86

16b18321bdd5c4b755926306affe57a0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtLockFile
ZwAllocateVirtualMemory
ZwCreateJobSet
DbgUiStopDebugging
RtlAcquireResourceExclusive
NtReadRequestData
RtlLargeIntegerShiftLeft
RtlpNtOpenKey
RtlTimeToElapsedTimeFields
NtCreateThread
NtQueryVolumeInformationFile
RtlGetNtVersionNumbers
ZwMapUserPhysicalPages
RtlIsNameLegalDOS8Dot3
RtlQueryInformationActiveActivationContext
NtSetSecurityObject
NtMakePermanentObject
memcmp
wcsncpy
ZwSetBootOptions
NtCreateKey

query

??1CMemSerStream@@UAE@XZ
?AddRef@CEmptyPropertyList@@UAGKXZ
??1CCatalogAdmin@@QAE@XZ
??0CImpersonateRemoteAccess@@QAE@PAVCImpersonationTokenCache@@@Z
??0CDbQueryResults@@QAE@XZ
?SetProperty@CFullPropSpec@@QAEXK@Z
?SetLogonInfo@CScopeAdmin@@QAEXPBG0AAVCCatalogAdmin@@@Z
?ChangeCurrentMachine@CCatState@@QAEXPBG@Z
?GetProperties@CDbProperties@@UAGJKQBUtagDBPROPIDSET@@PAKPAPAUtagDBPROPSET@@@Z
?Add@CKeyArray@@QAEHHABVCKey@@@Z
_StopFWCiSvcWork@16
?GetLCIDFromString@@YGKPAG@Z
?Marshall@CDbPropSet@@QBEXAAVPSerStream@@@Z
?StopCI@CMachineAdmin@@QAEHXZ
?Lookup@CPropStoreInfo@@AAEIK@Z
?AddArg@CEventItem@@QAEXK@Z
??0CDbPropIDSet@@QAE@XZ
_LoadBHIFilter@16
??1CDbContentBaseRestriction@@QAE@XZ
?Resume@CProcess@@QAEXXZ
?Add@CDbSortSet@@QAEHABVCDbSortKey@@I@Z
?VT_VARIANT_GE@@YGHABUtagPROPVARIANT@@0@Z
?GetPropInfoFromName@CEmptyPropertyList@@UAGJPBGPAPAUtagDBID@@PAGPAI@Z
?SetValue@CPropertyRestriction@@QAEXPAU_GUID@@@Z
?OpenRecordForWrites@CPropStoreManager@@QAEPAVCCompositePropRecordForWrites@@KPAE@Z
?AccessCheck@CSdidLookupTable@@QAEHKPAXKAAH@Z
?ShrinkToFit@CPhysStorage@@QAEXXZ

rtutils

TraceGetConsoleA
TraceGetConsoleW
RouterLogDeregisterW
TracePrintfA
TraceDeregisterExA
TracePrintfExA
TraceDumpExW
RouterLogEventValistExW
TraceDumpExA
RouterLogRegisterW
LogEventA
MprSetupProtocolFree
TraceDeregisterA
TraceRegisterExA
TracePutsExA
RouterLogEventStringW
RouterLogEventDataA
RouterLogEventA
LogEventW
MprSetupProtocolEnum
LogErrorA
LogErrorW
TraceDeregisterExW
RouterLogEventExW
TraceDeregisterW
TracePutsExW
RouterLogEventW
RouterLogEventStringA
RouterGetErrorStringA

kernel32

GetTempFileNameW
GetConsoleAliasesLengthA
GetFileTime
GetConsoleOutputCP
Module32NextW
SetFirmwareEnvironmentVariableW
HeapCreate
GetVersion
AddConsoleAliasA
SetCommBreak
SetComputerNameExA
ReadConsoleInputExW
SetConsoleMode
CreateDirectoryW
SetEnvironmentVariableW
SetConsoleTitleA
GetConsoleInputWaitHandle
SetConsoleKeyShortcuts
FindFirstFileA
GetDriveTypeW
DelayLoadFailureHook
SetInformationJobObject
CreateDirectoryExW
CreateProcessA
VirtualAlloc
GetCalendarInfoA
GetStartupInfoA
LoadLibraryA
ExitVDM
GetConsoleAliasExesW
EnumUILanguagesA
LocalUnlock
FatalExit

setupapi

CM_Run_Detection
SetupDiGetClassBitmapIndex
CM_Get_Depth_Ex
CM_Create_DevNodeW
SetupDiGetHwProfileList
CM_Create_DevNode_ExW
SetupUninstallOEMInfA
SetupDiGetClassImageIndex
SetupQueueDeleteSectionW
pSetupGetCurrentDriverSigningPolicy
SetupGetFileQueueCount
SetupInstallFromInfSectionA
SetupPrepareQueueForRestoreW
pSetupSetQueueFlags
CM_Get_Device_ID_ListW
SetupQueueCopyA
SetupDiBuildClassInfoListExA
SetupAdjustDiskSpaceListW
SetupDiInstallClassW
CM_Get_Device_ID_Size
CM_Register_Device_InterfaceA
CM_Query_Remove_SubTree
pSetupStringTableLookUpString
SetupGetBinaryField
CM_Remove_SubTree
CM_Request_Eject_PC_Ex
pSetupStringTableLookUpStringEx
pSetupStringTableEnum
SetupDiBuildClassInfoList
pSetupStringTableInitializeEx

imgutil

DllCanUnloadNow
CreateMIMEMap
ComputeInvCMAP
DllGetClassObject
GetMaxMIMEIDBytes
CreateDDrawSurfaceOnDIB
IdentifyMIMEType
SniffStream
DecodeImage
DitherTo8

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

16b18321bdd5c4b755926306affe57a0

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

query

rtutils

kernel32

setupapi

imgutil

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 14KB - Virtual size: 102KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 292B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 14KB - Virtual size: 102KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 292B