184668d83ecf407a8ed8ef29d5844e0d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

184668d83ecf407a8ed8ef29d5844e0d_JaffaCakes118
Size

57KB
MD5

184668d83ecf407a8ed8ef29d5844e0d
SHA1

f74a4fa1d012a7c4f05e5bd8e348ca2c31485deb
SHA256

6ae071bc6ede881ab151478b4afa798382d14315ca25ee8b58c4cc3500d3c2d1
SHA512

b7708db009ca2f392e81fcffb397e1405322102d10c27c5e0b2e9765e6dfd99bf41f537fac3e1d1e24231981cbfa8f93607c5320ff8bc8f8f2e7b0bcc1acd66d
SSDEEP

1536:oBozvoumht5RFSB4lMOzRAcS/KrGjP4jwuM+mbjtNgPu:oYx0oB4lM6RAYrWPYwugfgP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
184668d83ecf407a8ed8ef29d5844e0d_JaffaCakes118

Files

184668d83ecf407a8ed8ef29d5844e0d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

45ba1aaea1a205f6d683d274dd20005c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

hid

HidP_GetUsages
HidP_MaxDataListLength
HidD_Hello
HidD_GetPhysicalDescriptor
HidP_SetUsageValueArray
HidD_GetNumInputBuffers
HidD_SetNumInputBuffers
HidD_GetInputReport
HidD_GetSerialNumberString
HidD_GetManufacturerString
HidP_SetUsages
HidP_GetSpecificValueCaps
HidP_MaxUsageListLength
HidD_GetConfiguration
HidP_SetData
HidP_InitializeReportForID
HidP_GetUsageValueArray
HidP_UsageListDifference
HidP_GetData
HidD_FlushQueue
HidD_GetIndexedString
HidP_GetValueCaps
HidP_GetUsagesEx
HidP_GetUsageValue
HidD_GetFeature
HidD_SetOutputReport
HidD_GetMsGenreDescriptor
HidD_FreePreparsedData
HidP_GetLinkCollectionNodes
HidP_UnsetUsages
HidP_GetSpecificButtonCaps
HidP_GetCaps
HidP_GetScaledUsageValue
HidD_GetAttributes
HidD_SetFeature
HidD_GetProductString
HidP_GetButtonCaps

untfs

?NtfsUpcaseCompare@@YGJPBGK0KPBVNTFS_UPCASE_TABLE@@E@Z
?QueryFileSizes@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVBIG_INT@@0PAE@Z
?Initialize@NTFS_ATTRIBUTE_RECORD@@QAEEPAVIO_DP_DRIVE@@PAX@Z
?MakeNonresident@NTFS_ATTRIBUTE@@UAEEPAVNTFS_BITMAP@@@Z
??0NTFS_MFT_FILE@@QAE@XZ
??1NTFS_ATTRIBUTE@@UAE@XZ
?Initialize@NTFS_BITMAP@@QAEEVBIG_INT@@EPAVLOG_IO_DP_DRIVE@@K@Z
??1NTFS_EXTENT_LIST@@UAE@XZ
?ComputeDupInfoSignature@NTFS_MFT_INFO@@CGXPAU_DUPLICATED_INFORMATION@@QAE@Z
??0NTFS_BOOT_FILE@@QAE@XZ
?Read@NTFS_SA@@UAEEXZ
?Write@NTFS_FILE_RECORD_SEGMENT@@UAEEXZ
??1NTFS_ATTRIBUTE_RECORD@@UAE@XZ
?QueryNumberOfExtents@NTFS_EXTENT_LIST@@QBEKXZ
?Initialize@NTFS_MFT_INFO@@QAEEXZ
??0NTFS_LOG_FILE@@QAE@XZ
Recover
?Create@NTFS_FILE_RECORD_SEGMENT@@QAEEPBU_STANDARD_INFORMATION@@G@Z
?QueryAttribute@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVNTFS_ATTRIBUTE@@PAEKPBVWSTRING@@@Z
??0NTFS_ATTRIBUTE_DEFINITION_TABLE@@QAE@XZ
??0NTFS_BITMAP@@QAE@XZ
?Initialize@NTFS_BAD_CLUSTER_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?Initialize@NTFS_CLUSTER_RUN@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@VBIG_INT@@KK@Z
??0NTFS_UPCASE_FILE@@QAE@XZ
??0NTFS_CLUSTER_RUN@@QAE@XZ
?Flush@NTFS_MFT_FILE@@QAEEXZ
??0NTFS_ATTRIBUTE_RECORD@@QAE@XZ

