df35697986539ecfdf6bf0aad97f1d19_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

df35697986539ecfdf6bf0aad97f1d19_JaffaCakes118
Size

192KB
MD5

df35697986539ecfdf6bf0aad97f1d19
SHA1

967bb7dd7832a274739aa6090d360d4aabafff21
SHA256

d9c01f720e38270ceb39367a5d36749b778a227b339b58923a9c5e303c3069f6
SHA512

ede3320f90d27d4998d6dc00bd4f293386a8fc39f342b3f649d82c257fb7a68e20e7e796ffc10c6fa75b6989a43521ac762d956686a231feab03df33ccea774d
SSDEEP

3072:q2U95BcaYLCzNkD2CtGh5scbJ2ar7GW3tyRb0W0/oi5TKSUrVVzl7vUrsCYeF:oYhLCzNk+h1QPWWb0WIAprVVzxcg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df35697986539ecfdf6bf0aad97f1d19_JaffaCakes118

Files

df35697986539ecfdf6bf0aad97f1d19_JaffaCakes118
.dll windows:6 windows x86 arch:x86

85b4d616847edc1beebb41928b3c26ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

uudf.pdb

Imports

msvcrt

_except_handler4_common
_amsg_exit
_initterm
free
malloc
_XcptFilter
_vsnwprintf
_vsnprintf
memset
memcpy
memmove

ntdll

RtlAllocateHeap
RtlTimeToTimeFields
RtlSystemTimeToLocalTime
NtQuerySystemTime
DbgPrint
RtlRaiseStatus
RtlFreeHeap

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
InterlockedExchange
DisableThreadLibraryCalls
GetLastError
SetLastError
GetWindowsDirectoryW
SetErrorMode

advapi32

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
TraceMessage

ulib

?Initialize@LIST@@QAEEXZ
?QueryIterator@LIST@@UBEPAVITERATOR@@XZ
?DeleteAllMembers@SEQUENTIAL_CONTAINER@@UAEEXZ
??1LIST@@UAE@XZ
??1ITERATOR@@UAE@XZ
?SetChAt@WSTRING@@QAEGGK@Z
??0MESSAGE@@QAE@XZ
??1MESSAGE@@UAE@XZ
?MakeFileToken@MESSAGE@@SG_KPBD@Z
?DisplayMsg@MESSAGE@@QAAEKW4MESSAGE_TYPE@@KPBDZZ
?DisplayMsg@MESSAGE@@QAEEKW4MESSAGE_TYPE@@K@Z
?Initialize@WSTRING@@QAEEPBV1@KK@Z
?QueryChCount@WSTRING@@QBEKXZ
?QueryChAt@WSTRING@@QBEGK@Z
?Initialize@WSTRING@@QAEEPBGK@Z
?Stricmp@WSTRING@@QBEJPBV1@@Z
?QueryString@WSTRING@@QBEPAV1@KK@Z
??0LIST@@QAE@XZ
?Display@MESSAGE@@QAAEPBDZZ
??0HMEM@@QAE@XZ
?Initialize@HMEM@@QAEEXZ
??1HMEM@@UAE@XZ
??0FSTRING@@QAE@XZ
?Initialize@FSTRING@@QAEPAVWSTRING@@PAGK@Z
?Strcmp@WSTRING@@QBEJPBV1@@Z
?QueryWSTR@WSTRING@@QBEPAGKKPAGKE@Z
??0DSTRING@@QAE@XZ
??1DSTRING@@UAE@XZ
?GetWSTR@WSTRING@@QBEPBGXZ
?Strcmp@WSTRING@@SGHPAG0@Z
?DisplayMsg@MESSAGE@@QAAEKPBDZZ
?UlibRealloc@@YGPAXPAXK@Z
??1OBJECT@@UAE@XZ
?Compare@OBJECT@@UBEJPBV1@@Z
??0OBJECT@@IAE@XZ
?SetClassDescriptor@OBJECT@@IAEXPBVCLASS_DESCRIPTOR@@@Z
?Allocate@MEM_ALLOCATOR@@QAEPAXK@Z
??0MEM_ALLOCATOR@@QAE@XZ
??1MEM_ALLOCATOR@@UAE@XZ
?Initialize@MEM_ALLOCATOR@@QAEE_KK@Z
?FindNext@ITERATOR@@UAEPAVOBJECT@@PBV2@@Z
?DisplayMsg@MESSAGE@@QAEEK@Z
??0ITERATOR@@IAE@XZ

