fb6ddae7cee6aa5986b18d62fec1c608_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fb6ddae7cee6aa5986b18d62fec1c608_JaffaCakes118
Size

1.0MB
MD5

fb6ddae7cee6aa5986b18d62fec1c608
SHA1

1e1b26f3617ff8648770e4cd3c895ff03ebf9ad8
SHA256

6920337e22b9522687ae78e2c30a22fcb6ab6ad38f788c477d86c9760facc1be
SHA512

7e7b6adb39cab239c525798e0fbafc5d484833fb9265e8dd2d236e101850f4fad973acd90b2a0a7e9fdc4d168519feff531ada45fa3ce9b07d9fb36da8589c1d
SSDEEP

24576:+a77n+HaluLMnzE32b558kTx0IIX+Sshg/V:+a7z+PLWKuvIIhgN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb6ddae7cee6aa5986b18d62fec1c608_JaffaCakes118

Files

fb6ddae7cee6aa5986b18d62fec1c608_JaffaCakes118
.dll windows:5 windows x86 arch:x86

d244837ab8b3b779cf1bbb18f2426983

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

syssetup.pdb

Imports

setupapi

pSetupAppendStringToMultiSz
pSetupSetNoDriverPrompts
SetupDiBuildClassInfoList
SetupDiGetClassDescriptionW
pSetupDiGetDeviceInfoContext
SetupGetFileQueueFlags
pSetupVerifyQueuedCatalogs
pSetupInfIsFromOemLocation
pSetupDiSetDeviceInfoContext
CMP_WaitNoPendingInstallEvents
SetupDiGetClassDevsExW
pSetupInfCacheBuild
SetupGetLineTextW
pSetupFree
CM_Open_Class_KeyW
SetupDiGetINFClassW
pSetupIsGuidNull
SetupDiClassGuidsFromNameW
pSetupQueryMultiSzValueToArray
pSetupSetArrayToMultiSzValue
SetupAddToSourceListW
SetupRemoveFromSourceListW
pSetupOutOfMemory
pSetupUnicodeToMultiByte
SetupInitDefaultQueueCallbackEx
SetupTermDefaultQueueCallback
SetupDefaultQueueCallbackW
pSetupStringFromGuid
pSetupRegistryDelnode
SetupInstallServicesFromInfSectionExW
pSetupInstallStopEx
SetupIterateCabinetW
pSetupGetRealSystemTime
pSetupOpenAndMapFileForRead
pSetupUnmapAndCloseFile
SetupScanFileQueueW
SetupPromptForDiskW
pSetupSetSystemSourcePath
SetupOpenAppendInfFileW
pSetupGetGlobalFlags
pSetupSetGlobalFlags
SetupQueueCopyW
SetupOpenFileQueue
SetupInstallFilesFromInfSectionW
SetupCommitFileQueueW
SetupCloseFileQueue
SetupGetInfInformationW
SetupGetSourceFileLocationW
SetupGetSourceInfoW
SetupDecompressOrCopyFileW
SetupQueryInfFileInformationW
pSetupGetFileTitle
pSetupVerifyFile
pSetupFreeStringArray
pSetupVerifyCatalogFile
pSetupGetCurrentDriverSigningPolicy
pSetupHandleFailedVerification
CM_Get_DevNode_Status
SetupDiCreateDeviceInfoW
SetupDiRegisterDeviceInfo
SetupDiDeleteDeviceInfo
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_SizeW
pSetupAcquireSCMLock
SetupGetLineCountW
SetupDiEnumDeviceInfo
SetupDiCreateDeviceInfoList
SetupDiGetDeviceInstanceIdW
SetupDiOpenDeviceInfoW
pSetupGetField
pSetupRetrieveServiceConfig
pSetupAddTagToGroupOrderListEntry
SetupGetFieldCount
SetupDiInstallDevice
SetupDiSetDeviceRegistryPropertyW
SetupInstallFromInfSectionW
SetupDiSelectBestCompatDrv
SetupFindNextMatchLineW
SetupOpenLog
SetupLogErrorW
SetupCloseLog
SetupDiSetSelectedDriverW
SetupDiEnumDriverInfoW
SetupDiGetDriverInstallParamsW
SetupDiSetDriverInstallParamsW
SetupDiCreateDevRegKeyW
SetupDiGetActualSectionToInstallW
SetupGetMultiSzFieldW
pSetupCenterWindowRelativeToParent
SetupGetIntField
SetupGetLineByIndexW
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
CM_Get_Parent
SetupDiDestroyDeviceInfoList
pSetupEnablePrivilege
pSetupStringTableInitialize
SetupDiCallClassInstaller
SetupDiDestroyDriverInfoList
SetupDiGetSelectedDriverW
pSetupGuidFromString
SetupDiOpenDevRegKey
SetupCopyOEMInfW
SetupDiBuildDriverInfoList
SetupDiOpenClassRegKey
SetupDiInstallClassW
SetupDiGetDriverInfoDetailW
pSetupStringTableAddString
pSetupStringTableInitializeEx
SetupCloseInfFile
pSetupStringTableLookUpString
pSetupStringTableGetExtraData
pSetupDuplicateString
pSetupStringTableAddStringEx
pSetupStringTableDestroy
SetupOpenInfFileW
pSetupRealloc
SetupDiGetClassInstallParamsW
SetupDiSetClassInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInfoListDetailW
SetupDiLoadClassIcon
SetupDiGetDeviceRegistryPropertyW
SetupFindFirstLineW
SetupGetStringFieldW
pSetupConcatenatePaths
SetupFindNextLine
pSetupMalloc
pSetupInstallCatalog

