cf4c454232d23b327714af88f6f802d5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cf4c454232d23b327714af88f6f802d5_JaffaCakes118
Size

100KB
MD5

cf4c454232d23b327714af88f6f802d5
SHA1

037ce6b8046f8e0365faa7d4800c158ab7612bd4
SHA256

be2aa0ffd61df2595fe5d6f7f37a0a4c94d7d834cf2893c87349a450b7ec0595
SHA512

1a1aaf3d1edebcd8e5064220ab51a7c047d54d993e4e24489f7ad80ce4762165bc2c5eb5878481c0a1eff7ee0aadeb5c51e7a2bb83b36d70767c282eaeb0144d
SSDEEP

1536:UCgsyND0L6Ipq+lm9XozOfdp4Po0cvoU/+VVutP2mPZ1xvN2g4Botb2km:UCgsE0L9pqGmCqfd/oU/+G7/P2g4BQZm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf4c454232d23b327714af88f6f802d5_JaffaCakes118

Files

cf4c454232d23b327714af88f6f802d5_JaffaCakes118
.exe windows:1 windows x86 arch:x86

9fa20039fc5abee6f2c1af233a636b72

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

pdh

PdhGetDefaultPerfObjectW
PdhMakeCounterPathA
PdhEnumObjectItemsHW
PdhOpenQueryH
PdhGetDataSourceTimeRangeH
PdhEnumMachinesA
PdhGetRawCounterArrayA
PdhRelogW
PdhVbGetDoubleCounterValue
PdhBindInputDataSourceA
PdhUpdateLogA
PdhGetCounterTimeBase
PdhParseCounterPathA
PdhOpenQueryW
PdhGetFormattedCounterValue
PdhExpandWildCardPathHA
PdhVbOpenQuery
PdhIsRealTimeQuery
PdhParseInstanceNameA
PdhCreateSQLTablesW
PdhSetQueryTimeRange
PdhAdd009CounterW
PdhBrowseCountersW
PdhOpenQueryA
PdhCloseLog
PdhVbGetOneCounterPath
PdhUpdateLogFileCatalog
PdhLookupPerfIndexByNameW
PdhGetDefaultPerfObjectA
PdhVbOpenLog
PdhTranslate009CounterA
PdhBrowseCountersHA
PdhAdd009CounterA
PdhSelectDataSourceW
PdhExpandCounterPathA
PdhGetDefaultPerfCounterHA
PdhExpandCounterPathW

iphlpapi

AddIPAddress
_PfRebindFilters@8
InternalCreateIpNetEntry
InternalGetIpNetTable
UnenableRouter
NTTimeToNTPTime
InternalDeleteIpForwardEntry
IcmpParseReplies
InternalGetUdpTable
InternalCreateIpForwardEntry
IpReleaseAddress
_PfTestPacket@20
_PfMakeLog@4
InternalSetIpForwardEntry
InternalGetIpForwardTable
DeleteProxyArpEntry
SendARP
GetInterfaceInfo
DeleteIpForwardEntry
FlushIpNetTable
GetIcmpStatistics
DeleteIPAddress
_PfGetInterfaceStatistics@16
CreateIpNetEntry
GetTcpStatisticsEx
GetIfTable
_PfDeleteInterface@4
_PfAddGlobalFilterToInterface@8
CreateIpForwardEntry
_PfUnBindInterface@4
GetIpForwardTable
InternalGetIfTable
SetIpStatistics
InternalGetTcpTable
InternalSetIpStats
NhGetInterfaceNameFromGuid
_PfDeleteLog@0
GetAdaptersAddresses
InternalSetIpNetEntry
GetIpAddrTable
IcmpSendEcho

