fe6e6ea33d5db9b454c22a2d13ee8095_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fe6e6ea33d5db9b454c22a2d13ee8095_JaffaCakes118
Size

178KB
MD5

fe6e6ea33d5db9b454c22a2d13ee8095
SHA1

4ca26319297896f1afc65d214d2a830b5d9c5079
SHA256

63821f44b369fab4062f37b4d4f3952c778a1eedc93995a4191c211deaf2ad2a
SHA512

e967f915b02ae192d228e6c5f3343a4b52d8e603ea21ad9185048be6dced2def69901904e68799658045e5774bd2e48ef1207792055e9e863f043b311d855da7
SSDEEP

3072:BJwuPe8096UhCnJp1yJl8sRcNodecYzPgZBLBATdft:AP8096cCnnMJuUc0ecYjIa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe6e6ea33d5db9b454c22a2d13ee8095_JaffaCakes118

Files

fe6e6ea33d5db9b454c22a2d13ee8095_JaffaCakes118
.exe windows:5 windows x86 arch:x86

852f5e07a2e0f44c6c9ce86502c3a6ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
GetModuleHandleW
lstrcpyW
GetStartupInfoW
LoadLibraryA
DuplicateHandle
SetDefaultCommConfigA
GetModuleHandleA
LeaveCriticalSection
GetTickCount
SetConsoleCP
WritePrivateProfileSectionA
SetLocaleInfoA
CloseProfileUserMapping
GetEnvironmentVariableW
LocalShrink
FindFirstVolumeA
LocalLock
VirtualUnlock
ReadFileScatter
ZombifyActCtx
FindVolumeMountPointClose
GetDiskFreeSpaceA
SetNamedPipeHandleState
LZOpenFileW
GetConsoleDisplayMode
SetHandleCount
GetNumaNodeProcessorMask
SetEnvironmentVariableW
GetConsoleOutputCP
VirtualAlloc
AddConsoleAliasW
ReadConsoleInputExA
SetEvent
ReadConsoleInputA
CommConfigDialogA
SetLocalTime
EnumSystemCodePagesA

ntdll

NtSetContextThread
ZwMapUserPhysicalPages
bsearch
NtQueryInformationFile
ZwLoadKey2
RtlSetHeapInformation
_strcmpi
ZwSetInformationKey
RtlSetUserFlagsHeap
KiUserExceptionDispatcher
RtlActivateActivationContextUnsafeFast
ZwOpenSection
RtlMultiAppendUnicodeStringBuffer
RtlCheckRegistryKey
RtlLargeIntegerDivide
ZwCompareTokens
RtlCancelTimer
ceil
NtConnectPort
LdrSetDllManifestProber
LdrGetDllHandle
ZwGetWriteWatch
NtSetLowWaitHighEventPair
NtSetSystemTime
_alldiv
NtAddAtom
NtSetEventBoostPriority
RtlSetIoCompletionCallback
RtlFreeHandle
CsrClientCallServer
RtlFindSetBitsAndClear
RtlWalkFrameChain
NtVdmControl
RtlNumberGenericTableElementsAvl
NtReplyWaitReceivePort
ZwReleaseKeyedEvent
RtlGetElementGenericTable
ZwAssignProcessToJobObject
LdrQueryProcessModuleInformation
ZwSuspendThread

user32

DialogBoxParamA
ShowCaret
SetUserObjectInformationW
WinHelpA
SetCaretPos
SetUserObjectInformationA
GetKeyNameTextW
SendNotifyMessageW
GetMouseMovePointsEx
MenuWindowProcW
ShowOwnedPopups
SetShellWindowEx
ExitWindowsEx
PrintWindow
ToAsciiEx
CallWindowProcW
MonitorFromRect
ReasonCodeNeedsBugID
DdeQueryNextServer
GetAltTabInfoA
ModifyMenuW
OpenDesktopW
LookupIconIdFromDirectory
ReplyMessage
GetKeyboardLayoutList
AttachThreadInput
SetCursorContents
BroadcastSystemMessageExA
ChildWindowFromPoint
MBToWCSEx
InsertMenuW
RegisterServicesProcess
LoadMenuA
HiliteMenuItem
DestroyAcceleratorTable
IsZoomed
SetClipboardData
IsGUIThread
SetMenuItemInfoA
IsIconic
GetRawInputDeviceInfoW
GetSysColorBrush
wsprintfW

