f71fde48490edd097831221da067b311_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f71fde48490edd097831221da067b311_JaffaCakes118
Size

871KB
MD5

f71fde48490edd097831221da067b311
SHA1

4bb29138996cc2fa549af5800c6b74fb323b5a95
SHA256

0c85986c3c07e9af96cbec363cdb7aaa3a267d6b708db8f15eaa2b866189ac92
SHA512

216b26a2bf3154b589329e4bee47c7ce58512a4cdeb3a22df75373a5d120a8dbf1842aba59069c35af4438f351212ef76845d3a3a6f43d912b8df03d8f805174
SSDEEP

24576:IWWReQP3zEMY+YkMTA1qRKqXgFpRxNDrbx:XWReG3wBZrTAt1ZxNXbx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f71fde48490edd097831221da067b311_JaffaCakes118

Files

f71fde48490edd097831221da067b311_JaffaCakes118
.exe windows:5 windows x86 arch:x86

21d9d50e715f4464b3679ce73d0a53cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlFillMemory
iswlower
ZwCancelTimer
ZwQuerySystemEnvironmentValueEx
ZwImpersonateClientOfPort
RtlLocalTimeToSystemTime
RtlRestoreLastWin32Error
ZwOpenSection
isxdigit
wcsrchr
RtlGetCallersAddress
NtQuerySecurityObject
fabs
RtlSetUserFlagsHeap
NtSetTimerResolution
ZwAccessCheckByType
wcsstr
RtlEqualSid
NtQueryTimerResolution
ZwQueryInformationAtom
RtlTraceDatabaseFind
ZwSetDebugFilterState
ZwModifyBootEntry
NtCreateSection
NtWriteFileGather
NtEnumerateSystemEnvironmentValuesEx
ZwQueryEvent
RtlDestroyQueryDebugBuffer
ZwEnumerateBootEntries
_vsnprintf
NtReleaseKeyedEvent
_wtoi
isprint
ZwOpenThreadToken
ZwWriteRequestData
_memicmp
ZwResetEvent
ZwCreateMutant
NtSetInformationToken
RtlCreateTimerQueue

setupapi

SetupDiGetSelectedDriverA
CM_Reenumerate_DevNode_Ex
SetupGetSourceFileSizeA
pSetupWriteLogError
SetupFindNextMatchLineA
SetupQueryInfFileInformationW
SetupDiSetDeviceInstallParamsA
CM_Locate_DevNode_ExA
CM_Free_Range_List
SetupDiSetDeviceInstallParamsW
CM_Is_Dock_Station_Present_Ex
CM_Get_Resource_Conflict_DetailsW
CM_Setup_DevNode
CM_Request_Eject_PC_Ex
SetupAddToSourceListW
SetupPrepareQueueForRestoreW
SetupLogErrorA
SetupDiSetClassInstallParamsA
pSetupOpenAndMapFileForRead
SetupQueryInfVersionInformationA
SetupCopyOEMInfA
CM_Get_Device_Interface_List_ExW
CM_Open_DevNode_Key
CM_Request_Device_Eject_ExA
CM_Set_HW_Prof_FlagsA
CM_Set_Class_Registry_PropertyA
SetupDiInstallClassExW
SetupDiMoveDuplicateDevice
pSetupCenterWindowRelativeToParent
CM_Add_IDW

msvcrt40

tmpnam
??_Eostream_withassign@@UAEPAXI@Z
_getche
isalnum
?setlock@ios@@QAAXXZ
??1ofstream@@UAE@XZ
_ismbbpunct
_wasctime
towlower
??0Iostream_init@@QAE@XZ
_c_exit
??6ostream@@QAEAAV0@PBC@Z
_ismbcl1
?set_new_handler@@YAP6AXXZP6AXXZ@Z
??5istream@@QAEAAV0@AAE@Z
?cin@@3Vistream_withassign@@A
difftime
??7ios@@QBEHXZ
?is_open@ofstream@@QBEHXZ
_CIpow
?endl@@YAAAVostream@@AAV1@@Z
_strerror
??_Gostream@@UAEPAXI@Z
??_Distream_withassign@@QAEXXZ
__p___argv

