07401128bd66e3e0e9ada506c30bdd4b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

07401128bd66e3e0e9ada506c30bdd4b_JaffaCakes118
Size

137KB
MD5

07401128bd66e3e0e9ada506c30bdd4b
SHA1

b19f33cd718c212bb319cc62bb9ec3d48ad9a2cc
SHA256

ec2af4407f9f8e8ada16744b761196667d7eacdc5f7692b40e1bfb4fd95d7171
SHA512

7e658f1f76a8fb4761c2255e06092fe23c81e8ea1bd4805cb05d9c792ee08afa41ceca3c30adf56f7fdc260dcd619f2a4b467760c352addd7b63f57225f1069e
SSDEEP

1536:U4ZGdZw4R5nLJpTxF5GQgZE84Lxj6j5rJ6xEPyntScpCkEJWXGKXgqXjrgRvJXei:ZIdZw+5L3184LB6jplrcXcBZqXH85e3y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07401128bd66e3e0e9ada506c30bdd4b_JaffaCakes118

Files

07401128bd66e3e0e9ada506c30bdd4b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

995eb96937b56063704bd9f5332f48af

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

vssapi

?OnBackupComplete@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPrepareBackupEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
??1CVssJetWriter@@UAE@XZ
IsVolumeSnapshotted
?Subscribe@CVssWriter@@QAGJK@Z
?OnContinueIOOnVolume@CVssWriter@@UAG_NPAGU_GUID@@1@Z
?CreateVssBackupComponents@@YGJPAPAVIVssBackupComponents@@@Z
?AreComponentsSelected@CVssWriter@@IBG_NXZ
??0CVssWriter@@QAE@XZ
?OnIdentify@CVssJetWriter@@UAG_NPAVIVssCreateWriterMetadata@@@Z
?IsPartialFileSupportEnabled@CVssWriter@@IBG_NXZ
?OnPreRestoreBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPostRestoreBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
??1CVssWriter@@UAE@XZ
?OnVSSShutdown@CVssWriter@@UAG_NXZ
??0CVssJetWriter@@QAE@XZ
?OnPreRestore@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPostRestoreEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
?OnThawBegin@CVssJetWriter@@UAG_NXZ
?OnBackupCompleteEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
?OnBackupCompleteBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPrepareBackup@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?GetBackupType@CVssWriter@@IBG?AW4_VSS_BACKUP_TYPE@@XZ
VssFreeSnapshotProperties
?CreateVssExamineWriterMetadata@@YGJPAGPAPAVIVssExamineWriterMetadata@@@Z
?OnPostSnapshot@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z

kernel32

FormatMessageA
RegisterWowBaseHandlers
_hwrite
GetEnvironmentVariableA
WritePrivateProfileStringW
GetConsoleAliasA
lstrcat
GetFileTime
HeapAlloc
RegisterConsoleIME
GetLocaleInfoW
ReleaseMutex
LeaveCriticalSection
GlobalUnWire
GetACP
CancelWaitableTimer
AddConsoleAliasA
GetCurrentThread
LocalLock
LocalFree
GetModuleHandleW
ReadConsoleInputExW
FindFirstVolumeW
LoadLibraryW
SetFileAttributesW
VerSetConditionMask
LocalFileTimeToFileTime

snmpapi

SnmpUtilUTF8ToUnicode
SnmpUtilUnicodeToUTF8
SnmpSvcAddrToSocket
SnmpUtilPrintOid
SnmpUtilVarBindCpy
SnmpUtilVarBindListCpy
SnmpUtilAsnAnyCpy
SnmpUtilOidCmp
SnmpTfxQuery
SnmpUtilVarBindFree
SnmpUtilMemFree
SnmpUtilOctetsCpy
SnmpSvcGetEnterpriseOID
SnmpUtilAsnAnyFree
SnmpSvcSetLogType
SnmpUtilMemReAlloc
SnmpUtilDbgPrint
SnmpUtilAnsiToUnicode
SnmpUtilOidFree
SnmpUtilVarBindListFree
SnmpSvcInitUptime
SnmpTfxClose
SnmpUtilOidNCmp

ws2_32

gethostbyaddr
getaddrinfo
htons
WSAInstallServiceClassA
WSAWaitForMultipleEvents
WSAAsyncGetProtoByNumber
__WSAFDIsSet
WSAGetServiceClassNameByClassIdA
WSAJoinLeaf
ntohl
WSAEnumNetworkEvents
WSAStringToAddressA
WSAAsyncGetServByPort
WSACancelBlockingCall
WSASetEvent
gethostname
WSAAddressToStringA
WSASend
WSAUnhookBlockingHook
WSCGetProviderPath
WSAAsyncGetProtoByName
WSAAsyncGetHostByName
WSASetServiceA
ntohs

winmm

midiStreamPosition
joySetCapture
waveOutGetNumDevs
mmioStringToFOURCCW
waveInGetID
midiStreamStop
mciSendStringA
WOW32ResolveMultiMediaHandle
timeGetTime
GetDriverModuleHandle
mciGetYieldProc
mmTaskYield
midiInGetErrorTextW
waveOutClose
midiInGetID
joyGetNumDevs
midiConnect
waveOutGetDevCapsW
mmioSetBuffer
waveInGetErrorTextW
midiOutLongMsg
joyGetPos
waveOutGetID
mciDriverNotify
mciGetErrorStringW
wod32Message
waveOutSetPlaybackRate
mxd32Message

user32

GetKeyboardLayoutNameW
DragObject
TabbedTextOutA
GetSubMenu
DdeNameService
DdeAccessData
WaitForInputIdle
CharToOemW
InSendMessage
SystemParametersInfoA
SendNotifyMessageW
GetDCEx
SetWindowContextHelpId
MapVirtualKeyW
GetWindowContextHelpId
SetPropA
GetGUIThreadInfo
AnimateWindow
IsDialogMessageW
LoadKeyboardLayoutEx

cryptext

CryptExtAddSPC
CryptExtAddP7RW
CryptExtOpenCRLW
CryptExtAddPFX
CryptExtOpenCATW
CryptExtOpenCERW
CryptExtOpenPKCS7W
CryptExtAddCTLW
CryptExtOpenP7R
DllUnregisterServer
CryptExtOpenSTR
CryptExtOpenSTRW
CryptExtOpenCRL
CryptExtAddCTL
CryptExtOpenCER
CryptExtOpenCAT
CryptExtAddCRL
CryptExtOpenCTLW
CryptExtOpenPKCS7
CryptExtOpenCTL
CryptExtAddCERW
CryptExtOpenP7RW

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

995eb96937b56063704bd9f5332f48af

Headers

File Characteristics

Imports

vssapi

kernel32

snmpapi

ws2_32

winmm

user32

cryptext

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 54KB - Virtual size: 53KB

.data Size: 27KB - Virtual size: 27KB

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 54KB - Virtual size: 53KB

.data
Size: 27KB - Virtual size: 27KB

.rsrc
Size: 6KB - Virtual size: 5KB