ntdll

NtOpenFile
NtSetSystemInformation
_strcmpi
RtlCopyUnicodeString
RtlEqualUnicodeString
RtlSubAuthorityCountSid
RtlLengthRequiredSid
RtlCopySid
RtlSubAuthoritySid
NtPowerInformation
RtlLockBootStatusData
RtlGetSetBootStatusData
RtlCreateBootStatusDataFile
RtlUnlockBootStatusData
NtDeviceIoControlFile
DbgPrintEx
NtQuerySystemInformation
NtCreateFile
NtOpenKey
NtQueryValueKey
RtlIntegerToUnicodeString
RtlEqualSid
RtlNtStatusToDosError
VerSetConditionMask
NtQuerySystemEnvironmentValue
RtlInitializeSid
NtQuerySymbolicLinkObject
NtClose
RtlUnwind
NtOpenEvent
NtCreateEvent
RtlImageNtHeader
DbgBreakPoint
NtSetSystemEnvironmentValue
NtOpenDirectoryObject
NtQueryDirectoryObject
RtlAppendUnicodeStringToString
RtlInitUnicodeString
NtOpenSymbolicLinkObject

gdi32

SetTextColor
GetDeviceCaps
AddFontResourceW
GetStockObject
CreateFontIndirectW
SelectObject
StretchDIBits
CreateCompatibleDC
GetObjectW
SetBkColor
GetTextExtentPointW
BitBlt
DeleteDC
DeleteObject
SetStretchBltMode
SetBkMode
CreateDIBSection