query

?QueryInterface@CEnumString@@UAGJABU_GUID@@PAPAX@Z
?DisableNotification@CRegNotify@@QAEXXZ
?SetCatalog@CCatState@@QAEXPBG@Z
?MinPageInUse@CBufferCache@@QAEHAAK@Z
?SetBackupSize@CPropStoreManager@@QAEXKK@Z
?UpdateDiskLowInfo@CDiskFreeStatus@@QAEXXZ
??1COccRestriction@@QAE@XZ
??1CDbPropBaseRestriction@@QAE@XZ
?SetRunningAsSystem@CImpersonateSystem@@SGXXZ
?GetAllEntries@CPropertyList@@UAEJPAPAVCPropEntry@@K@Z
??1CDbSortKey@@QAE@XZ
??0CAllocStorageVariant@@QAE@AAUtagPROPVARIANT@@AAVPMemoryAllocator@@@Z
??0CFullPropSpec@@QAE@ABV0@@Z
??0CRcovStrmTrans@@IAE@AAVPRcovStorageObj@@W4RcovOpType@@@Z
??1CImpersonateClient@@QAE@XZ
??1CRegChangeEvent@@QAE@XZ
??1CPidRemapper@@QAE@XZ
?SetWeight@CDbCmdTreeNode@@QAEXJ@Z
?IsNullPointerVariant@@YGHPAUtagPROPVARIANT@@@Z
?Skip@CEnumWorkid@@UAGJK@Z
CIGetGlobalPropertyList
?CloseRecord@CPropStoreManager@@QAEXPAVCCompositePropRecord@@@Z
?GetTotalSizeInKB@CPropertyStore@@QAEKXZ
??1CRestriction@@QAE@XZ
_StartFWCiSvcWork@12
?AbortWorkItems@CWorkManager@@QAEXXZ
?SetSortProp@CCatState@@QAEXPBGW4SORTDIR@@I@Z
?UnMarshall@CDbNumeric@@QAEHAAVPDeSerStream@@@Z
?BorrowBuffer@CPhysStorage@@QAEPAKKHH@Z
?CleanupDataValue@CDbCmdTreeNode@@IAEXXZ
?GetStackTrace@@YGXPADK@Z
??0CDbContentRestriction@@QAE@PBGABUtagDBID@@KK@Z
?IsSameDrive@CDriveInfo@@QAEHPBG@Z

lz32

LZOpenFileW
LZCloseFile
LZDone
LZInit
LZSeek
CopyLZFile
GetExpandedNameA
LZClose
LZRead
LZStart
LZOpenFileA

wintrust

WVTAsn1SpcFinancialCriteriaInfoDecode
CryptCATAdminReleaseContext
MsCatConstructHashTag
WTHelperGetProvCertFromChain
CryptCATAdminReleaseCatalogContext
WVTAsn1SpcSpOpusInfoDecode
CryptCATAdminCalcHashFromFileHandle
WVTAsn1SpcSigInfoDecode
OfficeInitializePolicy
CryptCATCDFEnumMembersByCDFTag
WTHelperGetFileHandle
WTHelperGetFileHash
CryptCATPutCatAttrInfo
CryptCATVerifyMember
WTHelperCertFindIssuerCertificate
CryptSIPGetInfo
CryptSIPCreateIndirectData
WVTAsn1CatNameValueDecode
WintrustAddDefaultForUsage
OpenPersonalTrustDBDialogEx
mssip32DllUnregisterServer
WTHelperProvDataFromStateData
OfficeCleanupPolicy
WTHelperOpenKnownStores
HTTPSFinalProv
CryptCATStoreFromHandle
SoftpubCleanup
HTTPSCertificateTrust
WVTAsn1SpcSpAgencyInfoDecode
CryptCATAdminRemoveCatalog
OpenPersonalTrustDBDialog
mscat32DllRegisterServer
WTHelperIsInRootStore
WTHelperGetAgencyInfo

iasrad

DllGetClassObject
?initialize@VSAFilter@@QAEJXZ
?shutdown@VSAFilter@@QAEJXZ
?radiusToIAS@VSAFilter@@QBEJPAUIAttributesRaw@@@Z

Sections

.text
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

852f5e07a2e0f44c6c9ce86502c3a6ef

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

user32

query

lz32

wintrust

iasrad

Sections

.text Size: 119KB - Virtual size: 119KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 51KB - Virtual size: 222KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 119KB - Virtual size: 119KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 51KB - Virtual size: 222KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B