08ff0760c78fb9b16b7b52d975825d53_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

08ff0760c78fb9b16b7b52d975825d53_JaffaCakes118
Size

175KB
MD5

08ff0760c78fb9b16b7b52d975825d53
SHA1

065c36d2cebb137498b101cbb8585a0fdecc716b
SHA256

7ab622fbfa0220af606754de43471858722bffb92a32e64932d86770b9b3234d
SHA512

0bc0211acb5ded904ae100f3c1be4a4f348ea90947150b27a1a51ef36096af779c39671f105bb30bbd62481b5f5455ae3ebc07326ed9f7c7c22b24d9825e86a9
SSDEEP

3072:rSZFlTpWbTqq6E/U1SYeeZQaxXfCQxgu2PYRYUDXSDBAAbCttD0wxgdBrmpwj:rulT0bD/UczeCaxPBH2onDK4iwe1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08ff0760c78fb9b16b7b52d975825d53_JaffaCakes118

Files

08ff0760c78fb9b16b7b52d975825d53_JaffaCakes118
.exe windows:5 windows x86 arch:x86

99a95522b32f50d8d915e90eaad15877

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsAlloc
HeapSize
GetPrivateProfileIntW
DeviceIoControl
IsBadHugeWritePtr
WriteConsoleInputW
HeapCreate
VirtualAlloc
IsProcessorFeaturePresent
DosPathToSessionPathW
FileTimeToDosDateTime
IsValidLocale
SetFirmwareEnvironmentVariableA
EndUpdateResourceA
FreeEnvironmentStringsA
FindAtomW
ReadConsoleInputA
CloseConsoleHandle
VerifyConsoleIoHandle
IsBadWritePtr
EndUpdateResourceW
DefineDosDeviceW
VerifyVersionInfoW
DeleteTimerQueue
SetTimerQueueTimer
WaitForMultipleObjects
LocalAlloc
FatalAppExitW
GetSystemDirectoryW
GetCurrentActCtx
MoveFileExW
WriteConsoleOutputCharacterW
GetLastError
TryEnterCriticalSection
SetFileApisToANSI
CreateFileW
HeapSetInformation
FindNextVolumeA
CommConfigDialogW
SetThreadIdealProcessor
ReadFileScatter
lstrcpynW
GetPrivateProfileSectionNamesW
GetConsoleAliasExesW
SetVolumeMountPointA
AllocateUserPhysicalPages
GetConsoleAliasesLengthA
SetProcessPriorityBoost
DisconnectNamedPipe
IsDBCSLeadByteEx
GetConsoleAliasExesA
Beep
WriteConsoleOutputCharacterA
SetFileTime
GetSystemDefaultLCID
ProcessIdToSessionId
GetConsoleCP
GetACP
UnregisterWait
CreateWaitableTimerW
SwitchToFiber
ShowConsoleCursor
AllocConsole
MapViewOfFileEx
GetConsoleAliasesW
RegisterConsoleOS2
lstrcmp
WriteProfileSectionA
FreeEnvironmentStringsW
GlobalFix
EnumUILanguagesW
SetVolumeLabelA
GetFirmwareEnvironmentVariableA
GetEnvironmentStringsW
TzSpecificLocalTimeToSystemTime
LZCloseFile
GetSystemPowerStatus
OutputDebugStringA
GetUserDefaultUILanguage
MoveFileExA
VirtualLock
WaitNamedPipeW
OpenJobObjectW
GetCommState
CancelDeviceWakeupRequest
GetOEMCP
GlobalFindAtomA
GetThreadTimes
SetThreadExecutionState
RaiseException
ConnectNamedPipe
GetNamedPipeHandleStateW
DosPathToSessionPathA
RemoveLocalAlternateComputerNameA
FileTimeToLocalFileTime
GetTapePosition
SetConsoleDisplayMode
ReplaceFileA
GetTimeFormatA
GlobalSize
Heap32ListFirst
FindActCtxSectionStringA
GetCompressedFileSizeW
GetUserGeoID
AddAtomA
DebugBreakProcess
_lclose
SetConsolePalette
PurgeComm
SetHandleContext
QueueUserAPC
WaitCommEvent
LZClose
FillConsoleOutputCharacterA
InterlockedPopEntrySList
NlsGetCacheUpdateCount
MapUserPhysicalPages
RegisterWaitForSingleObjectEx
WriteConsoleInputVDMA
ReleaseActCtx
ScrollConsoleScreenBufferW
GetThreadSelectorEntry
UnlockFileEx
GlobalUnlock
GetSystemWindowsDirectoryW
ExpandEnvironmentStringsA
FindNextVolumeMountPointW
GetVolumeInformationW
GetStdHandle
FlushConsoleInputBuffer
FindAtomA
GetNextVDMCommand
EnumResourceNamesA
CreateToolhelp32Snapshot
QueryDosDeviceA
ReadConsoleOutputCharacterW
SignalObjectAndWait
GetFileInformationByHandle
WriteConsoleW
LoadLibraryA
CreateHardLinkA
LocalHandle
EnumSystemCodePagesA
GetProcessIoCounters
BuildCommDCBAndTimeoutsA
CopyFileExW
GetCalendarInfoW
RegisterWaitForInputIdle
SetConsoleMode
FindNextFileW
GetSystemTime
WriteProcessMemory
SetInformationJobObject
HeapDestroy
RequestDeviceWakeup
WTSGetActiveConsoleSessionId
GetConsoleDisplayMode
GetFileSize
LZInit
GetThreadLocale
WriteConsoleA
SetCurrentDirectoryW
GetDefaultCommConfigW
LocalFree
PrivMoveFileIdentityW
GetProcAddress
FindResourceA
EnumDateFormatsExA
GetModuleFileNameA
CreateNamedPipeW