kernel32

LocalAlloc
DeleteFileA
SetHandleInformation
GetACP
CreateConsoleScreenBuffer
LockFile
CancelWaitableTimer
UTUnRegister
lstrcmpiW
GetConsoleCommandHistoryLengthA
GetVolumeInformationA
SetLastConsoleEventActive
SetFilePointerEx
LoadLibraryA
FindFirstVolumeW
SetLastError
SetHandleContext
WriteConsoleOutputAttribute
GetPrivateProfileIntW
OpenEventW
WaitForMultipleObjectsEx
OutputDebugStringA
ScrollConsoleScreenBufferA
RemoveDirectoryW
InitializeCriticalSection
RemoveDirectoryA
EnumResourceLanguagesW
WaitForMultipleObjects
GlobalAlloc
GetTickCount
GetLocaleInfoW
LocalReAlloc
GetSystemDefaultLangID
VirtualAlloc
Heap32ListFirst

winsta

WinStationOpenServerW
WinStationQueryInformationW
_WinStationBreakPoint
WinStationWaitSystemEvent
WinStationEnumerate_IndexedW
WinStationSendWindowMessage
ServerLicensingSetPolicy
WinStationGetAllProcesses
WinStationNameFromLogonIdA
WinStationEnumerateW
WinStationEnumerateA
WinStationRenameA
WinStationRenameW
ServerQueryInetConnectorInformationW
WinStationCloseServer
WinStationRegisterConsoleNotification
WinStationOpenServerA
WinStationUnRegisterConsoleNotification
WinStationFreeGAPMemory
WinStationRemoveLicense
WinStationEnumerateLicenses
WinStationNtsdDebug
WinStationSetInformationW
WinStationGetTermSrvCountersValue
_WinStationReInitializeSecurity
WinStationReset
_WinStationNotifyLogon
WinStationEnumerateProcesses
ServerLicensingClose
ServerSetInternetConnectorStatus
WinStationConnectA
ServerLicensingGetPolicy
_WinStationReadRegistry
ServerLicensingLoadPolicy
WinStationIsHelpAssistantSession
WinStationShadowStop
WinStationQueryUpdateRequired
WinStationSendMessageW
LogonIdFromWinStationNameW
WinStationShutdownSystem

comsvcs

CosGetCallContext
DllGetClassObject
MTSCreateActivity
GetMTAThreadPoolMetrics
GetTrkSvrObject
CoLoadServices
ComSvcsLogError
CoEnterServiceDomain
GetObjectContext
RecycleSurrogate
ComSvcsExceptionFilter
SafeRef
CoCreateActivity
MiniDumpW
CoLeaveServiceDomain
DispManGetContext

advapi32

LsaClearAuditLog
UnregisterTraceGuids
CloseEventLog
TraceMessageVa
GetSidSubAuthorityCount
LsaICLookupNames
RevertToSelf
LogonUserA
GetSecurityDescriptorGroup
CreatePrivateObjectSecurityEx
ElfClearEventLogFileW
LsaCreateAccount
ElfOpenEventLogA
SystemFunction008
FreeEncryptionCertificateHashList
SetEntriesInAuditListW
RegisterTraceGuidsW
SaferiCompareTokenLevels
RegDeleteKeyA
CredpConvertTargetInfo
ElfChangeNotify
StartServiceCtrlDispatcherW
PrivilegedServiceAuditAlarmA
GetAuditedPermissionsFromAclW
ConvertStringSDToSDDomainA
MakeAbsoluteSD
SetSecurityDescriptorSacl
FreeInheritedFromArray
ChangeServiceConfig2W
GetServiceDisplayNameW
LsaSetForestTrustInformation
GetSecurityInfo
SystemFunction035
SystemFunction006
I_ScIsSecurityProcess
RegSetKeySecurity
SetEntriesInAccessListA
OpenServiceW
SystemFunction036
ReportEventA
CryptContextAddRef
MapGenericMask

Sections

.text
Size: 373KB - Virtual size: 373KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 369KB - Virtual size: 369KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 125KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

21d9d50e715f4464b3679ce73d0a53cc

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

setupapi

msvcrt40

kernel32

winsta

comsvcs

advapi32

Sections

.text Size: 373KB - Virtual size: 373KB

.rdata Size: 369KB - Virtual size: 369KB

.data Size: 125KB - Virtual size: 1.6MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 373KB - Virtual size: 373KB

.rdata
Size: 369KB - Virtual size: 369KB

.data
Size: 125KB - Virtual size: 1.6MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB