fe61715fc30c70473741ca414682e752_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fe61715fc30c70473741ca414682e752_JaffaCakes118
Size

861KB
MD5

fe61715fc30c70473741ca414682e752
SHA1

9d70126050872d85f18b7b37194cb70aed431b5d
SHA256

2775c60b05d2d70052996ab9abe50742afdef6aa75b289b8a950b7de10f1408c
SHA512

a9e86f876f0eeff927cc28c666f9d585a4bd0d828ec8dfecce3b25781f89c274bc95faf121044f7e31a28bd3b4dee587ad2ccca6109650b054521774992a8d52
SSDEEP

24576:IAGgUkNDPAfdtXKKMPW7A61G64mlL+bLV:IyNz2/7B1G6VL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe61715fc30c70473741ca414682e752_JaffaCakes118

Files

fe61715fc30c70473741ca414682e752_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b834e0507bf748bda89261b10d34023d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

glu32

gluPwlCurve
gluBeginSurface
gluNurbsCurve
gluProject
gluQuadricDrawStyle
gluEndSurface
gluBeginCurve
gluScaleImage
gluOrtho2D
gluDisk
gluErrorUnicodeStringEXT
gluUnProject
gluBuild1DMipmaps
gluQuadricOrientation
gluTessBeginContour
gluErrorString
gluTessVertex
gluQuadricCallback
gluQuadricTexture
gluDeleteQuadric
gluNewQuadric
gluEndCurve
gluQuadricNormals
gluTessEndContour
gluEndTrim
gluTessProperty
gluTessEndPolygon
gluNurbsSurface
gluSphere
gluNewNurbsRenderer
gluGetTessProperty
gluNurbsCallback
gluPartialDisk
gluBeginTrim
gluBuild2DMipmaps
gluNextContour
gluBeginPolygon
gluGetNurbsProperty
gluEndPolygon
gluPerspective
gluNewTess
gluCylinder
gluLoadSamplingMatrices
gluTessNormal
gluTessCallback

kernel32

IsValidCodePage
FreeConsole
SetConsolePalette
IsDebuggerPresent
EnumSystemLocalesA
WriteConsoleOutputAttribute
VirtualAlloc
SetVolumeMountPointA
ReleaseMutex
GetConsoleAliasA
GetHandleInformation
GetPrivateProfileIntA
ExpandEnvironmentStringsW
EnumResourceLanguagesW
LZInit
BaseCheckAppcompatCache
GetUserDefaultLCID
GetCalendarInfoW
FlushFileBuffers
WriteFile
CopyLZFile
IsWow64Process
LoadLibraryA
DebugBreak
CancelIo
IsValidLocale
EnterCriticalSection
DeleteFileW
LeaveCriticalSection
ReadFile
SetConsoleTitleA
Module32FirstW
DeleteVolumeMountPointA
TlsGetValue
GetPrivateProfileSectionNamesA
InitAtomTable
GetBinaryTypeA
SetSystemPowerState
OpenFileMappingW
DebugBreakProcess
FindResourceW
GetNativeSystemInfo
GetConsoleTitleA
ConvertDefaultLocale
GetSystemDefaultLCID
UnregisterWait
GetComputerNameExW
ActivateActCtx
GetCommState

setupapi

SetupRemoveSectionFromDiskSpaceListW
CM_Locate_DevNodeW
SetupAdjustDiskSpaceListA
CM_Get_First_Log_Conf
CM_Delete_Class_Key
SetupDiClassNameFromGuidW
CM_Register_Device_InterfaceW
SetupSetDirectoryIdExW
SetupQueryInfOriginalFileInformationW
pSetupRealloc
CM_Query_Arbitrator_Free_Data
SetupPrepareQueueForRestoreW
CM_Get_Device_Interface_List_ExW
SetupRenameErrorW
CM_Register_Device_Interface_ExW
CM_Locate_DevNode_ExA
SetupDiDeleteDeviceInterfaceRegKey
CM_Free_Res_Des_Handle
pSetupVerifyQueuedCatalogs
SetupSetPlatformPathOverrideA
SetupDiGetClassImageListExW
SetupDuplicateDiskSpaceListA
CM_Query_Arbitrator_Free_Data_Ex
CM_Enumerate_Enumerators_ExW
SetupDiGetClassDescriptionExW
SetupDiCreateDeviceInterfaceA
CM_Set_DevNode_Problem_Ex
CM_Find_Range
CM_Set_Class_Registry_PropertyA
SetupDiGetDeviceInfoListDetailA
CM_Enable_DevNode
SetupGetFileCompressionInfoExW
SetupIterateCabinetA
SetupLogFileW
CM_Get_Device_ID_List_ExA
SetupFindFirstLineA
pSetupRetrieveServiceConfig
CM_Get_Device_Interface_List_Size_ExW
CM_Unregister_Device_InterfaceW
SetupAddSectionToDiskSpaceListW
SetupInitializeFileLogA

