d6265166e1170913e7856d31a100047e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d6265166e1170913e7856d31a100047e_JaffaCakes118
Size

27KB
MD5

d6265166e1170913e7856d31a100047e
SHA1

330d7459516d37c75fe40a2eb69108d29767be87
SHA256

722217b4df4bbf7438a414d1ba72b22dc4d62567ad237a34d79e74756bc42bc8
SHA512

0abd4f9f5d3adb7a8cc5595a631516d203240814a8ebd6a09a1bece684499b4c325f657695ca1c35d80343aeb6a546dc71d33e8011ff0c2dcfa20c64abd99419
SSDEEP

384:8IxmX4rufgVeFwRMdnlXzF+Ze5H0+vlwioieVC27uG4uFctCFHj4GZt03rF632Ao:FUhfgVxclb5nlwioisChG6Y/ZtKp632

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6265166e1170913e7856d31a100047e_JaffaCakes118

Files

d6265166e1170913e7856d31a100047e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

17ae1c7735010811aa3c7c4074e83f86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

CM_Locate_DevNodeW
CM_Get_Device_ID_Size
SetupDiGetClassInstallParamsW
CM_Get_Class_Key_Name_ExA
SetupDiRegisterDeviceInfo
SetupDiGetActualSectionToInstallA
pSetupVerifyQueuedCatalogs
SetupRenameErrorW
SetupInstallFromInfSectionA
SetupDiGetClassImageIndex
CM_Is_Dock_Station_Present_Ex
SetupFindNextMatchLineW
CM_Enumerate_Enumerators_ExW
CM_Get_Device_Interface_List_ExA
SetupQueueDeleteSectionW
SetupDiCreateDeviceInterfaceRegKeyW
pSetupEnablePrivilege
SetupDiGetDriverInfoDetailA
SetupSetSourceListA
CM_Get_Device_Interface_ListA
SetupFreeSourceListW
pSetupIsUserAdmin
CM_Delete_DevNode_Key_Ex
CM_Get_DevNode_Custom_Property_ExW
SetupQueryDrivesInDiskSpaceListW
SetupDiGetClassDevPropertySheetsA
CM_Setup_DevNode
SetupQueryInfVersionInformationW
SetupEnumInfSectionsW
pSetupMalloc
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsExA
CM_Request_Eject_PC_Ex
SetupDiDestroyDriverInfoList
SetupDiGetHwProfileFriendlyNameExW
SetupSetPlatformPathOverrideW
pSetupSetArrayToMultiSzValue
CM_Get_Sibling_Ex
CM_First_Range
SetupOpenAppendInfFileW
SetupDiGetClassRegistryPropertyW
CM_Get_Device_ID_List_Size_ExA

opengl32

glColor3fv
glRasterPos4dv
glIndexub
glCopyTexImage2D
glRectfv
glTexCoord4d
glGetPixelMapuiv
glEvalPoint1
glPolygonOffset
glCopyTexSubImage2D
glDepthFunc
glEvalCoord2f
glColor3uiv
glRasterPos2dv
glGetLightfv
glRasterPos2fv
glCopyTexImage1D
glVertexPointer
glTexCoord1sv
glVertex2s
glGetPixelMapfv
wglCreateContext
glEvalMesh1
glTexImage2D
glBegin
wglDeleteContext
glTexEnvf
glRectdv
glColor4uiv
glRotatef
glEdgeFlag
glGetIntegerv
glLineStipple
glVertex4fv
glGetError
glPushMatrix
glMatrixMode
glVertex2d
wglUseFontOutlinesA
glRenderMode
wglSwapMultipleBuffers
glLightModelf
glIndexubv
glRotated
glTexCoord3sv
glEvalCoord2dv
glMapGrid1f
glRasterPos3s
glNewList
glLoadIdentity
glEdgeFlagPointer
glGetTexImage
glMap1d
glColor4sv
glGetTexLevelParameterfv
glVertex4f
glNormalPointer
glVertex2f
glNormal3d
glVertex3f
glGetFloatv
glColor4iv
GlmfPlayGlsRecord
glIndexMask
glRasterPos3d
glInterleavedArrays
glFinish
glStencilFunc
wglUseFontBitmapsA
wglDescribeLayerPlane
glColor3iv
glScalef
glTexCoord4s
glHint
glRasterPos3fv
glEnableClientState
glRasterPos4iv

kernel32

GetExitCodeThread
UnhandledExceptionFilter
ActivateActCtx
ReleaseActCtx
SetConsoleTitleW
FormatMessageW
PurgeComm
OpenFile
GetConsoleNlsMode
WriteConsoleInputA
GetProfileStringA
VirtualAlloc
GetSystemWow64DirectoryW
DebugBreak
GetPrivateProfileStructW
SetInformationJobObject
DebugSetProcessKillOnExit
OpenJobObjectW
lstrcatA
Sleep
SetCommConfig
GetNumberFormatA
SetConsoleNumberOfCommandsA
Beep
SetLocaleInfoW
SetConsolePalette
GetProfileIntW
FoldStringA
CreateDirectoryA
WaitForDebugEvent
FreeEnvironmentStringsW
AddVectoredExceptionHandler
GetDefaultCommConfigW
GetVersion
BackupWrite
InterlockedCompareExchange
SetComPlusPackageInstallStatus
PrivMoveFileIdentityW
LocalLock
SetFileShortNameA
GlobalFree
SetCommBreak
EnumResourceLanguagesW
GetStartupInfoA
GetConsoleAliasesLengthA
OutputDebugStringA
ResumeThread
GlobalAddAtomA
DebugActiveProcess
ReleaseMutex
GetFirmwareEnvironmentVariableW
SetVolumeMountPointA
BackupRead
UnmapViewOfFile
SwitchToFiber
EnumResourceNamesW
GlobalUnlock
BaseFlushAppcompatCache
LocalFree
GlobalCompact
VirtualFree
FindFirstFileExW
IsValidLanguageGroup
Toolhelp32ReadProcessMemory
EndUpdateResourceA
BaseCheckAppcompatCache
WriteConsoleInputW
GetConsoleAliasesA
AddAtomA
DeleteTimerQueueTimer
WriteProfileSectionW
EnumResourceLanguagesA
CopyFileA
QueryDosDeviceW