kernel32

GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
VirtualProtect
VirtualQuery
InterlockedExchange
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsAlloc
TlsGetValue
TlsFree
GetModuleHandleA
HeapReAlloc
GetVersionExA
GetCommandLineA
TlsSetValue
lstrcpynA
LocalReAlloc
UnhandledExceptionFilter
GetCurrentProcessId
QueryPerformanceCounter
FindResourceW
LoadResource
LockResource
GetLogicalDriveStringsW
GlobalMemoryStatusEx
MoveFileW
lstrcpyA
lstrcmpiA
SetThreadLocale
TerminateThread
GetThreadLocale
SetThreadExecutionState
SetComputerNameExW
GetLogicalDrives
IsDebuggerPresent
ExitThread
ExitProcess
CreateEventW
CreateNamedPipeW
SetEvent
ConnectNamedPipe
DisconnectNamedPipe
GetACP
SearchPathW
GetSystemTime
OpenEventW
CopyFileA
DeleteFileA
GetSystemTimeAsFileTime
GetTickCount
LoadLibraryExW
LoadLibraryA
GlobalAlloc
GlobalFree
InitializeCriticalSection
SetUserGeoID
GetUserGeoID
EnumSystemGeoID
GetUserDefaultLCID
EnumSystemLocalesW
GetLocaleInfoW
IsValidLocale
DnsHostnameToComputerNameW
GetModuleHandleW
GetVersion
FreeLibraryAndExitThread
ReleaseMutex
CreateMutexW
lstrlenA
GetPrivateProfileIntW
GetGeoInfoW
GetOEMCP
WaitForSingleObjectEx
RemoveDirectoryW
GetStartupInfoW
GetTempPathW
CopyFileW
CreateFileMappingW
MapViewOfFile
MoveFileExW
GetModuleFileNameW
GetLocalTime
WideCharToMultiByte
OutputDebugStringW
SetUnhandledExceptionFilter
GetFullPathNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateActCtxW
SetEnvironmentVariableW
CreateDirectoryW
FindNextFileW
GetTempFileNameW
RaiseException
LocalSize
WritePrivateProfileStringW
GetSystemInfo
FormatMessageW
GetFileAttributesW
lstrcmpW
LocalAlloc
GetExitCodeThread
GetCPInfo
LocalFree
GetCurrentThreadId
CreateThread
SetTimeZoneInformation
Sleep
GetDriveTypeW
SetErrorMode
GetFileSize
SetFilePointer
ReadFile
MultiByteToWideChar
FlushFileBuffers
VerifyVersionInfoW
DuplicateHandle
ExpandEnvironmentStringsW
GetLocaleInfoA
CreateProcessW
WaitForSingleObject
GetWindowsDirectoryA
EnumSystemLocalesA
IsValidCodePage
SetStdHandle
CreateFileA
SetEndOfFile
lstrcmpA
GetFullPathNameA
CreateEventA
IsDBCSLeadByte
FormatMessageA
CompareStringW
UnmapViewOfFile
_lwrite
_lcreat
SetFileAttributesA
_lclose
_lread
_llseek
_lopen
GetCurrentThread
SetThreadAffinityMask
GetProcessAffinityMask
GetCurrentProcess
InterlockedIncrement
GetProcAddress
LoadLibraryW
GetPrivateProfileStringW
FreeLibrary
DeleteFileW
SetFileAttributesW
GetWindowsDirectoryW
HeapFree
HeapAlloc
GetProcessHeap
lstrcatW
FindClose
FindFirstFileW
QueryDosDeviceW
CloseHandle
GetLastError
DeviceIoControl
CreateFileW
lstrlenW
GetVolumeInformationW
GetSystemDirectoryW
lstrcpyW
lstrcpynW
GetSystemWindowsDirectoryW
lstrcmpiW
SetLastError
GetDiskFreeSpaceW
GetTimeZoneInformation
GetVersionExW
GetEnvironmentVariableW
GetComputerNameW
WriteFile
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetExitCodeProcess
TerminateProcess

powrprof

SetActivePwrScheme

user32

CharToOemA
GetSysColorBrush
wsprintfA
IsDlgButtonChecked
SendMessageW
SetWindowLongW
CheckRadioButton
PostMessageW
GetParent
EnableWindow
GetDlgItem
CheckDlgButton
LoadStringW
SetDlgItemTextW
DestroyIcon
SendDlgItemMessageW
WinHelpW
wsprintfW
CharLowerW
EndDialog
LoadBitmapW
LoadCursorW
PostThreadMessageW
ShowCursor
SetCursor
DialogBoxParamW
IsWindow
SetFocus
SetTimer
KillTimer
DispatchMessageW
GetMessageW
CharUpperBuffW
GetWindowLongW
LoadIconW
MessageBoxW
CharUpperW
EndPaint
GetClientRect
GetSysColor
DrawTextW
GetSystemMetrics
BeginPaint
DefWindowProcW
UnregisterClassW
RegisterClassW
MsgWaitForMultipleObjects
SetForegroundWindow
SetWindowTextW
ReleaseDC
GetDC
LoadImageW
PostQuitMessage
DestroyWindow
RegisterHotKey
SetShellWindow
ShowWindow
CreateWindowExW
PeekMessageW
WaitMessage
GetKeyboardLayout
GetDlgItemTextW
wvsprintfW
ChangeDisplaySettingsW
EnumDisplaySettingsW
CallWindowProcW
GetDlgCtrlID
UpdateWindow
InvalidateRect
CharUpperA
SendMessageTimeoutW
wvsprintfA
MoveWindow
ClientToScreen
GetWindowRect
GetDesktopWindow
GetAsyncKeyState
GetActiveWindow
FillRect
SetActiveWindow
SetWindowPos
EnableMenuItem
GetSystemMenu
MessageBoxA