kernel32

EnumSystemCodePagesA
OpenThread
GetDriveTypeW
DeleteFileA
GetStringTypeExW
Thread32Next
GetConsoleNlsMode
CreateFileA
GetFileInformationByHandle
GetPrivateProfileStructA
CreateToolhelp32Snapshot
GetProcessHeaps
lstrcmpA
GetUserDefaultLCID
GetDefaultCommConfigW
DeleteVolumeMountPointW
LZCopy
GetExitCodeProcess
VirtualAlloc
GetFileSize
FindFirstVolumeW
CompareStringW
CreateEventA
GetModuleHandleA
CreateDirectoryExW
LZDone
LocalAlloc
GlobalDeleteAtom
SetThreadUILanguage
SetThreadExecutionState
GetCurrentThread
Process32Next
GetNamedPipeHandleStateA
UnmapViewOfFile
DeactivateActCtx
DeleteTimerQueueEx
SetLocalPrimaryComputerNameA
SetConsoleNumberOfCommandsW
LoadLibraryA
CopyLZFile
OpenFile
SystemTimeToTzSpecificLocalTime
GetComputerNameExW
WriteConsoleInputVDMA

msorcl32

SQLParamData
SQLSpecialColumns
SQLGetCursorName
SQLSetCursorName
SQLForeignKeys
SQLGetTypeInfo
SQLFreeEnv
SQLAllocConnect
SQLCancel
SQLAllocStmt
SQLBindParameter
SQLBindCol
SQLFetch
SQLProcedures
SQLPutData
SQLNumParams
SQLBrowseConnect
SQLSetConnectOption
SQLGetInfo
SQLError
SQLSetPos
SQLDescribeCol
SQLNumResultCols
SQLDisconnect
LoadByOrdinal
ConfigDSN
SQLConnect
SQLTransact
SQLExtendedFetch
SQLGetStmtOption
SQLFreeConnect

mprapi

MprConfigGetFriendlyName
MprAdminPortDisconnect
MprConfigServerRestore
MprPortSetUsage
MprAdminIsDomainRasServer
MprConfigInterfaceTransportSetInfo
MprAdminInterfaceEnum
MprConfigBufferFree
MprAdminServerDisconnect
MprConfigServerBackup
MprAdminSendUserMessage
MprInfoRemoveAll
MprAdminEstablishDomainRasServer
MprAdminUserReadProfFlags
MprAdminInterfaceTransportSetInfo
MprAdminPortEnum
MprAdminInterfaceUpdatePhonebookInfo
MprAdminInterfaceGetHandle
MprConfigInterfaceGetHandle
MprConfigInterfaceSetInfo
MprConfigInterfaceTransportAdd
MprAdminInterfaceSetCredentialsEx
MprAdminMIBServerConnect
MprAdminConnectionClearStats
MprAdminPortGetInfo
MprInfoDelete
MprConfigServerRefresh
MprAdminInterfaceUpdateRoutes
MprConfigTransportGetInfo
MprConfigInterfaceEnum
MprConfigInterfaceTransportRemove
MprInfoBlockAdd
MprAdminUserGetInfo
MprAdminUserSetInfo
MprAdminInterfaceSetCredentials
MprAdminMIBEntryCreate
MprAdminGetErrorString
MprConfigInterfaceCreate
MprAdminTransportGetInfo
MprConfigServerInstall
CompressPhoneNumber
MprAdminBufferFree
MprAdminInterfaceGetCredentials
MprInfoBlockSet
MprAdminMIBEntryGetFirst

ncobjapi

WmiCreateObject
WmiDestroyObject
WmiCreateObjectWithProps
WmiAddObjectProp
WmiCreateObjectWithFormat
WmiEventSourceConnect
WmiIsObjectActive
WmiEventSourceDisconnect
WmiSetAndCommitObject
WmiCommitObject

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9fa20039fc5abee6f2c1af233a636b72

Headers

File Characteristics

Imports

pdh

iphlpapi

kernel32

msorcl32

mprapi

ncobjapi

Sections

.text Size: 45KB - Virtual size: 44KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 34KB - Virtual size: 197KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 936B

.text
Size: 45KB - Virtual size: 44KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 34KB - Virtual size: 197KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 936B