ws2_32

WSAIsBlocking
WSAEnumNameSpaceProvidersW
WSCWriteNameSpaceOrder
WSALookupServiceBeginW
htons
WSCInstallProvider
send
WSACreateEvent
socket
inet_addr
WSARecv
WSACleanup
WSAEnumNetworkEvents
WSADuplicateSocketA
WSAUnhookBlockingHook
WSASendDisconnect
WSARemoveServiceClass
WSANtohl
WSASetBlockingHook
setsockopt
WSAIoctl
WSANtohs
WSAEnumNameSpaceProvidersA
getprotobynumber
WSASocketA
WSAAddressToStringA
WSAGetServiceClassNameByClassIdW
WSAJoinLeaf
WSAEnumProtocolsW
listen
htonl
connect

devmgr

DeviceProblenWizard_RunDLLW
DllUnregisterServer
DllRegisterServer
DeviceProblemTextW
DeviceProblemWizardA
DllGetClassObject
DeviceProperties_RunDLLA
DeviceProblenWizard_RunDLLA
DevicePropertiesExA
DevicePropertiesW
DeviceCreateHardwarePageEx
DeviceCreateHardwarePage
DevicePropertiesExW
DeviceManager_ExecuteA
DeviceProblemWizardW
DeviceAdvancedPropertiesW
DeviceAdvancedPropertiesA
DeviceManager_ExecuteW
DllCanUnloadNow
DeviceProblemTextA
DeviceProperties_RunDLLW
DevicePropertiesA

msvcrt40

_mbsnset
iswdigit
?unbuffered@streambuf@@IAEXH@Z
__p___wargv
?pbump@streambuf@@IAEXH@Z
remove
wcscspn
?clog@@3Vostream_withassign@@A
perror
_mbsrchr
?write@ostream@@QAEAAV1@PBDH@Z
malloc
?lockbuf@ios@@QAAXXZ
_lseeki64
ceil
?getline@istream@@QAEAAV1@PACHD@Z
_fcloseall
?rdbuf@ifstream@@QBEPAVfilebuf@@XZ
_wutime
_ismbcdigit
ftell
??_Gstreambuf@@UAEPAXI@Z
_execv
_strerror
_dup
??0istream@@IAE@ABV0@@Z
ferror
_EH_prolog

rasman

RasRPCBind
RasDeAllocateRoute
RasCompressionSetInfo
RasDeviceSetInfo
RasBundleGetPort
RasGetNdiswanDriverCaps
RasRpcUnloadDll
RasSetKey
RasGetFramingCapabilities
RasInitializeNoWait
RasGetDeviceConfigInfo
RasPortEnum
RasProtocolEnum
RasSetPortUserData
RasGetDeviceName
RasDeviceConnect
RasActivateRoute
RasBundleClearStatisticsEx
RasSecurityDialogSend
RasStartRasAutoIfRequired
RasPortReceiveEx
RasGetPortUserData
RasDeviceGetInfo
RasPortClearStatistics
RasRpcGetInstalledProtocolsEx
RasAllocateRoute
RasRegisterRedialCallback
RasRpcConnectServer
RasRpcPortGetInfo
RasBundleClearStatistics
RasGetConnectionUserData
RasSetDevConfig
RasGetDevConfig
RasPortRetrieveUserData

ntdll

RtlCompareString
ZwCreateThread
RtlAllocateHandle
ZwOpenThreadTokenEx
RtlInitCodePageTable
ZwFsControlFile
_CIsqrt
NtWaitLowEventPair
RtlSetProcessIsCritical
NtImpersonateAnonymousToken
ZwSecureConnectPort
ZwUnmapViewOfSection
ZwAlertResumeThread
RtlRemoteCall
_aullshr
RtlUniform
NtUnloadDriver
NtWaitForSingleObject
NtQueryAttributesFile
NtDeleteFile
RtlUpcaseUnicodeToCustomCPN
RtlTimeFieldsToTime
RtlReleaseMemoryStream
RtlCreateUserThread
RtlIsTextUnicode
ZwOpenDirectoryObject
RtlLengthSid
RtlDumpResource
RtlZeroHeap
isspace
ZwQueryOpenSubKeys
RtlImageDirectoryEntryToData
ZwQueryFullAttributesFile
RtlFindSetBitsAndClear
RtlEnlargedUnsignedDivide
RtlDeleteTimerQueueEx
ZwSetInformationFile
ZwCreateNamedPipeFile
RtlEqualPrefixSid

user32

SetFocus

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

17ae1c7735010811aa3c7c4074e83f86

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

opengl32

kernel32

ws2_32

devmgr

msvcrt40

rasman

ntdll

user32

Sections

.text Size: 13KB - Virtual size: 13KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 1KB - Virtual size: 2KB

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 1KB - Virtual size: 2KB