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

sfc

ord1

sfcfiles

SfcGetFiles

shlwapi

SHDeleteKeyW
StrCmpNIW
StrTrimW
wvnsprintfW

cryptui

I_CryptUIProtect

netapi32

NetApiBufferFree
NetGetJoinInformation
NetUserSetInfo
NetUserGetInfo
NetpNtStatusToApiStatus

rpcrt4

UuidToStringW
UuidFromStringW
UuidCreate
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcBindingFree
NdrClientCall2
RpcStringFreeW

urlmon

CoInternetParseUrl

imm32

ImmAssociateContext

wintrust

CryptCATClose
CryptCATEnumerateCatAttr
CryptCATAdminAcquireContext
CryptCATAdminRemoveCatalog
CryptCATAdminReleaseContext
IsCatalogFile
CryptCATOpen

Exports

Exports

AsrAddSifEntryA
AsrAddSifEntryW
AsrCreateStateFileA
AsrCreateStateFileW
AsrFreeContext
AsrRestorePlugPlayRegistryData
AsrpGetLocalDiskInfo
AsrpGetLocalVolumeInfo
AsrpRestoreNonCriticalDisksW
CdromPropPageProvider
ComputerClassInstaller
CreateLocalAdminAccount
CreateLocalAdminAccountEx
CreateLocalUserAccount
CriticalDeviceCoInstaller
DevInstallW
DeviceBayClassInstaller
DiskPropPageProvider
DoInstallComponentInfs
EisaUpHalCoInstaller
EisaUpHalPropPageProvider
GenerateName
HdcClassInstaller
InitializeSetupLog
InstallWindowsNt
InvokeExternalApplicationEx
KeyboardClassInstaller
LegacyDriverPropPageProvider
MigrateExceptionPackages
MouseClassInstaller
NtApmClassInstaller
OpkCheckVersion
PS2MousePropPageProvider
PnPInitializationThread
PrepareForAudit
RepairStartMenuItems
ReportError
RunOEMExtraTasks
ScsiClassInstaller
SetAccountsDomainSid
SetupAddOrRemoveTestCertificate
SetupChangeFontSize
SetupChangeLocale
SetupChangeLocaleEx
SetupCreateOptionalComponentsPage
SetupDestroyLanguageList
SetupDestroyPhoneList
SetupEnumerateRegisteredOsComponents
SetupExtendPartition
SetupGetGeoOptions
SetupGetKeyboardOptions
SetupGetLocaleOptions
SetupGetProductType
SetupGetSetupInfo
SetupGetValidEula
SetupInfObjectInstallActionW
SetupInstallCatalog
SetupMapTapiToIso
SetupOobeBnk
SetupOobeCleanup
SetupOobeInitDebugLog
SetupOobeInitPostServices
SetupOobeInitPreServices
SetupPidGen3
SetupQueryRegisteredOsComponent
SetupQueryRegisteredOsComponentsOrder
SetupReadPhoneList
SetupRegisterOsComponent
SetupSetAdminPassword
SetupSetDisplay
SetupSetIntlOptions
SetupSetRegisteredOsComponentsOrder
SetupSetSetupInfo
SetupShellSettings
SetupStartService
SetupUnRegisterOsComponent
StorageCoInstaller
SystemUpdateUserProfileDirectory
TapeClassInstaller
TapePropPageProvider
TerminateSetupLog
UpdatePnpDeviceDrivers
UpgradePrinters
ViewSetupActionLog
VolumeClassInstaller
pSetupDebugPrint
pSetuplogSfcError

Sections

.text
Size: 502KB - Virtual size: 501KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 99KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 431KB - Virtual size: 430KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d244837ab8b3b779cf1bbb18f2426983

Headers

File Characteristics

PDB Paths

Imports

setupapi

ntdll

gdi32

kernel32

powrprof

user32

version

sfc

sfcfiles

shlwapi

cryptui

netapi32

rpcrt4

urlmon

imm32

wintrust

Exports

Exports

Sections

.text Size: 502KB - Virtual size: 501KB

.data Size: 99KB - Virtual size: 128KB

.rsrc Size: 431KB - Virtual size: 430KB

.reloc Size: 30KB - Virtual size: 30KB

.text
Size: 502KB - Virtual size: 501KB

.data
Size: 99KB - Virtual size: 128KB

.rsrc
Size: 431KB - Virtual size: 430KB

.reloc
Size: 30KB - Virtual size: 30KB