0ebcba7945be60b2281a4e2eecc5b4d0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0ebcba7945be60b2281a4e2eecc5b4d0_JaffaCakes118
Size

865KB
MD5

0ebcba7945be60b2281a4e2eecc5b4d0
SHA1

88fa5865248da785710fe8f19ce33cd308a1ba80
SHA256

b69d85c9c75222c2d767c268a1a0c2dff5e680c5e13c38257035ebfac8017ce2
SHA512

6c6ccf821f068c1b3b898d616b0c4abc0dee22044b11db4dadd5e7b595c8de8e7aa5efb31ad8502912e7148e263d92d01130703547db287ebe9f0e0494f54969
SSDEEP

24576:uXHT0ZUMoQPp/2gLsWKgD2xHQKq/3zGUqtvM93apyYGMb:MHMUMvB/9sWK9xnq/jGUqtg81

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ebcba7945be60b2281a4e2eecc5b4d0_JaffaCakes118

Files

0ebcba7945be60b2281a4e2eecc5b4d0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5ba73011136bdd429c650c5b3a0f7596

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscms

GetColorDirectoryA
CheckColors
CreateProfileFromLogColorSpaceW
TranslateBitmapBits
GetColorProfileFromHandle
EnumColorProfilesA
EnumColorProfilesW
DisassociateColorProfileFromDeviceW
InternalSetDeviceConfig
OpenColorProfileW
GenerateCopyFilePaths
GetStandardColorSpaceProfileW
InternalGetPS2ColorRenderingDictionary
CloseColorProfile
AssociateColorProfileWithDeviceW
GetColorProfileElement
InternalGetDeviceConfig
AssociateColorProfileWithDeviceA
GetColorProfileElementTag
GetPS2ColorRenderingDictionary
InstallColorProfileW
InternalGetPS2CSAFromLCS
GetStandardColorSpaceProfileA
GetColorDirectoryW
GetColorProfileHeader
ConvertIndexToColorName
GetPS2ColorRenderingIntent
DeleteColorTransform
ConvertColorNameToIndex
UnregisterCMMW
TranslateColors
SetStandardColorSpaceProfileA
CreateColorTransformA
CheckBitmapBits
SetColorProfileHeader
IsColorProfileTagPresent
GetCMMInfo
GetPS2ColorSpaceArray
SetColorProfileElement

kernel32

GetSystemDefaultUILanguage
LeaveCriticalSection
QueryDepthSList
SetStdHandle
GetOverlappedResult
PurgeComm
CompareStringW
OutputDebugStringA
VirtualAlloc
GetProcessWorkingSetSize
TlsGetValue
LocalHandle
SetCommState
WriteConsoleW
FindFirstVolumeA
GlobalDeleteAtom
GetBinaryTypeA
CancelWaitableTimer
GlobalFindAtomW
AssignProcessToJobObject
SetLocalTime
EnumCalendarInfoA
DeleteCriticalSection
GetAtomNameA
WriteFileGather
EnterCriticalSection
RtlFillMemory
EraseTape
TransactNamedPipe
EnumResourceNamesA
InitAtomTable
GetConsoleCursorInfo
GetConsoleDisplayMode
FoldStringW
ExitProcess
EnumResourceNamesW
FreeResource
FreeUserPhysicalPages
InterlockedFlushSList
GetComputerNameA
LoadLibraryA
DebugBreakProcess
ExitThread
GetStartupInfoA
GetConsoleCP
Heap32Next
LoadLibraryExA
QueryDosDeviceA
CreateFileW
WriteTapemark

