01d870dbc31a5e49112cd11c8525d911_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

01d870dbc31a5e49112cd11c8525d911_JaffaCakes118
Size

827KB
MD5

01d870dbc31a5e49112cd11c8525d911
SHA1

813ad9aae81a902eed906be8c82d49c9e1ea2544
SHA256

232126e0d7a291bd254f2de728116ac736beae5708df01816127c1fde2336387
SHA512

6bc7de50ba2bd20213b03a4dde55da6867d19cd4ebde583cd0672f070a52dd7ad6d70e2a10af6a9293f471e403b414908d236ec960c98896c9c3cb537521f450
SSDEEP

24576:cvpAyooyGPV2yHTrVSjGSltI9FrJJ9TAngnYI:YpApo2yXVT+U3Angnv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01d870dbc31a5e49112cd11c8525d911_JaffaCakes118

Files

01d870dbc31a5e49112cd11c8525d911_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3351c8c4519541481911079ee0e112f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetConsoleMenuClose
GetTimeFormatA
IsDebuggerPresent
WriteProcessMemory
_lcreat
GlobalFindAtomA
GetDiskFreeSpaceExA
GetSystemInfo
GetOEMCP
SetConsoleIcon
GetTapeStatus
SetThreadIdealProcessor
IsValidLocale
CompareStringA
GetCurrentThread
IsValidCodePage
FindNextVolumeA
GetModuleHandleW
ReplaceFile
HeapDestroy
GetNamedPipeHandleStateW
FileTimeToDosDateTime
CreateMemoryResourceNotification
IsValidLanguageGroup
DefineDosDeviceW
GetLocaleInfoA
LZSeek
LoadLibraryW
GetCPInfoExA
DeleteFileW
SetConsoleMode
WriteTapemark
GetConsoleAliasesW
RtlMoveMemory

ifsutil

?QueryCompressedInteger@BIG_INT@@QBEXPAE0@Z
?EnableFileSystem@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
??0DP_DRIVE@@QAE@XZ
?IsEntryPresent@AUTOREG@@SGEPBVWSTRING@@0@Z
?FileSetAttributes@IFS_SYSTEM@@SGEPBVWSTRING@@KPAK@Z
?ShellSort@TLINK@@QAEXXZ
?QueryMediaByte@DP_DRIVE@@QBEEXZ
?Initialize@DIGRAPH@@QAEEK@Z
?GetDrive@SUPERAREA@@QAEPAVIO_DP_DRIVE@@XZ

mmcbase

?MMCErrorBox@@YGHII@Z
??1CEventBuffer@@QAE@XZ
?GetMainThreadID@SC@mmcerror@@SGKXZ
?FromMMC@SC@mmcerror@@QAEAAV12@J@Z
??4CEventBuffer@@QAEAAV0@ABV0@@Z
?GetComObjectEventSource@@YGAAV?$CEventSource@VCComObjectObserver@@VCVoid@@V2@V2@V2@@@XZ
?GetErrorMessage@SC@mmcerror@@QBEXIPAG@Z
?GetCode@SC@mmcerror@@QBEJXZ
?AddRef@CMMCStrongReferences@@SGKXZ
??8SC@mmcerror@@QBE_NABV01@@Z
?s_hInst@SC@mmcerror@@0PAUHINSTANCE__@@A
?GetHelpFile@SC@mmcerror@@SGPBGXZ
?ScEmitOrPostpone@CEventBuffer@@QAE?AVSC@mmcerror@@PAUIDispatch@@JPAVCComVariant@ATL@@H@Z
?FromWin32@SC@mmcerror@@QAEAAV12@J@Z
?SetMainThreadID@SC@mmcerror@@SGXK@Z

wsock32

SetServiceA
WSAAsyncGetServByPort
sendto
shutdown
ntohs
WSAAsyncGetProtoByName
bind
recv
WSASetLastError
getservbyname
WEP
WSAAsyncGetServByName
WSAIsBlocking
gethostbyname
inet_addr
TransmitFile
select

msorcl32

SQLNumParams
SQLSetConnectOption
SQLProcedureColumns
ConfigDSN
SQLGetData
SQLGetInfo
SQLFetch
SQLGetConnectOption
SQLExtendedFetch
SQLDisconnect
SQLSetStmtOption
SQLSpecialColumns
SQLAllocConnect
DllRegisterServer
SQLAllocEnv
SQLSetPos
SQLCancel

shell32

Options_RunDLLA
SHGetUnreadMailCountW
SHCreateShellItem
SHCreateQueryCancelAutoPlayMoniker
DragQueryFileA
FreeIconList
ExtractIconExA
SHUpdateRecycleBinIcon
ExtractIconW
SHCreateProcessAsUserW
DragAcceptFiles
Shell_NotifyIcon
WOWShellExecute
SHGetIconOverlayIndexA
SHCreateDirectoryExW
SHBrowseForFolder
Shell_NotifyIconA

mtxclu

MtxCluIsClusterPresentExW
MtxCluBringOnlineDTCW
MtxCluIsSameNodeW
Startup
MtxCluIsSameClusterW
MtxCluGetSecurityRegValue
MtxCluGetComputerNameW
MtxCluTakeOfflineDTCW
MtxCluGetDTCStatusW
MtxCluGetDTCVirtualServerNameW
MtxCluSetSecurityRegValue
MtxCluIsClusterPresent
MtxCluIsNetworkNameInLocalClusterW

Sections

.text
Size: 395KB - Virtual size: 394KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 157KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3351c8c4519541481911079ee0e112f6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ifsutil

mmcbase

wsock32

msorcl32

shell32

mtxclu

Sections

.text Size: 395KB - Virtual size: 394KB

.rdata Size: 162KB - Virtual size: 161KB

.data Size: 157KB - Virtual size: 1.5MB

.rsrc Size: 111KB - Virtual size: 110KB

.reloc Size: 1024B - Virtual size: 804B

.text
Size: 395KB - Virtual size: 394KB

.rdata
Size: 162KB - Virtual size: 161KB

.data
Size: 157KB - Virtual size: 1.5MB

.rsrc
Size: 111KB - Virtual size: 110KB

.reloc
Size: 1024B - Virtual size: 804B