ifsutil

?QueryChildren@DIGRAPH@@QBEEKPAVNUMBER_SET@@@Z
?RemoveEdge@DIGRAPH@@QAEEKK@Z
?QueryParents@DIGRAPH@@QBEEKPAVNUMBER_SET@@@Z
?EliminateCycles@DIGRAPH@@QAEEPAVCONTAINER@@PAE@Z
?QueryNumParents@DIGRAPH@@QBEKK@Z
?Remove@NUMBER_SET@@QAEEPBV1@@Z
?QueryParentsWithChildren@DIGRAPH@@QBEEPAVNUMBER_SET@@K@Z
?PowForceAllocation@IO_DP_DRIVE@@QAEEKKPAKW4NwaType@DP_DRIVE@@@Z
?ChkDsk@VOL_LIODPDRV@@QAEEW4FIX_LEVEL@@PAVMESSAGE@@KKGPAKPBVWSTRING@@@Z
?Lock@IO_DP_DRIVE@@QAEEXZ
?SetFileSystemName@VOL_LIODPDRV@@QAEEPBG@Z
?Recover@VOL_LIODPDRV@@QAEEPBVWSTRING@@PAVMESSAGE@@@Z
?DosDriveNameToNtDriveName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@@Z
?DismountAndLock@IO_DP_DRIVE@@QAEEXZ
?Format@VOL_LIODPDRV@@QAE?AW4FORMAT_ERROR_CODE@@PBVWSTRING@@PAVMESSAGE@@KKK@Z
?QueryUdfMediaNeedsLowLevelFormat@DP_DRIVE@@QAEEXZ
?QueryDriveType@DP_DRIVE@@QBE?AW4DRIVE_TYPE@@XZ
?QueryUdfMediaType@DP_DRIVE@@QAEKXZ
?Initialize@DP_DRIVE@@QAEEPBVWSTRING@@PAVMESSAGE@@EEG@Z
??0DP_DRIVE@@QAE@XZ
?DismountVolume@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?QueryUdfMediaNeedsVat@DP_DRIVE@@QAEEXZ
?QueryUdfMediaNeedsSparing@DP_DRIVE@@QAEEXZ
?QueryNumber@NUMBER_SET@@QBE?AVBIG_INT@@V2@@Z
??0VOL_LIODPDRV@@IAE@XZ
?Initialize@VOL_LIODPDRV@@IAE?AW4FORMAT_ERROR_CODE@@PBVWSTRING@@PAVSUPERAREA@@PAVMESSAGE@@EEW4_MEDIA_TYPE@@GEIE@Z
?WriteEntireDrive@VOL_LIODPDRV@@UAE?AW4FORMAT_ERROR_CODE@@PAVMESSAGE@@PAXKII@Z
?QuerySectors@DP_DRIVE@@UBE?AVBIG_INT@@XZ
?QueryWriteBlockSize@DP_DRIVE@@UBEKXZ
?QuerySectorSize@DP_DRIVE@@UBEKXZ
??1VOL_LIODPDRV@@UAE@XZ
?Write@LOG_IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
??0SUPERAREA@@IAE@XZ
?IsUdfMediaWritable@DP_DRIVE@@QAEEXZ
?Initialize@SUPERAREA@@IAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@KPAVMESSAGE@@@Z
?Read@SECRUN@@UAEEXZ
??1SUPERAREA@@UAE@XZ
?Initialize@DIGRAPH@@QAEEK@Z
??1DIGRAPH@@UAE@XZ
??0DIGRAPH@@QAE@XZ
?WaitForUnit@DP_DRIVE@@QAEEPAVMESSAGE@@@Z
?QueryUdfMediaSupportsBackgroundFormat@DP_DRIVE@@QAEEXZ
?QueryDiscStatus@DP_DRIVE@@QAEEPAK0@Z
?ReinitiateBackgroundFormat@DP_DRIVE@@QAEEXZ
?QueryNextWritableAddress@DP_DRIVE@@QAEEPAKW4NwaType@1@@Z
?QueryUdfMediaSupportsQuickGrow@DP_DRIVE@@QAEEXZ
?ReadFormattableCapacity@DP_DRIVE@@QAEEEPAKPAE0@Z
?QueryVolumeBounds@DP_DRIVE@@QAEEPAK0@Z
?QueryFreeBlocksInLastTrack@DP_DRIVE@@QAEEPAK@Z
?SendPowLowLevelFormat@DP_DRIVE@@QAEEPAVMESSAGE@@@Z
?SetPowTrackConfiguration@DP_DRIVE@@QAEEE@Z
?QueryLastWritableAddress@DP_DRIVE@@QAEEPAKW4NwaType@1@@Z
?QueryHighestTrackAddress@DP_DRIVE@@QAEEPAK@Z
?SetSectors@DP_DRIVE@@QAEXVBIG_INT@@@Z
??0POW_CACHE@@QAE@XZ
??0WRITE_ONCE_CACHE@@QAE@XZ
?Initialize@WRITE_ONCE_CACHE@@QAEEPAVIO_DP_DRIVE@@KKK@Z
?Initialize@POW_CACHE@@QAEEPAVIO_DP_DRIVE@@@Z
?Initialize@POW_CACHE@@QAEEKKKKK@Z
??0READ_MODIFY_WRITE_CACHE@@QAE@XZ
?Initialize@READ_MODIFY_WRITE_CACHE@@QAEEPAVIO_DP_DRIVE@@KKEE@Z
?SetCache@IO_DP_DRIVE@@QAEXPAVDRIVE_CACHE@@@Z
??0READ_WRITE_CACHE@@QAE@XZ
?Initialize@READ_WRITE_CACHE@@QAEEPAVIO_DP_DRIVE@@K@Z
??0SECRUN@@QAE@XZ
?FlushCache@IO_DP_DRIVE@@QAEEXZ
?WaitForWriteCompletion@DP_DRIVE@@QAEEPAVMESSAGE@@@Z
?FormatScaleTotalFreeClusters@IFS_SYSTEM@@SGE_K0PAK1PA_K2@Z
?DoesIntersectSet@NUMBER_SET@@QBEEVBIG_INT@@0@Z
?Remove@NUMBER_SET@@QAEEVBIG_INT@@0@Z
?Add@NUMBER_SET@@QAEEVBIG_INT@@0@Z
?Initialize@NUMBER_SET@@QAEEXZ
??0NUMBER_SET@@QAE@XZ
?QueryDisjointRange@NUMBER_SET@@QBEXKPAVBIG_INT@@0@Z
?QueryUdfMediaHasPow@DP_DRIVE@@QAEEXZ
?GetDrive@SUPERAREA@@QAEPAVIO_DP_DRIVE@@XZ
?QueryEccBlockSizeInSectors@DP_DRIVE@@QAEGXZ
?Add@NUMBER_SET@@QAEEVBIG_INT@@@Z
?CheckAndRemove@NUMBER_SET@@QAEEVBIG_INT@@PAE@Z
?AddEdge@DIGRAPH@@QAEEKK@Z
??1NUMBER_SET@@UAE@XZ
?Read@LOG_IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
??1SECRUN@@UAE@XZ
?Write@SECRUN@@UAEEXZ
?Initialize@SECRUN@@QAEEPAVMEM@@PAVIO_DP_DRIVE@@VBIG_INT@@K@Z
?QueryRewritableMOSupport@DP_DRIVE@@QAEEXZ

