cfcb694bb597e98c21c7a5e146deea63_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

cfcb694bb597e98c21c7a5e146deea63_JaffaCakes118
Size

867KB
MD5

cfcb694bb597e98c21c7a5e146deea63
SHA1

271dc803ed863cd6671b31ea70ec0c27c07b190d
SHA256

fb8a30af094d8997722ebf721194f8e503fba745be2c6edba53af025683b4251
SHA512

1ac85a94df9bb8722e2c7c8070723c6ac39e29e33eb1326b9b323ee552544823031dfd50ac5d9b7abbcfbf3080f0ee178aeb98829cd78e72a4d6acfbdcb04077
SSDEEP

24576:u7FZAHpzn3RLHH+fseyoMh6xzvisQqU3AnWAyrhARhIaxfiKE:uspznFn+k0tviFBxARh5iKE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cfcb694bb597e98c21c7a5e146deea63_JaffaCakes118

Files

cfcb694bb597e98c21c7a5e146deea63_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b0d7fd55bcb6515c458a9104f419e68d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumLanguageGroupLocalesW
CreateHardLinkA
GetConsoleAliasesW
HeapCreate
EnumSystemLocalesA
MoveFileExW
GetPrivateProfileStructA
FatalExit
FreeLibraryAndExitThread
GetVolumePathNamesForVolumeNameW
FormatMessageW
ResetEvent
OutputDebugStringA
LocalAlloc
GetBinaryTypeA
ReadConsoleInputW
GetNamedPipeInfo
EnumResourceTypesW
InitializeSListHead
VirtualQueryEx
SetCommMask
DisconnectNamedPipe
WriteConsoleInputVDMA
FlushViewOfFile
OpenMutexA
GetDriveTypeA
LocalShrink
FillConsoleOutputCharacterA
GetStartupInfoW
GetConsoleAliasesLengthW
SetConsoleHardwareState
TlsSetValue
BaseCleanupAppcompatCacheSupport
GetProcessVersion
SetCalendarInfoA
FindFirstVolumeMountPointA
WaitCommEvent
QueryPerformanceCounter
ExpungeConsoleCommandHistoryA
GetConsoleAliasA
RegisterConsoleOS2
IsValidCodePage
GlobalReAlloc
GetNumberOfConsoleMouseButtons
LoadLibraryA
GetModuleFileNameW
_lwrite
CreateMailslotA
VirtualAlloc

iphlpapi

InternalSetIpForwardEntry
_PfBindInterfaceToIndex@16
EnableRouter
DeleteIpForwardEntry
SetIpNetEntry
_PfRemoveGlobalFilterFromInterface@8
RestoreMediaSense
GetPerAdapterInfo
GetAdapterIndex
SetIpTTL
IcmpSendEcho2
GetIfEntry
NotifyAddrChange
FlushIpNetTable
NhpAllocateAndGetInterfaceInfoFromStack
DeleteIPAddress
NTTimeToNTPTime
GetIpStatistics
GetUdpStatistics
GetTcpStatistics
GetUdpTable
InternalDeleteIpForwardEntry
IcmpParseReplies
InternalGetIpAddrTable
GetAdapterOrderMap
InternalGetIpNetTable
InternalGetTcpTable
GetUniDirectionalAdapterInfo
IcmpCloseHandle
_PfCreateInterface@24
NhGetGuidFromInterfaceName
GetIpErrorString
AddIPAddress
InternalSetIpStats
IpReleaseAddress

userenv

ForceSyncFgPolicy
RsopResetPolicySettingStatus
GetUserProfileDirectoryW
GetPreviousFgPolicyRefreshInfo
GetProfileType
RsopAccessCheckByType
GetAppliedGPOListW
GetGPOListA
RsopLoggingEnabled
FreeGPOListW
ExpandEnvironmentStringsForUserW
DestroyEnvironmentBlock
GetAllUsersProfileDirectoryW
GetProfilesDirectoryW
RefreshPolicy
ProcessGroupPolicyCompleted
RsopFileAccessCheck
RsopSetPolicySettingStatus
UnloadUserProfile
GetProfilesDirectoryA
LeaveCriticalPolicySection
GetAllUsersProfileDirectoryA
DeleteProfileA
CreateEnvironmentBlock
GetDefaultUserProfileDirectoryW
ExpandEnvironmentStringsForUserA
FreeGPOListA
DeleteProfileW
DllGetClassObject
LoadUserProfileA