ntdll

NtOpenThread
ZwCreatePagingFile
NtInitiatePowerAction
RtlUnicodeToCustomCPN
NtQueryInformationAtom
NtAllocateVirtualMemory
RtlSetLastWin32Error
ZwOpenKey
NtCreateSymbolicLinkObject
KiUserExceptionDispatcher
RtlGetCurrentPeb
RtlAddressInSectionTable
NtAssignProcessToJobObject
NtFlushInstructionCache
ZwAccessCheckByType
_strcmpi
ZwWriteRequestData
NtAllocateLocallyUniqueId
RtlFirstFreeAce
sqrt
RtlIsTextUnicode
RtlGetActiveActivationContext
RtlExitUserThread
ZwOpenFile
RtlDosSearchPath_Ustr
ZwQueryQuotaInformationFile
RtlDowncaseUnicodeChar
RtlEqualString
ZwGetPlugPlayEvent
RtlFreeHandle
ZwSetTimerResolution
wcscspn
NtQueryQuotaInformationFile
ZwSetValueKey
RtlInterlockedPushListSList
RtlFindLastBackwardRunClear
RtlSetHeapInformation
RtlUnicodeToOemN
RtlAddAccessAllowedAceEx
ZwTraceEvent
NtOpenIoCompletion
NtQuerySymbolicLinkObject
ZwSetSystemEnvironmentValueEx
ZwAccessCheckByTypeAndAuditAlarm

advapi32

RegisterEventSourceW
LsaICLookupNames
AddAuditAccessAce
SetEntriesInAclA
ChangeServiceConfigA
RegCreateKeyExW
MD4Init
EnumServicesStatusExW
CredMarshalCredentialA
RegOpenUserClassesRoot
ConvertStringSecurityDescriptorToSecurityDescriptorA
LsaEnumerateAccounts
ComputeAccessTokenFromCodeAuthzLevel
LsaAddAccountRights
GetInheritanceSourceA
SaferRecordEventLogEntry
IsTokenUntrusted
LookupAccountNameW
WmiSetSingleInstanceA
LsaQueryInformationPolicy
CredDeleteW
WmiNotificationRegistrationA
LsaOpenAccount
EncryptedFileKeyInfo
CredpConvertCredential
RemoveTraceCallback
LsaQueryInfoTrustedDomain
EnumDependentServicesA

lz32

LZSeek
LZCloseFile
LZOpenFileW
GetExpandedNameA
LZInit
LZOpenFileA
LZCreateFileW
LZRead
LZClose
CopyLZFile
LZCopy
LZStart
LZDone

rtutils

TraceGetConsoleA
RouterLogEventW
RouterLogEventStringW
TracePutsExA
TraceDeregisterW
TraceGetConsoleW
TraceVprintfExW
RouterLogDeregisterA
TracePrintfW
TracePrintfExA
TracePrintfExW
TraceVprintfExA
LogEventA
RouterLogEventExA
RouterLogEventDataA
RouterLogEventValistExW
TraceDumpExW
RouterLogRegisterA
MprSetupProtocolFree
TraceRegisterExW
RouterLogEventDataW
RouterGetErrorStringW
RouterLogEventA
LogErrorW
TraceDeregisterA
RouterLogEventStringA

Sections

.text
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 255KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 412KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b834e0507bf748bda89261b10d34023d

Headers

DLL Characteristics

File Characteristics

Imports

glu32

kernel32

setupapi

ntdll

advapi32

lz32

rtutils

Sections

.text Size: 190KB - Virtual size: 190KB

.rdata Size: 255KB - Virtual size: 255KB

.data Size: 412KB - Virtual size: 1.9MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 190KB - Virtual size: 190KB

.rdata
Size: 255KB - Virtual size: 255KB

.data
Size: 412KB - Virtual size: 1.9MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB