158d319077eb127d676dd7ee8ffabbbf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

158d319077eb127d676dd7ee8ffabbbf_JaffaCakes118
Size

858KB
MD5

158d319077eb127d676dd7ee8ffabbbf
SHA1

06fb51a68a0217364bf58e36750289c5afcd3d13
SHA256

7505560371da474c488e44bba25f0dad6cfae6b6f792b73b3020438823b7bea4
SHA512

f39742ecda9a8fe0bb3311eb6190a72a274310fa33eaa330a65185cf0aea8c42ba2c5ee6857abacc3c87559f20a123aeaade8723495a8714fbc04c77ebac77d9
SSDEEP

12288:v3vvwc3ZcwSptVXr6TuA2tK8mS989vvkNyE5cBN8HLFfDGDMgAvM:/7ZJSpn95nkvREYN8HLFyDl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
158d319077eb127d676dd7ee8ffabbbf_JaffaCakes118

Files

158d319077eb127d676dd7ee8ffabbbf_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9ad25763117b8a50dbf27973d12ca11a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winsta

WinStationRenameA
WinStationServerPing
WinStationGetProcessSid
_WinStationShadowTarget
_WinStationCheckForApplicationName
ServerLicensingUnloadPolicy
WinStationOpenServerW
WinStationEnumerateProcesses
WinStationCloseServer
_NWLogonQueryAdmin
WinStationConnectA
WinStationEnumerate_IndexedA
WinStationRemoveLicense
ServerLicensingSetPolicy
_WinStationNotifyNewSession
_WinStationNotifyLogoff
WinStationEnumerateLicenses
ServerLicensingGetPolicy
WinStationNameFromLogonIdA
WinStationGenerateLicense
_WinStationUpdateClientCachedCredentials
_WinStationWaitForConnect
ServerQueryInetConnectorInformationW
ServerLicensingOpenW
ServerLicensingDeactivateCurrentPolicy
WinStationRegisterConsoleNotification
WinStationInstallLicense
ServerSetInternetConnectorStatus
_WinStationBeepOpen
WinStationShutdownSystem
WinStationConnectW
WinStationSetInformationW
_WinStationShadowTargetSetup
ServerQueryInetConnectorInformationA
WinStationActivateLicense

advapi32

ImpersonateSelf
OpenSCManagerW
A_SHAInit
EncryptionDisable
SaferSetLevelInformation
DuplicateEncryptionInfoFile
CredReadW
GetNamedSecurityInfoA
LsaSetInformationTrustedDomain
LsaOpenSecret
RegEnumKeyExW
CryptDestroyKey
SystemFunction017
EncryptFileA
WmiSetSingleItemW
RegSetValueW
MakeSelfRelativeSD
RegSetKeySecurity
SystemFunction013
AddUsersToEncryptedFile
CredMarshalCredentialW
GetLocalManagedApplicationData
RegSaveKeyW
GetServiceDisplayNameW
RegUnLoadKeyA
AdjustTokenGroups
CryptVerifySignatureW
RegQueryValueExA
EnableTrace
RegLoadKeyW
RegQueryMultipleValuesW
ProcessTrace
SystemFunction036
GetTrusteeTypeW
SystemFunction031
BackupEventLogA
ChangeServiceConfig2A

shlwapi

StrTrimA
UrlEscapeW
PathIsURLA
UrlCompareA
PathUnmakeSystemFolderW
SHOpenRegStreamW
ColorAdjustLuma
PathIsNetworkPathW
PathMakeSystemFolderW
PathIsUNCServerA
UrlCombineW
PathIsLFNFileSpecW
PathAddExtensionA
StrRChrIA
StrChrW
PathMakePrettyA
wnsprintfW
StrRetToBSTR
PathSearchAndQualifyA
SHOpenRegStream2A
ColorRGBToHLS
SHRegDuplicateHKey
PathUndecorateW
PathRemoveBlanksW
SHRegGetPathA
PathSetDlgItemPathA
StrIsIntlEqualA
PathRemoveExtensionA
SHGetValueA
StrCmpW
PathIsContentTypeA
StrChrNIW
SHAutoComplete
PathCompactPathW
StrFormatByteSize64A
UrlGetPartA
StrRetToStrW
PathMatchSpecW
StrCatChainW
PathRelativePathToA
PathMakePrettyW
StrDupW
StrStrW
PathIsFileSpecW
StrFromTimeIntervalW
StrCmpIW
StrToInt64ExA
UrlGetPartW
SHRegOpenUSKeyA
UrlIsA
SHRegDeleteUSValueA
PathIsRootA
StrStrA
SHRegWriteUSValueW
PathCommonPrefixW
SHCopyKeyA
PathIsPrefixA
PathIsSameRootW
StrStrIA
UrlIsNoHistoryW
SHDeleteKeyA
PathRenameExtensionA
SHDeleteValueA
StrToInt64ExW
PathGetArgsW
StrDupA
StrFormatKBSizeA
PathCompactPathExA
SHQueryValueExW
GetMenuPosFromID
PathIsUNCA

