cfb486760d57d10c15b5f61aa26cb632_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cfb486760d57d10c15b5f61aa26cb632_JaffaCakes118
Size

857KB
MD5

cfb486760d57d10c15b5f61aa26cb632
SHA1

4f11dd3f7a8e5a3d8bef6342feb8c927012ae708
SHA256

523be4630d8585f4ab947798eb10ff9ea0af1179215defcf82edb3b25c37590e
SHA512

053512178ab64d93136befc22c4d52e867f59e24f4fe50ca7e27aa4148a0784aebc02f0622e93bcb00b1f30ffa159851bf446b66b8b1adcbd148457d7e7581e6
SSDEEP

24576:ZMI9WqHn6uksYJ1r3xRc8qH26zoEoIgoGV2xvxz2T:SI9Wk6ueJ2HW6EEoiM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cfb486760d57d10c15b5f61aa26cb632_JaffaCakes118

Files

cfb486760d57d10c15b5f61aa26cb632_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ff739386690bfa9ff949f7937c105fb7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsGetValue
GetConsoleCommandHistoryLengthA
LZOpenFileA
SetFileShortNameW
PrivMoveFileIdentityW
MapViewOfFileEx
FlushViewOfFile
OpenEventW
_hwrite
SetFileValidData
ReadProcessMemory
DeleteFileA
RemoveDirectoryA
SetCalendarInfoW
SetUserGeoID
CreateDirectoryA
SetProcessWorkingSetSize
ConvertThreadToFiber
GetUserGeoID
GetProcessAffinityMask
SetConsoleNumberOfCommandsA
GetConsoleMode
EnumSystemLocalesA
SetThreadContext
GetProcessIoCounters
WriteTapemark
GetConsoleInputExeNameW
lstrcpynW
LoadLibraryA
FreeConsole
WideCharToMultiByte
ReleaseActCtx
MultiByteToWideChar
GetPrivateProfileSectionA
GlobalAlloc
ShowConsoleCursor
BuildCommDCBAndTimeoutsA
FillConsoleOutputAttribute
GetComputerNameExW
UpdateResourceA
GetACP
WriteConsoleOutputCharacterW
ExpungeConsoleCommandHistoryW
Thread32First
QueueUserWorkItem
DeviceIoControl
EnumSystemLanguageGroupsW
SetCommState
GetModuleHandleExW
SystemTimeToTzSpecificLocalTime
SetConsoleCP
ReadFileEx
MapUserPhysicalPages
InterlockedExchange
VirtualAlloc
GetCompressedFileSizeA
BackupRead
GetModuleHandleExA
WriteProfileStringA
InterlockedPushEntrySList
GetComputerNameExA
GetOEMCP
GetLocaleInfoW
GetFirmwareEnvironmentVariableA

netapi32

NetpIsRemote
I_NetLogonSamLogonEx
NetReplImportDirDel
NetRemoteComputerSupports
NetUserSetGroups
NetWkstaUserGetInfo
NetGroupSetUsers
NetAuditRead
NetDfsEnum
NetWkstaTransportEnum
NetpwPathCompare
NetpNetBiosStatusToApiStatus
NetMessageNameAdd
NetpGetConfigValue
NetUserModalsGet
NetMessageNameGetInfo
NetGroupAdd
NetDfsManagerGetConfigInfo
NetShareEnumSticky
NetpwPathType
DsGetDcCloseW
NetGetDCName
RxNetAccessGetUserPerms
RxNetAccessSetInfo
NetpInitFtinfoContext
NetReplImportDirLock
I_NetServerPasswordSet2
NetGroupEnum
DsEnumerateDomainTrustsA
I_BrowserSetNetlogonState
NetReplExportDirGetInfo
I_NetDatabaseSync2
NetpCopyFtinfoContext
NetpwNameCompare
I_NetDatabaseSync
I_NetServerReqChallenge
NetpwPathCanonicalize
NetRenameMachineInDomain
RxNetAccessAdd
I_NetLogonControl
NetFileClose
NetDfsRemoveFtRootForced
NetDfsRemove
NetLocalGroupGetMembers
NetValidateName
NetScheduleJobAdd
I_NetServerPasswordSet
DsRoleGetDcOperationProgress
I_NetLogonSendToSam
NetUserGetGroups
NetServerTransportAddEx
NetServiceEnum
NetDfsManagerInitialize
RxNetAccessEnum
I_NetLogonControl2
I_BrowserQueryEmulatedDomains
NetAlertRaiseEx
NetReplImportDirEnum
I_NetLogonSamLogoff
I_BrowserServerEnum
NetConfigGetAll
NetDfsGetInfo
NetUnjoinDomain
DsGetSiteNameA
NetDfsGetClientInfo
I_BrowserDebugTrace
NetUseAdd
I_BrowserDebugCall
NetApiBufferAllocate
DsRoleDcAsDc
NetReplExportDirAdd
I_NetLogonSamLogon
NetLocalGroupDelMember
NetAddAlternateComputerName