Exports

Exports

??0METADATA_PARTITION@@QAE@XZ
??0UDF_LVOL@@QAE@XZ
??0UDF_SA@@QAE@XZ
??0UDF_VOL@@QAE@XZ
??1METADATA_PARTITION@@UAE@XZ
??1UDF_LVOL@@UAE@XZ
??1UDF_SA@@UAE@XZ
??1UDF_VOL@@UAE@XZ
?CreateOnDisk@UDF_LVOL@@QAEEPAVUDF_SA@@PAVMESSAGE@@PAVVDS@@PAUEXTENTAD@@K3@Z
?Initialize@UDF_SA@@QAEEPAVLOG_IO_DP_DRIVE@@PAVMESSAGE@@G@Z
?Initialize@UDF_VOL@@QAE?AW4FORMAT_ERROR_CODE@@PBVWSTRING@@PAVMESSAGE@@EGEEE@Z
?ReadFromDisk@UDF_LVOL@@QAEEPAVUDF_SA@@PAVMESSAGE@@PAVVDS@@@Z
Chkdsk
ChkdskEx
Format
FormatEx
GetFilesystemInformation
Recover

Sections

.text
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

85b4d616847edc1beebb41928b3c26ab

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

advapi32

ulib

ifsutil

Exports

Exports

Sections

.text Size: 123KB - Virtual size: 123KB

.data Size: 61KB - Virtual size: 62KB

.rsrc Size: 1024B - Virtual size: 984B

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 123KB - Virtual size: 123KB

.data
Size: 61KB - Virtual size: 62KB

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 5KB - Virtual size: 5KB