rasapi32

RasEnumEntriesW
RasGetErrorStringA
RasScriptTerm
RasEnumDevicesW
RasGetErrorStringW
RasGetProjectionInfoW
RasSetSubEntryPropertiesA
RasEnumEntriesA
RasDialA
RasGetConnectStatusW
RasSetAutodialAddressW
RasSetEntryPropertiesW
RasGetHport
RasSetEapUserDataA
RasGetEntryPropertiesA
RasSetAutodialEnableW
RasEnumDevicesA
RasFreeEapUserIdentityW
RasQuerySharedConnection
RasGetEntryDialParamsA
RasScriptInit
RasGetSubEntryPropertiesW
RasGetProjectionInfoA
RasHangUpW
RasSetSharedAutoDial

wmi

WmiQuerySingleInstanceA
CloseTrace
WmiSetSingleInstanceW
WmiOpenBlock
QueryAllTracesA
StartTraceA
WmiQueryAllDataA
WmiFileHandleToInstanceNameW
RemoveTraceCallback
RegisterTraceGuidsW
WmiExecuteMethodW
WmiEnumerateGuids
WmiQueryAllDataW
TraceEvent
ControlTraceW
SetTraceCallback
GetTraceLoggerHandle
WmiCloseBlock
WmiMofEnumerateResourcesW
WmiNotificationRegistrationA
StartTraceW
WmiNotificationRegistrationW
QueryAllTracesW
WmiSetSingleItemA
WmiSetSingleItemW
WmiDevInstToInstanceNameW
UnregisterTraceGuids
RegisterTraceGuidsA
WmiSetSingleInstanceA
OpenTraceA
ControlTraceA
WmiFileHandleToInstanceNameA
OpenTraceW
WmiExecuteMethodA
TraceEventInstance
WmiQuerySingleInstanceW
WmiMofEnumerateResourcesA
EnableTrace
WmiDevInstToInstanceNameA
ProcessTrace
GetTraceEnableFlags
GetTraceEnableLevel
CreateTraceInstanceId
WmiQueryGuidInformation

ntdll

ZwFlushVirtualMemory
ZwSecureConnectPort
NtSetSystemInformation
DbgBreakPoint
NtOpenMutant
ZwSetInformationThread
NlsMbCodePageTag
RtlDllShutdownInProgress
RtlRemoveVectoredExceptionHandler
RtlInitUnicodeStringEx
RtlDetermineDosPathNameType_U
ZwOpenProcessTokenEx
NtQueryAttributesFile
ZwReplyWaitReplyPort
RtlSetTimer
ZwCreateKeyedEvent
RtlDeactivateActivationContextUnsafeFast
ZwReadVirtualMemory
ZwSetThreadExecutionState
ZwAccessCheckByTypeResultListAndAuditAlarmByHandle
ZwRequestPort
RtlGetNtGlobalFlags
RtlMapSecurityErrorToNtStatus
ZwSetHighEventPair
ZwAccessCheckByTypeResultList
RtlDeleteTimerQueue
vDbgPrintExWithPrefix
RtlDeleteElementGenericTable
ZwCreateEventPair
RtlUnicodeStringToOemSize
RtlPrefixString
RtlAddressInSectionTable
NtGetContextThread
RtlIpv6StringToAddressW
ZwAllocateVirtualMemory
RtlLengthSecurityDescriptor
RtlValidRelativeSecurityDescriptor
NtQueryObject
ZwTestAlert
NtShutdownSystem
RtlLookupAtomInAtomTable
NtReplyWaitReplyPort
RtlIpv6StringToAddressA

msoert2

HrCreateTridentMenu
HrStreamSeekBegin
CleanupGlobalTempFiles
PVGetCertificateParam
CryptAllocFunc
RicheditStreamIn
PszDupA
CrackNotificationPackage
HrCopyStreamCB
MessageBoxInstW
ShellUtil_GetSpecialFolderPath
HrGetCertKeyUsage
HrFillRasCombo
HrIStreamWToBSTR
CchFileTimeToDateTimeSz
AppendTempFileList
OpenFileStreamW
WriteStreamToFile
HrGetCertificateParam
PszToUnicode
HrStreamSeekSet
HrIsStreamUnicode
_MSG
OpenFileStream
CreateTempFileStream
StrToUintA
BrowseForFolderW

d3dxof

DllGetClassObject
DirectXFileCreate

samlib

SamSetInformationDomain
SamSetInformationUser
SamOpenUser
SamFreeMemory
SamCreateAliasInDomain
SamGetCompatibilityMode
SamSetMemberAttributesOfGroup
SamGetMembersInGroup
SamGetDisplayEnumerationIndex
SamChangePasswordUser
SamCloseHandle
SamLookupIdsInDomain
SamiChangePasswordUser2
SamAddMultipleMembersToAlias
SamSetInformationGroup
SamiSetBootKeyInformation
SamRemoveMemberFromAlias
SamOpenGroup
SamOpenDomain
SamAddMemberToAlias
SamSetSecurityObject
SamGetAliasMembership
SamEnumerateDomainsInSamServer
SamQueryInformationUser
SamCreateUser2InDomain
SamDeleteUser
SamCreateGroupInDomain
SamEnumerateUsersInDomain
SamQueryInformationAlias
SamQueryInformationDomain

Sections

.text
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

99a95522b32f50d8d915e90eaad15877

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

rasapi32

wmi

ntdll

msoert2

d3dxof

samlib

Sections

.text Size: 91KB - Virtual size: 91KB

.rdata Size: 39KB - Virtual size: 39KB

.data Size: 44KB - Virtual size: 232KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 91KB - Virtual size: 91KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 44KB - Virtual size: 232KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 1024B