wtsapi32

WTSSendMessageW
WTSDisconnectSession
WTSVirtualChannelQuery
WTSVirtualChannelOpen
WTSSetSessionInformationA
WTSEnumerateSessionsW
WTSSetSessionInformationW
WTSEnumerateServersA
WTSVirtualChannelClose
WTSQueryUserConfigW
WTSSetUserConfigA
WTSQuerySessionInformationW
WTSFreeMemory
WTSEnumerateProcessesA
WTSVirtualChannelPurgeOutput
WTSWaitSystemEvent
WTSLogoffSession
WTSShutdownSystem
WTSQuerySessionInformationA
WTSEnumerateServersW
WTSUnRegisterSessionNotification
WTSSendMessageA
WTSCloseServer
WTSVirtualChannelPurgeInput
WTSEnumerateSessionsA
WTSQueryUserConfigA
WTSOpenServerA
WTSOpenServerW
WTSVirtualChannelWrite
WTSTerminateProcess
WTSEnumerateProcessesW

activeds

ADsBuildEnumerator
AdsFreeAdsValues
ConvertSecurityDescriptorToSecDes
ReallocADsMem
ADsEncodeBinaryData
AllocADsStr
FreeADsMem
PropVariantToAdsType2
ADsGetObject
AdsTypeToPropVariant
ADsGetLastError
ADsFreeEnumerator
SecurityDescriptorToBinarySD
AdsTypeToPropVariant2
PropVariantToAdsType
ADsBuildVarArrayStr
BinarySDToSecurityDescriptor
ADsEnumerateNext
AllocADsMem
ADsBuildVarArrayInt
ADsOpenObject
DllGetClassObject
ReallocADsStr
ADsDecodeBinaryData
ADsSetLastError

dnsapi

DnsReplaceRecordSetW
DnsCreateStringCopy
DnsFindAuthoritativeZone
Dns_ResetNetworkInfo
DnsDhcpSrvRegisterTerm
NetInfo_Copy
GetCurrentTimeInSeconds
Dns_WriteDottedNameToPacket
DnsIsAMailboxType
DnsStringCopyAllocateEx
Dns_WriteQuestionToMessage
QueryDirectEx
DnsQuery_W
Dns_SendEx
Dns_InitializeMsgRemoteSockaddr
DnsWriteQuestionToBuffer_UTF8
Dns_AllocateMsgBuf
DnsApiAlloc
Query_Main
Dns_SetRecordDatalength
DnsUpdateTest_A
DnsDhcpSrvRegisterHostName
DnsUpdateTest_UTF8
DnsRecordSetDetach
DnsRecordTypeForName
DnsStatusString
DnsUnicodeToUtf8
DnsAllocateRecord
Dns_ReadPacketNameAllocate
DnsIsStatusRcode
DnsMapRcodeToStatus
NetInfo_ResetServerPriorities
DnsCreateStandardDnsNameCopy
DnsNotifyResolverEx
Dns_PingAdapterServers
Dns_AddRecordsToMessage

ntdll

NtAccessCheckByType
RtlDeleteNoSplay
ZwQueryInformationPort
NtEnumerateSystemEnvironmentValuesEx
ZwFindAtom
NtCreateNamedPipeFile
RtlMapSecurityErrorToNtStatus
RtlInitializeResource
RtlFindMostSignificantBit
RtlInterlockedPushEntrySList
RtlUpcaseUnicodeChar
RtlInitializeRXact
RtlUpcaseUnicodeStringToOemString
RtlExitUserThread
LdrGetDllHandle
RtlCompactHeap
RtlDeleteTimerQueue
DbgPrompt
RtlMakeSelfRelativeSD
NtStartProfile
NtUnloadKeyEx
NtSetUuidSeed
RtlTraceDatabaseEnumerate
RtlDecompressBuffer
DbgSetDebugFilterState
RtlEnableEarlyCriticalSectionEventCreation
ZwFsControlFile
RtlVerifyVersionInfo
ZwOpenProcessTokenEx
DbgUiConnectToDbg
RtlInterlockedPopEntrySList
NtOpenEventPair
RtlStringFromGUID
ZwSetDebugFilterState
NtCancelIoFile
RtlSetCurrentEnvironment
RtlpEnsureBufferSize
RtlIpv4AddressToStringA
LdrLockLoaderLock
RtlComputePrivatizedDllName_U
RtlWalkHeap
ZwOpenFile
NtOpenKeyedEvent
_atoi64
RtlCopySecurityDescriptor
isxdigit
strncmp
RtlActivateActivationContext
ZwAccessCheckByTypeAndAuditAlarm
RtlHashUnicodeString
RtlDefaultNpAcl
DbgUiStopDebugging
RtlNumberOfClearBits
NtAreMappedFilesTheSame
RtlGetSecurityDescriptorRMControl
ZwQueryTimerResolution
RtlAddAtomToAtomTable

