e1a8a17534a95f6db2b7efd65b69606f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e1a8a17534a95f6db2b7efd65b69606f_JaffaCakes118
Size

45KB
MD5

e1a8a17534a95f6db2b7efd65b69606f
SHA1

257a98a5ce1c0fbf396006f3fc7c991c1842f84a
SHA256

17a551345ce957aafafd876f04fe31a807dfd59ea4634bedadfc74090e8e3e94
SHA512

ce41b735d85e37df78f086d799756c2d1ea7287c7e5c190099b99b03a58669a7205a10531b6dafe61a6c1afae62760f2f821000c3e3eda6c4129f626cbd4ad4b
SSDEEP

768:jqyak0yUpcx7rfDobwnJKL95zY/ksMXtByCP4+vfiz7zk6j2:jqyr0yikvnJ495UM9Bysjvaz7zk6q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e1a8a17534a95f6db2b7efd65b69606f_JaffaCakes118

Files

e1a8a17534a95f6db2b7efd65b69606f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ed87f154556265655cc89eecd530f37c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rastapi

GetConnectInfo
PortGetInfo
GetZeroDeviceInfo
RastapiSetCalledID
PortConnect
PortReceive
PortGetPortState
PortInit
PortOpen
PortSetInfo
DeviceSetInfo
UnloadRastapiDll
DeviceSetDevConfig
PortSend
DeviceGetDevConfig
DeviceGetDevConfigEx
PortCompressionSetInfo
EnableDeviceForDialIn
PortSetFraming
PortClearStatistics
PortSetIoCompletionPort
DeviceConnect
PortClose
DeviceGetInfo
SetCommSettings
RastapiGetCalledID
PortReceiveComplete
PortEnum
DeviceEnum
DeviceDone
PortGetIOHandle
PortGetStatistics
PortDisconnect
AddPorts
PortTestSignalState
RemovePort
PortChangeCallback
DeviceWork
DeviceListen

advapi32

RegEnumKeyA
LsaEnumerateTrustedDomains
GetSidLengthRequired
LsaSetSecret
CryptGetUserKey
GetSecurityDescriptorLength
SetAclInformation
BuildTrusteeWithObjectsAndNameA
ObjectCloseAuditAlarmW
CloseEncryptedFileRaw
QueryRecoveryAgentsOnEncryptedFile
LookupSecurityDescriptorPartsA
CopySid
A_SHAFinal
OpenTraceW
ProcessTrace
SystemFunction011
ImpersonateSelf
CryptAcquireContextW
CredRenameW
SetInformationCodeAuthzPolicyW
LsaEnumerateAccountRights
LsaGetQuotasForAccount
LsaLookupPrivilegeDisplayName
GetManagedApplications
RegSetKeySecurity
RegConnectRegistryA
StopTraceA
GetEffectiveRightsFromAclA
CredpConvertCredential
CryptExportKey
CryptContextAddRef
OpenSCManagerA
TrusteeAccessToObjectW
GetPrivateObjectSecurity
InitializeSid
LsaDelete
QueryServiceStatusEx
CredWriteA
DuplicateToken
SetNamedSecurityInfoW
GetSecurityInfoExA
AddAuditAccessAceEx
EnumServicesStatusExW

msvcrt40

_adj_fprem
?sync_with_stdio@ios@@SAXXZ
_cabs
?str@istrstream@@QAEPADXZ
??0istream_withassign@@QAE@PAVstreambuf@@@Z
_spawnle
??5istream@@QAEAAV0@AAJ@Z
_mbscmp
abort
_ismbcpunct
??1strstream@@UAE@XZ
_chdir
?setbuf@streambuf@@UAEPAV1@PADH@Z
??_Gostrstream@@UAEPAXI@Z
?rdbuf@fstream@@QBEPAVfilebuf@@XZ
_wfullpath
sprintf
?setp@streambuf@@IAEXPAD0@Z
_getsystime
_fgetchar
_outpd
_wunlink
??_Estrstream@@UAEPAXI@Z
??_Diostream@@QAEXXZ
_wrmdir
?freeze@strstreambuf@@QAEXH@Z
_ultow
??0__non_rtti_object@@QAE@ABV0@@Z
_spawnve
??0fstream@@QAE@PBDHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
??_Gexception@@UAEPAXI@Z
_fdopen
_execlpe
??1istream@@UAE@XZ
setbuf
mbtowc
exit

