ff5c6b1f423c62fd152660a00d983c3a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ff5c6b1f423c62fd152660a00d983c3a_JaffaCakes118
Size

63KB
MD5

ff5c6b1f423c62fd152660a00d983c3a
SHA1

8bb1c2525958fba7e609cc8c59834ee126e0b1a0
SHA256

f6b4c11c52a7621c9197dd0a43086cb69c32df50db5dec21c281c3a1d814a88a
SHA512

cfeff24b7bc56532f53630085677a4779c3ff217cd75a9eca8f8cef350681f5cf8ef4cc0eb510924e79fca33eedaaf8bbd41c6213561ae2bb390fe58b152766e
SSDEEP

1536:ZU5PSGKfPrG7khT8BvpjFdG4F14ioJ23EMhYMN7gqfyz5jjp:ZU5PfKi7gTgh64F14v8K9T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff5c6b1f423c62fd152660a00d983c3a_JaffaCakes118

Files

ff5c6b1f423c62fd152660a00d983c3a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

96be998c162d61a64fe90e464a0ecc33

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
SetProcessWorkingSetSize
SetConsoleFont
lstrcpynW
GetConsoleCursorInfo
ReadConsoleOutputA
SetConsoleMode
IsDebuggerPresent
GetTickCount
IsValidLanguageGroup
ReleaseSemaphore
QueryPerformanceCounter
GetStartupInfoW
VirtualLock
VirtualAlloc
SetVolumeMountPointA
IsBadHugeWritePtr
GetCurrentThreadId
MoveFileExA
GetComputerNameW
GetCurrentProcessId
Process32FirstW
CreateDirectoryA
BackupWrite
LockFileEx
EnumDateFormatsExA
FindVolumeMountPointClose
lstrcatA
GetPrivateProfileStringA
SetFileApisToOEM
LoadLibraryA
GetFirmwareEnvironmentVariableA
_lcreat

msi

MsiEnumComponentQualifiersA
MsiCreateTransformSummaryInfoA
MsiConfigureFeatureW
MsiDatabaseGenerateTransformW
MsiSetInstallLevel
MsiSetTargetPathA
MsiConfigureProductA
MsiProvideQualifiedComponentExW
MsiGetProductInfoA
MsiRecordReadStream
MsiMessageBoxA
MsiProvideQualifiedComponentExA
MsiCreateRecord
MsiViewExecute
MsiOpenPackageA
MsiGetProductCodeW
MsiInvalidateFeatureCache
MsiDatabaseMergeA
Migrate10CachedPackagesA
MsiInstallMissingFileW
DllUnregisterServer
MsiUseFeatureW
MsiGetProductInfoFromScriptA
MsiEnableLogW
MsiInstallProductW
MsiDatabaseImportW
MsiQueryFeatureStateA
MsiGetFeatureValidStatesW
MsiSummaryInfoGetPropertyA

wintrust

WintrustGetDefaultForUsage
WTHelperProvDataFromStateData
CryptCATCDFEnumMembersByCDFTag
SoftpubAuthenticode
WVTAsn1SpcIndirectDataContentDecode
CryptCATAdminResolveCatalogPath
CryptSIPGetRegWorkingFlags
mssip32DllUnregisterServer
WTHelperGetProvCertFromChain
DllRegisterServer
CryptCATCDFEnumMembers
CryptCATPersistStore
SoftpubInitialize
CryptCATCDFEnumMembersByCDFTagEx
CryptCATOpen
WTHelperCheckCertUsage
WVTAsn1SpcMinimalCriteriaInfoEncode
WVTAsn1CatMemberInfoDecode
SoftpubDumpStructure
CryptCATVerifyMember
WVTAsn1SpcIndirectDataContentEncode
CryptSIPPutSignedDataMsg

msacm32

XRegThunkEntry
acmFormatSuggest
acmDriverOpen
acmFormatChooseA
acmFormatTagDetailsW
acmStreamMessage
acmFormatTagDetailsA
acmFormatDetailsW
acmFormatChooseW
acmDriverDetailsA
acmMessage32
acmFilterChooseA
acmDriverPriority
acmFilterEnumW
acmStreamOpen
acmDriverEnum
acmFilterDetailsA
acmFormatEnumA
acmFilterTagDetailsW
acmFilterDetailsW
acmStreamReset
acmMetrics
acmFormatEnumW
acmFormatTagEnumA
acmDriverDetailsW
acmDriverAddW

wldap32

ldap_escape_filter_element
ldap_modrdnW
ldap_get_valuesA
ldap_get_values_lenW
ldap_search_stW
ldap_sasl_bind_sW
ldap_set_option
ldap_parse_extended_resultW
ldap_set_dbg_routine
ber_printf
ldap_bindW
ldap_modrdn2
ldap_rename_extW
ber_flatten
ldap_add_extW
ldap_encode_sort_controlW
ldap_dn2ufn
ldap_next_entry
ldap_get_dnW
ldap_modrdn2A
ldap_rename_extA
ldap_value_free
ldap_ufn2dnW
ldap_sslinit
ldap_start_tls_sA

msdart

?_DeleteIf@CLKRLinearHashTable@@AAEKP6G?AW4LK_PREDICATE@@PBXPAX@Z1AAW42@@Z
?_CalcKeyHash@CLKRHashTable@@ABEKK@Z
?WriteUnlock@CFakeLock@@QAEXXZ
??1CReaderWriterLock2@@QAE@XZ
?ReadOrWriteUnlock@CFakeLock@@QAEX_N@Z
?_CmpExch@CReaderWriterLock2@@AAE_NJJ@Z
??4CLockedSingleList@@QAEAAV0@ABV0@@Z
UMSEnterCSWraper
?ValidSignature@CLKRHashTable@@QBE_NXZ
?_H1@CLKRLinearHashTable@@CGKKK@Z
?BucketIndex@CLKRHashTableStats@@SGJJ@Z
?CreateHolder@@YGJPAUIGPDispenser@@HIPAPAUIGPHolder@@@Z
?Unlock@CLockedDoubleList@@QAEXXZ
??4CSmallSpinLock@@QAEAAV0@ABV0@@Z
?s_aBucketSizes@?1??BucketSizes@CLKRHashTableStats@@SGPBJXZ@4QBJB
?ReadUnlock@CSmallSpinLock@@QAEXXZ
?TryReadLock@CSpinLock@@QAE_NXZ
?sm_lpOSVERSIONINFO@CMdVersionInfo@@0PAU_OSVERSIONINFOW@@A
?_SegIndex@CLKRLinearHashTable@@ABEKK@Z
??1CSpinLock@@QAE@XZ
?InsertTail@CLockedDoubleList@@QAEXQAVCListEntry@@@Z
MpHeapAlloc
?ReadLock@CCritSec@@QAEXXZ

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96be998c162d61a64fe90e464a0ecc33

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msi

wintrust

msacm32

wldap32

msdart

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 23KB - Virtual size: 101KB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 408B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 23KB - Virtual size: 101KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 408B