ntdll

RtlSetCriticalSectionSpinCount
RtlPrefixString
DbgQueryDebugFilterState
NtCompareTokens
wcscspn
NtQueryQuotaInformationFile
RtlIntegerToChar
RtlAddAuditAccessAce
ZwCreateJobObject
NtPrivilegeCheck
RtlAnsiStringToUnicodeString
NtSetDefaultHardErrorPort
RtlFindLastBackwardRunClear
ZwCreateMailslotFile
ZwShutdownSystem
RtlIsValidHandle
isalnum
ZwLockRegistryKey
NtReadRequestData
ZwCreateEventPair
ZwSetTimer
tan
ZwReplyWaitReceivePort
ZwAccessCheckByType
iswlower
RtlEqualString
RtlConvertSharedToExclusive
RtlReleaseResource
_wtoi64
_i64tow
ZwGetContextThread
PfxInsertPrefix

msvcirt

??_8ofstream@@7B@
?underflow@filebuf@@UAEHXZ
?out_waiting@streambuf@@QBEHXZ
?width@ios@@QAEHH@Z
?sh_write@filebuf@@2HB
??_7ostream_withassign@@6B@
?bad@ios@@QBEHXZ
??_Gfilebuf@@UAEPAXI@Z
?base@streambuf@@IBEPADXZ
?ipfx@istream@@QAEHH@Z
??_7iostream@@6B@
?get@istream@@QAEAAV1@AAC@Z
??5istream@@QAEAAV0@AAK@Z
?get@istream@@QAEAAV1@PADHD@Z
?read@istream@@QAEAAV1@PACH@Z
?read@istream@@QAEAAV1@PADH@Z
??_Estdiostream@@UAEPAXI@Z
??1strstream@@UAE@XZ
?x_curindex@ios@@0HA
?seekg@istream@@QAEAAV1@JW4seek_dir@ios@@@Z
??5istream@@QAEAAV0@PAC@Z
??5istream@@QAEAAV0@AAC@Z
?fLockcInit@ios@@0HA
??5istream@@QAEAAV0@AAN@Z
?freeze@strstreambuf@@QAEXH@Z
??_Dostream@@QAEXXZ
?fd@filebuf@@QBEHXZ
??0strstream@@QAE@XZ
?tellg@istream@@QAEJXZ
?sync@strstreambuf@@UAEHXZ
??5istream@@QAEAAV0@PAE@Z
??6ostream@@QAEAAV0@H@Z
??4stdiostream@@QAEAAV0@AAV0@@Z
?ws@@YAAAVistream@@AAV1@@Z
??_7stdiobuf@@6B@
??4ostream_withassign@@QAEAAVostream@@ABV1@@Z
??_7filebuf@@6B@
??0ostrstream@@QAE@XZ
?sh_none@filebuf@@2HB
?lock@ios@@QAAXXZ

kernel32

InitializeSListHead
VerLanguageNameA
FindVolumeMountPointClose
WritePrivateProfileStructA
IsDebuggerPresent
IsValidLocale
QueryMemoryResourceNotification
GetCurrentThread
GetDefaultCommConfigW
IsValidCodePage
GetUserDefaultLCID
GetVersion
DeleteAtom
ShowConsoleCursor
GetSystemDefaultLCID
GetLargestConsoleWindowSize
Module32Next
GetDefaultCommConfigA
SetHandleCount
GlobalDeleteAtom
GetCommandLineW
DeleteTimerQueueEx
GetCurrentActCtx
HeapValidate
LocalFileTimeToFileTime
GetPrivateProfileStringW
GetPrivateProfileStructA
FindActCtxSectionStringA
GetProfileStringA
PeekNamedPipe
GlobalFindAtomA
MulDiv
GlobalUnlock
GetConsoleAliasA
SetVolumeMountPointA
VirtualAlloc
EnterCriticalSection
GetFileAttributesA
LeaveCriticalSection
NlsGetCacheUpdateCount
UnmapViewOfFile
LoadLibraryA

lz32

CopyLZFile
LZStart
LZCopy
LZCreateFileW
LZDone
LZOpenFileA
LZOpenFileW
LZClose
LZSeek
LZInit
LZRead
GetExpandedNameA
LZCloseFile

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45ba1aaea1a205f6d683d274dd20005c

Headers

DLL Characteristics

File Characteristics

Imports

hid

untfs

ntdll

msvcirt

kernel32

lz32

Sections

.text Size: 50KB - Virtual size: 50KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 2KB - Virtual size: 49KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 50KB - Virtual size: 50KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 2KB - Virtual size: 49KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB