122d89e0a224f9e79acf5e3fd325ec70_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

122d89e0a224f9e79acf5e3fd325ec70_JaffaCakes118
Size

142KB
MD5

122d89e0a224f9e79acf5e3fd325ec70
SHA1

62046e0bedc1dc5d3d7532396ed40041ff654b38
SHA256

0b99e3b9a0bcf4a1a00329c027cf6e3e0666f74bf6b8a359438ea6256e909fc3
SHA512

28f65c05022aba3c64694a44b04f5571eccaa413033db464b3f08cca2176ea0693bf69b52c399ee2fd50a184c450ca8da420d4373bbcb0f35a4aa47d172a072c
SSDEEP

3072:n3PFwWZX3L433Sdz4bojnE/yndNvUx26OQHamwzOWFOY3RFtw:3PiYESdz4botfQ26OQ9wPztw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
122d89e0a224f9e79acf5e3fd325ec70_JaffaCakes118

Files

122d89e0a224f9e79acf5e3fd325ec70_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3f32a93e3f701443d90a485b76497da2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyn
GetCPInfo
_hread
OpenJobObjectW
GetTimeZoneInformation
GetModuleHandleA
GetProcessAffinityMask
GetModuleHandleW
GetCalendarInfoA
IsDBCSLeadByteEx
VDMOperationStarted
GetLocaleInfoA
LoadLibraryW
GetMailslotInfo
FindFirstFileA
CloseConsoleHandle
CreateSemaphoreA
GlobalGetAtomNameA
GetProfileIntA
CloseHandle
GetCurrentThread
BackupSeek
QueueUserWorkItem
UpdateResourceW
DisconnectNamedPipe
Heap32ListNext
GetThreadPriorityBoost
MapUserPhysicalPages

usp10

ScriptGetGlyphABCWidth
UspAllocTemp
ScriptShape
ScriptStringCPtoX
ScriptGetFontProperties
ScriptStringOut
ScriptStringGetOrder
UspAllocCache
ScriptLayout
LpkPresent
UspFreeMem
ScriptJustify
ScriptCacheGetHeight
ScriptStringXtoCP
ScriptStringFree
ScriptStringValidate
ScriptString_pcOutChars

snmpapi

SnmpUtilUnicodeToUTF8
SnmpUtilOidToA
SnmpUtilOctetsFree
SnmpUtilPrintOid
SnmpUtilOidCmp
SnmpUtilVarBindListCpy
SnmpTfxQuery
SnmpUtilOidCpy
SnmpUtilOidFree
SnmpUtilVarBindFree
SnmpUtilAsnAnyFree
SnmpUtilPrintAsnAny
SnmpUtilOctetsNCmp
SnmpUtilOctetsCpy
SnmpUtilMemAlloc
SnmpUtilAnsiToUnicode
SnmpSvcGetEnterpriseOID
SnmpSvcInitUptime
SnmpUtilOidAppend
SnmpSvcAddrToSocket
SnmpUtilUTF8ToUnicode
SnmpUtilUnicodeToAnsi
SnmpSvcAddrIsIpx

shell32

SHGetFolderLocation
StrRChrW
ShellHookProc
DragQueryFileW
RealShellExecuteExA
StrRChrA
SHEnableServiceObject
StrRStrIA
PrintersGetCommand_RunDLL
StrChrIW
DllUnregisterServer
StrStrA
ShellExec_RunDLLW
StrRChrIA
RealShellExecuteExW
SHCreateShellItem

ifsutil

?Initialize@VOL_LIODPDRV@@IAEEPBVWSTRING@@0PAVSUPERAREA@@PAVMESSAGE@@E@Z
??1VOL_LIODPDRV@@UAE@XZ
?QueryParents@DIGRAPH@@QBEEKPAVNUMBER_SET@@@Z
?Initialize@LOG_IO_DP_DRIVE@@QAEEPBVWSTRING@@0PAVMESSAGE@@E@Z
??0SECRUN@@QAE@XZ
?Write@SECRUN@@UAEEXZ
?AddEdge@DIGRAPH@@QAEEKK@Z
??0TLINK@@QAE@XZ
?EnableVolumeUpgrade@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?Write@LOG_IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
?CheckAndRemove@SPARSE_SET@@QAEEVBIG_INT@@PAE@Z
?Verify@IO_DP_DRIVE@@QAEEVBIG_INT@@0PAVNUMBER_SET@@@Z

mciseq

DriverProc

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f32a93e3f701443d90a485b76497da2

Headers

File Characteristics

Imports

kernel32

usp10

snmpapi

shell32

ifsutil

mciseq

Sections

.text Size: 85KB - Virtual size: 84KB

.rdata Size: 46KB - Virtual size: 45KB

.data Size: 512B - Virtual size: 280B

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 85KB - Virtual size: 84KB

.rdata
Size: 46KB - Virtual size: 45KB

.data
Size: 512B - Virtual size: 280B

.rsrc
Size: 9KB - Virtual size: 8KB