kernel32

IsBadCodePtr
CreateEventA
CreateSemaphoreA
DeleteVolumeMountPointW
LoadLibraryA
GetConsoleAliasesLengthW
VirtualAlloc
IsValidLocale
GetVersion
SetConsoleIcon
RtlCaptureContext
SetHandleCount
AddRefActCtx
SetThreadUILanguage
EnterCriticalSection
RegisterWowExec
SetThreadPriorityBoost
HeapAlloc
IsBadHugeReadPtr
EscapeCommFunction
TlsAlloc
FindFirstFileA
GetConsoleCommandHistoryA
Heap32ListFirst
DeleteTimerQueue
BackupWrite
OpenJobObjectA
ReadConsoleOutputW
GetSystemTime
PrivMoveFileIdentityW
RtlCaptureStackBackTrace
LeaveCriticalSection
SetSystemTimeAdjustment
GetSystemWow64DirectoryW
GetComputerNameW
OpenMutexW
SwitchToFiber
UnregisterWaitEx
GetShortPathNameW
MapUserPhysicalPagesScatter
SetEndOfFile
QueueUserWorkItem
RemoveVectoredExceptionHandler

msvcrt

__p__commode
exit
__set_app_type
__getmainargs

lz32

LZRead
CopyLZFile
GetExpandedNameA
LZInit
LZCopy
LZCloseFile
LZSeek
LZOpenFileW
LZOpenFileA
LZStart
LZCreateFileW
GetExpandedNameW
LZClose
LZDone

query

?ResetType@CAllocStorageVariant@@IAEXAAVPMemoryAllocator@@@Z
?Write@CDynStream@@QAEXPAXK@Z
?QueryScopeAdmin@CScopeEnum@@QAEPAVCScopeAdmin@@XZ
?StrLen@CKeyBuf@@QBEIXZ
CICreateCommand
SvcEntry_CiSvc
?Find@CPropertyList@@UAEPBVCPropEntry@@ABVCDbColId@@@Z
?FastInit@CPropStoreManager@@QAEXPAVCiStorage@@@Z
??1CDbQueryResults@@QAE@XZ
?IsWaitingForDocument@CFilterDaemon@@QAEHXZ
?AllocAndCopyWString@CDbCmdTreeNode@@SGPAGPBG@Z
??1CNatLanguageRestriction@@QAE@XZ
?GetR8@CAllocStorageVariant@@QBENI@Z
?DoUpdates@CFilterDaemon@@QAEJXZ
??1CVirtualString@@QAE@XZ
?SetLogonInfo@CScopeAdmin@@QAEXPBG0AAVCCatalogAdmin@@@Z
?StopCI@CMachineAdmin@@QAEHXZ
?FormQueryTree@@YGPAVCDbCmdTreeNode@@AAV1@AAVCCatState@@PAUIColumnMapper@@HH@Z
?SetBackupSize@CPropStoreManager@@QAEXKK@Z
?GetI4@CAllocStorageVariant@@QBEJI@Z
?GetVPathAccess@CMetaDataMgr@@QAEKPBG@Z
??0CRcovStrmAppendTrans@@QAE@AAVPRcovStorageObj@@@Z
?PauseCI@CMachineAdmin@@QAEHXZ
??0CException@@QAE@XZ
?GetPropInfo@CEmptyPropertyList@@QAEHPBGPAPAVCDbColId@@PAGPAI@Z
??0CPropStoreManager@@QAE@K@Z
?UnMarshall@CDbProperties@@QAEHAAVPDeSerStream@@@Z
??1CPropertyStore@@QAE@XZ
??1SStorageObject@@QAE@XZ
?Pause@CCatalogAdmin@@QAEHXZ
?IsLeaf@CRestriction@@QBEHXZ
??0CEventItem@@QAE@GGKGKPBX@Z
?Clone@CNodeRestriction@@QBEPAV1@XZ
??0CMmStreamConsecBuf@@QAE@XZ
?Shutdown@CWorkQueue@@QAEXXZ

Sections

.text
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 584KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 115KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ad25763117b8a50dbf27973d12ca11a

Headers

DLL Characteristics

File Characteristics

Imports

winsta

advapi32

shlwapi

kernel32

msvcrt

lz32

query

Sections

.text Size: 155KB - Virtual size: 155KB

.rdata Size: 584KB - Virtual size: 584KB

.data Size: 115KB - Virtual size: 1.5MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 155KB - Virtual size: 155KB

.rdata
Size: 584KB - Virtual size: 584KB

.data
Size: 115KB - Virtual size: 1.5MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B