17d1d7d959d03dec0a966c86c591b3f0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

17d1d7d959d03dec0a966c86c591b3f0_JaffaCakes118
Size

142KB
MD5

17d1d7d959d03dec0a966c86c591b3f0
SHA1

c586048faa7988566e50e41a3fd54975f4ca6bc0
SHA256

4ce66b7764ad622ff5cc73f65b5e54be83102bc3cc0e077513ec55614008d72e
SHA512

b0cf144ed77e055123380d1a2e5a258877383b002689f66f6ae772b7334e9b923013ac4e45ab7ef32224c03af89fd032ab4a48ffba39da3891be070bdce20364
SSDEEP

3072:n3PFwWZX3L433Sdz4bojnE/yndNvUx26OQHamwzOWFOY3RFC:3PiYESdz4botfQ26OQ9wPzC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17d1d7d959d03dec0a966c86c591b3f0_JaffaCakes118

Files

17d1d7d959d03dec0a966c86c591b3f0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3f32a93e3f701443d90a485b76497da2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyn
GetCPInfo
_hread
OpenJobObjectW
GetTimeZoneInformation
GetModuleHandleA
GetProcessAffinityMask
GetModuleHandleW
GetCalendarInfoA
IsDBCSLeadByteEx
VDMOperationStarted
GetLocaleInfoA
LoadLibraryW
GetMailslotInfo
FindFirstFileA
CloseConsoleHandle
CreateSemaphoreA
GlobalGetAtomNameA
GetProfileIntA
CloseHandle
GetCurrentThread
BackupSeek
QueueUserWorkItem
UpdateResourceW
DisconnectNamedPipe
Heap32ListNext
GetThreadPriorityBoost
MapUserPhysicalPages

usp10

ScriptGetGlyphABCWidth
UspAllocTemp
ScriptShape
ScriptStringCPtoX
ScriptGetFontProperties
ScriptStringOut
ScriptStringGetOrder
UspAllocCache
ScriptLayout
LpkPresent
UspFreeMem
ScriptJustify
ScriptCacheGetHeight
ScriptStringXtoCP
ScriptStringFree
ScriptStringValidate
ScriptString_pcOutChars

snmpapi

SnmpUtilUnicodeToUTF8
SnmpUtilOidToA
SnmpUtilOctetsFree
SnmpUtilPrintOid
SnmpUtilOidCmp
SnmpUtilVarBindListCpy
SnmpTfxQuery
SnmpUtilOidCpy
SnmpUtilOidFree
SnmpUtilVarBindFree
SnmpUtilAsnAnyFree
SnmpUtilPrintAsnAny
SnmpUtilOctetsNCmp
SnmpUtilOctetsCpy
SnmpUtilMemAlloc
SnmpUtilAnsiToUnicode
SnmpSvcGetEnterpriseOID
SnmpSvcInitUptime
SnmpUtilOidAppend
SnmpSvcAddrToSocket
SnmpUtilUTF8ToUnicode
SnmpUtilUnicodeToAnsi
SnmpSvcAddrIsIpx

shell32

SHGetFolderLocation
StrRChrW
ShellHookProc
DragQueryFileW
RealShellExecuteExA
StrRChrA
SHEnableServiceObject
StrRStrIA
PrintersGetCommand_RunDLL
StrChrIW
DllUnregisterServer
StrStrA
ShellExec_RunDLLW
StrRChrIA
RealShellExecuteExW
SHCreateShellItem

ifsutil

?Initialize@VOL_LIODPDRV@@IAEEPBVWSTRING@@0PAVSUPERAREA@@PAVMESSAGE@@E@Z
??1VOL_LIODPDRV@@UAE@XZ
?QueryParents@DIGRAPH@@QBEEKPAVNUMBER_SET@@@Z
?Initialize@LOG_IO_DP_DRIVE@@QAEEPBVWSTRING@@0PAVMESSAGE@@E@Z
??0SECRUN@@QAE@XZ
?Write@SECRUN@@UAEEXZ
?AddEdge@DIGRAPH@@QAEEKK@Z
??0TLINK@@QAE@XZ
?EnableVolumeUpgrade@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?Write@LOG_IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
?CheckAndRemove@SPARSE_SET@@QAEEVBIG_INT@@PAE@Z
?Verify@IO_DP_DRIVE@@QAEEVBIG_INT@@0PAVNUMBER_SET@@@Z

mciseq

DriverProc

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f32a93e3f701443d90a485b76497da2

Headers

File Characteristics

Imports

kernel32

usp10

snmpapi

shell32

ifsutil

mciseq

Sections

.text Size: 85KB - Virtual size: 84KB

.rdata Size: 46KB - Virtual size: 45KB

.data Size: 512B - Virtual size: 280B

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 85KB - Virtual size: 84KB

.rdata
Size: 46KB - Virtual size: 45KB

.data
Size: 512B - Virtual size: 280B

.rsrc
Size: 9KB - Virtual size: 8KB