rtm

RtmGetNextHopPointer
RtmIsBestRoute
RtmGetNetworkCount
DeleteFromTable
RtmBlockMethods
MgmGetFirstMfe
RtmHoldDestination
RtmGetChangeStatus
MgmGroupEnumerationGetNext
NextMatchInTable
CreateTable
RtmGetEnumDests
RtmReadInstanceConfig
RtmGetOpaqueInformationPointer
RtmCloseEnumerationHandle
RtmGetExactMatchDestination
RtmDeleteEnumHandle
RtmMarkDestForChangeNotification
MgmDeRegisterMProtocol
RtmRegisterEntity
RtmDeregisterEntity
RtmIsMarkedForChangeNotification
CheckTable
RtmGetInstances
RtmCreateNextHopEnum
RtmDeleteRouteTable
MgmTakeInterfaceOwnership
MgmReleaseInterfaceOwnership
RtmWriteInstanceConfig
EnumOverTable
RtmGetRoutePointer
RtmGetListEnumRoutes
RtmGetNextRoute
RtmInsertInRouteList

query

??1CDbColumns@@QAE@XZ
??0CCiRegParams@@QAE@PBG@Z
?ReadProperty@CPropStoreManager@@QAEHKKAAUtagPROPVARIANT@@PAEPAI@Z
?InitializeForWrite@CDynStream@@QAEXK@Z
CIState
?EndTransaction@CPropStoreManager@@QAEXKHKK@Z
?PutWString@@YGXAAVPSerStream@@PBG@Z
?ReleaseWorkThreads@CWorkQueue@@QAEXXZ
?ParseOneLine@CPropertyList@@SGXAAVCQueryScanner@@HAAV?$XPtr@VCPropEntry@@@@@Z
?MinPageInUse@CPhysStorage@@QAEHAAK@Z
?GetPropertyInfo@CDbProperties@@UAGJKQBUtagDBPROPIDSET@@PAKPAPAUtagDBPROPINFOSET@@PAPAG@Z
?GetBackupSize@CPropStoreManager@@QAEKK@Z
?PutMinValue@CValueNormalizer@@QAEXKAAKW4VARENUM@@@Z
??0CPropertyStoreWids@@QAE@AAVCPropStoreManager@@@Z
?ciDelete@@YGXPAX@Z
??1CRangeKeyRepository@@UAE@XZ
??0CPerfMon@@QAE@PBG@Z
?NotifyWriteRead@CRequestClient@@QAEHPAX0K0KAAK@Z
?SetI2@CStorageVariant@@QAEXFI@Z
?SkipChar@CMemDeSerStream@@UAEXK@Z
??1CCatalogAdmin@@QAE@XZ
?GrowBuffer@CVirtualString@@AAEXK@Z
?SetValue@CPropertyRestriction@@QAEXPAU_GUID@@@Z
??1CWin32RegAccess@@QAE@XZ
?AddArg@CEventItem@@QAEXK@Z
?SetProperties@CDbProperties@@UAGJKQAUtagDBPROPSET@@@Z
?Add@CWorkQueue@@QAEXPAVPWorkItem@@@Z
?GetStartupData@CGenericCiProxy@@QAEPBEAAU_GUID@@AAK@Z
?AcceptWord@CQueryScanner@@QAEXXZ
?Clone@CDbCmdTreeNode@@QBEPAV1@H@Z
??1CMachineAdmin@@QAE@XZ
?SetR4@CStorageVariant@@QAEXMI@Z
?QueryInterface@CDbProperties@@UAGJABU_GUID@@PAPAX@Z
?Get@CWin32RegAccess@@QAEHPBGPAGIH@Z

usp10

ScriptFreeCache
ScriptString_pSize
ScriptStringCPtoX
ScriptStringFree
ScriptIsComplex
ScriptGetProperties
ScriptStringValidate
ScriptGetGlyphABCWidth
ScriptTextOut
ScriptShape
ScriptString_pLogAttr
LpkPresent
ScriptApplyLogicalWidth
ScriptStringOut
ScriptGetFontProperties
ScriptRecordDigitSubstitution
UspAllocTemp
ScriptGetLogicalWidths
ScriptJustify
ScriptGetCMap
ScriptCPtoX
ScriptBreak
ScriptCacheGetHeight
ScriptApplyDigitSubstitution
ScriptXtoCP
ScriptItemize
ScriptLayout
ScriptStringGetLogicalWidths
UspAllocCache
UspFreeMem
ScriptString_pcOutChars
ScriptStringAnalyse
ScriptStringGetOrder
ScriptStringXtoCP
ScriptPlace

Sections

.text
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 329KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 362KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b0d7fd55bcb6515c458a9104f419e68d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

iphlpapi

userenv

rtm

query

usp10

Sections

.text Size: 172KB - Virtual size: 172KB

.rdata Size: 329KB - Virtual size: 329KB

.data Size: 362KB - Virtual size: 1.8MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 172KB - Virtual size: 172KB

.rdata
Size: 329KB - Virtual size: 329KB

.data
Size: 362KB - Virtual size: 1.8MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B