query

?DecodeURLEscapes@@YGXPAEAAKPAGK@Z
?GetChar@CMemDeSerStream@@UAEXPADK@Z
?GetPropInfo@CEmptyPropertyList@@QAEHPBGPAPAVCDbColId@@PAGPAI@Z
?Init@CRegChangeEvent@@QAEXXZ
?CiNtOpenNoThrow@@YGJAAPAXPBGKKK@Z
?FindPropid@CPidLookupTable@@QAEHABVCFullPropSpec@@AAKH@Z
?_wcsFileName@CGlobalPropFileRefresher@@0PAGA
?FormQueryTree@@YGPAVCDbCmdTreeNode@@AAV1@AAVCCatState@@PAUIColumnMapper@@HH@Z
?fgetsw@CFileBuffer@@QAEKAAV?$XGrowable@G$0BAE@@@@Z
SetCatalogState
?Flush@CPhysStorage@@QAEXH@Z
?ReturnBuffer@CPhysStorage@@QAEXKHH@Z
?SetPriority@CGenericCiProxy@@QAEXKK@Z
?ChangeCurrentScope@CCatState@@QAEXPBG@Z
?AddArg@CEventItem@@QAEXPBG@Z
??0CPropertyValueParser@@QAE@AAVCQueryScanner@@GK@Z
??0CDbNatLangRestriction@@QAE@PBGABUtagDBID@@K@Z
?Add@CWorkQueue@@QAEXPAVPWorkItem@@@Z
?Clone@CRestriction@@QBEPAV1@XZ
??1CSizeSerStream@@UAE@XZ
?WriteProperty@CPropStoreManager@@QAEJAAVCCompositePropRecordForWrites@@KABVCStorageVariant@@@Z
??1?$XPtr@VCDbColumnNode@@@@QAE@XZ
?TreeCount@CRestriction@@QBEKXZ
?ReadProperty@CPropStoreManager@@QAEHAAVCCompositePropRecord@@KAAUtagPROPVARIANT@@PAEPAI@Z
??0CSynRestriction@@QAE@ABVCKey@@KKKH@Z
?ReadProperty@CPropStoreManager@@QAEHKKAAUtagPROPVARIANT@@@Z
?SkipUShort@CMemDeSerStream@@UAEXXZ
?SetSortProp@CCatState@@QAEXPBGW4SORTDIR@@I@Z
?GetStr@CKeyBuf@@QBEPAGXZ
?GetProperties@CGetDbProps@@QAEXPAUIDBProperties@@K@Z
?Grow@CDynStream@@QAEXAAVPStorage@@K@Z
?ParseOneLine@CPropertyList@@SGXAAVCQueryScanner@@HAAV?$XPtr@VCPropEntry@@@@@Z
?QueryInterface@CEnumWorkid@@UAGJABU_GUID@@PAPAX@Z
?Release@CQueryUnknown@@UAGKXZ
?Next@CCatalogEnum@@QAEHXZ
?SetExclude@CScopeAdmin@@QAEXH@Z
?MakeBackupCopy@CPidLookupTable@@QAEXAAVPRcovStorageObj@@AAVPSaveProgressTracker@@@Z
?IsRunningAsSystem@CImpersonateSystem@@SGHXZ
??1CMetaDataMgr@@QAE@XZ
?IsCIStopped@CMachineAdmin@@QAEHXZ
?AddToWorkQueue@CFwAsyncWorkItem@@QAEXXZ
CiSvcMain
?Size@CDbQueryResults@@QAEKXZ
EndCacheTransaction
?AllocHeapAndGetWString@@YGPAGAAVPDeSerStream@@@Z

kernel32

GetModuleHandleA
GetProcessVersion
EnumerateLocalComputerNamesW
Heap32First
GetConsoleAliasW
GlobalFree
SetEnvironmentVariableW
GetBinaryType
GetCompressedFileSizeA
RequestDeviceWakeup
QueryPerformanceCounter
FreeUserPhysicalPages
GetConsoleCursorInfo
GetExitCodeProcess
VDMOperationStarted
GlobalFlags
GetPrivateProfileStringA
GetOEMCP
lstrlenW
FindFirstFileW
FreeLibrary
BeginUpdateResourceW
RegisterWaitForInputIdle
QueryMemoryResourceNotification
SetConsoleCtrlHandler
VirtualAlloc
LoadLibraryA
SetMessageWaitingIndicator
GlobalWire
GetLogicalDrives
GlobalSize
GetCurrentProcess
DuplicateHandle
ReadFile
WriteProcessMemory
ConvertThreadToFiber
FindClose
SetConsolePalette
HeapUnlock

bidispl

DllGetClassObject

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed87f154556265655cc89eecd530f37c

Headers

DLL Characteristics

File Characteristics

Imports

rastapi

advapi32

msvcrt40

query

kernel32

bidispl

Sections

.text Size: 32KB - Virtual size: 32KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 1024B - Virtual size: 1024B

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 32KB - Virtual size: 32KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 1024B - Virtual size: 1024B

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B