oleaut32

VarI8FromR4
VarR8Round
QueryPathOfRegTypeLib
VarRound
VarUI4FromR8
VarCyFromUI4
VarI8FromI2
OleLoadPictureEx
VarDateFromI2
VarInt
VarI4FromI1
VarCyFromR8
SysAllocString
VarUI2FromI1
VarR4FromDec
VarFormatCurrency
VarI4FromUI1
VarI8FromUI4
SafeArrayGetVartype
OleCreatePropertyFrame
GetAltMonthNames
VarUI2FromUI1
VarDecFromI4
LHashValOfNameSysA
VarDateFromDisp
VariantClear
SafeArrayGetLBound
SafeArraySetIID
VarI1FromI4
OACreateTypeLib2
VarDecFromDisp
VarI2FromDec
VarI8FromDec
VarBstrFromR8

powrprof

GetCurrentPowerPolicies
ReadPwrScheme
DeletePwrScheme
IsAdminOverrideActive
SetActivePwrScheme
CanUserWritePwrScheme
CallNtPowerInformation
GetPwrDiskSpindownRange
GetPwrCapabilities
EnumPwrSchemes
MergeLegacyPwrScheme
IsPwrHibernateAllowed
WriteGlobalPwrPolicy
IsPwrSuspendAllowed
ReadGlobalPwrPolicy
ReadProcessorPwrScheme
GetActivePwrScheme
WritePwrScheme
ValidatePowerPolicies
WriteProcessorPwrScheme
LoadCurrentPwrScheme
IsPwrShutdownAllowed
SetSuspendState

ole32

StgGetIFillLockBytesOnFile
HBITMAP_UserSize
OleConvertOLESTREAMToIStorageEx
WdtpInterfacePointer_UserUnmarshal
CLIPFORMAT_UserSize
MonikerCommonPrefixWith
OleSetAutoConvert
StgConvertVariantToProperty
HMENU_UserUnmarshal
HPALETTE_UserMarshal
CoRegisterMallocSpy
HENHMETAFILE_UserUnmarshal
CoRetireServer
CreateAntiMoniker
CoGetMarshalSizeMax
OleQueryCreateFromData
CoGetTreatAsClass
SNB_UserFree
WriteClassStm
OleCreateFromData
StgSetTimes
HBRUSH_UserFree
CoGetApartmentID
CoQueryProxyBlanket
CoMarshalInterThreadInterfaceInStream
DllGetClassObject
CoGetInstanceFromFile
HBITMAP_UserMarshal
OleGetIconOfClass
CoSuspendClassObjects
WriteOleStg
CreateObjrefMoniker
CoGetObject
CreateItemMoniker
CoGetCallerTID
OleGetClipboard
CoGetInstanceFromIStorage
OleCreate
CoGetStandardMarshal
HDC_UserMarshal
CoWaitForMultipleHandles

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 252KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 560KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ba73011136bdd429c650c5b3a0f7596

Headers

DLL Characteristics

File Characteristics

Imports

mscms

kernel32

wtsapi32

activeds

dnsapi

ntdll

oleaut32

powrprof

ole32

Sections

.text Size: 49KB - Virtual size: 48KB

.rdata Size: 252KB - Virtual size: 251KB

.data Size: 560KB - Virtual size: 1.9MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 932B

.text
Size: 49KB - Virtual size: 48KB

.rdata
Size: 252KB - Virtual size: 251KB

.data
Size: 560KB - Virtual size: 1.9MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 932B