odbccp32

SQLInstallTranslator
SQLPostInstallerError
SQLRemoveDriverManager
SQLGetConfigMode
SQLWritePrivateProfileStringW
SQLValidDSNW
SQLWriteFileDSN
SQLGetInstalledDriversW
SQLInstallTranslatorEx
SQLInstallDriverManagerW
SQLReadFileDSN
SQLReadFileDSNW
SQLInstallDriverEx
SQLRemoveDefaultDataSource
SQLGetInstalledDrivers
SQLInstallDriver
SQLWriteDSNToIni
SQLRemoveDriverW
SQLConfigDataSource
SQLValidDSN
SQLRemoveTranslatorW
SQLPostInstallerErrorW
SQLGetPrivateProfileString
SQLGetAvailableDrivers
SQLRemoveDriver
SQLInstallODBCW
SQLGetTranslatorW
SQLWriteFileDSNW
SQLInstallTranslatorExW
SQLWritePrivateProfileString
SQLLoadDriverListBox
SQLManageDataSources
SQLCreateDataSourceEx

ufat

?Read@EA_SET@@UAEEXZ
??1FILEDIR@@UAE@XZ
??1REAL_FAT_SA@@UAE@XZ
??0ROOTDIR@@QAE@XZ
?Index12@FAT@@ABEKK@Z
?Read@CLUSTER_CHAIN@@UAEEXZ
?QueryAllocatedClusters@FAT@@QBEKXZ
?Set12@FAT@@AAEXKK@Z
?Initialize@ROOTDIR@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@KJ@Z
?QueryLastWriteTime@FAT_DIRENT@@QBEEPAT_LARGE_INTEGER@@@Z
Chkdsk
??1FAT_DIRENT@@UAE@XZ
??0EA_SET@@QAE@XZ
?QueryLastAccessTime@FAT_DIRENT@@QBEEPAT_LARGE_INTEGER@@@Z
?Read@REAL_FAT_SA@@UAEEPAVMESSAGE@@@Z
?Initialize@FILEDIR@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@K@Z
Format
??0FAT_DIRENT@@QAE@XZ
FormatEx
?IsValidCreationTime@FAT_DIRENT@@QBEEXZ
??0CLUSTER_CHAIN@@QAE@XZ
??0FAT_SA@@QAE@XZ
?QueryNthCluster@FAT@@QBEKKK@Z
?IsValidLastWriteTime@FAT_DIRENT@@QBEEXZ
?QueryLengthOfChain@FAT@@QBEKKPAK@Z
?SearchForDirEntry@FATDIR@@QAEPAXPBVWSTRING@@@Z
?GetEa@EA_SET@@QAEPAU_EA@@KPAJPAE@Z
?QueryEaSetClusterNumber@EA_HEADER@@QBEGG@Z
??1ROOTDIR@@UAE@XZ
?FreeChain@FAT@@QAEXK@Z
?QueryName@FAT_DIRENT@@QBEEPAVWSTRING@@@Z
??0FILEDIR@@QAE@XZ
?Initialize@EA_SET@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z
??1FAT_SA@@UAE@XZ
??0EA_HEADER@@QAE@XZ

Sections

.text
Size: 378KB - Virtual size: 378KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 354KB - Virtual size: 354KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 122KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff739386690bfa9ff949f7937c105fb7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

netapi32

odbccp32

ufat

Sections

.text Size: 378KB - Virtual size: 378KB

.rdata Size: 354KB - Virtual size: 354KB

.data Size: 122KB - Virtual size: 1.5MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 378KB - Virtual size: 378KB

.rdata
Size: 354KB - Virtual size: 354KB

.data
Size: 122KB - Virtual size: 1.5MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B