287c991ffe5860665e9e8fd9398386cb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

287c991ffe5860665e9e8fd9398386cb_JaffaCakes118
Size

406KB
MD5

287c991ffe5860665e9e8fd9398386cb
SHA1

b8c47d21a5301b10632366f49dcbdbc0d00c5a2d
SHA256

692a5c5aa45b7cea8eea5cdc644d1e49aa72123d3f88e5e64553b3cc11b8a72a
SHA512

a918530129184d636f790de8a99c9544068a9be4eb6c98a2a546b49df0fc41c4db9f23eb275bff6cc362fb4095c004551c2aba55004baccde61ea5c97721c0c8
SSDEEP

6144:HYNxszk0Dg36rs1y7MVII4v7F+Ifk9vdO2364DOmeHiPGXNBKEQI3CQPQ4flJ:HUxsW3641yg+nvjGkuamwiuXNBqoflJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
287c991ffe5860665e9e8fd9398386cb_JaffaCakes118

Files

287c991ffe5860665e9e8fd9398386cb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f9409b3968c052f70219c9c7ece425e8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

olecli32

OleQueryReleaseError
LeQueryProtocol
LeSetUpdateOptions
ErrSetData
MfSaveToStream
LeObjectConvert
ErrShow
PbDraw
OleClone
DibCopy
LeQueryType
MfClone
LeSaveToStream
GenEnumFormat
PbCreateFromClip
LeEqual
MfCopy
LeEnumFormat
LeCreateInvisible
LeObjectLong
SetNextNetDrive
LeSetData
PbEnumFormats
DibChangeData
OleObjectConvert

ntdll

RtlInsertElementGenericTableAvl
ZwQueryObject
_aulldiv
ZwOpenKey
ZwQueryBootEntryOrder
NtOpenProcess
RtlDumpResource
vsprintf
NtSetVolumeInformationFile
NtSetSecurityObject
ZwAlertResumeThread
strcat
RtlFormatCurrentUserKeyPath
RtlCreateUnicodeStringFromAsciiz
ZwMakePermanentObject
RtlDeleteTimer
ZwReplyWaitReceivePort
wcscspn
RtlIsDosDeviceName_U
ZwCompressKey
RtlAddAccessDeniedAceEx
RtlGetControlSecurityDescriptor
RtlGUIDFromString
NtRequestWaitReplyPort
RtlRevertMemoryStream
RtlLocalTimeToSystemTime
towlower

kernel32

GetFileAttributesExW
SetCurrentDirectoryA
TransmitCommChar
GetModuleHandleW
GetStartupInfoA
IsValidLanguageGroup
_hread
LCMapStringA
GetCommandLineA
FindResourceW
InterlockedDecrement
SetConsoleIcon
GetLocaleInfoW
CreateProcessInternalW
RestoreLastError
LocalAlloc
HeapCreate
FindFirstVolumeMountPointA
LoadLibraryA
GetFileAttributesW
GetCalendarInfoA
FatalAppExitA
EndUpdateResourceA
GetProcAddress
SetComputerNameExA
VirtualAlloc
RaiseException
LocalUnlock
SetTimeZoneInformation
EnumDateFormatsExW
GetNativeSystemInfo
DosPathToSessionPathA

rasman

RasRpcRemoteGetSystemDirectory
RasRpcDeviceEnum
RasGetUnicodeDeviceName
RasPortSetFraming
RasSecurityDialogReceive
RasPortGetBundledPort
RasBundleClearStatistics
RasConnectionEnum
RasIsTrustedCustomDll
RasPortDisconnect
RasSetDevConfig
RasInitialize
RasRpcEnumConnections
RasBundleGetStatisticsEx
RasActivateRouteEx
RasPortOpen
RasPortFree
RasPortStoreUserData
RasEnumLanNets
RasRpcGetErrorString

dmdskmgr

IsRequestPending
?GetMaxPartitionCount@CDMNodeObj@@QAEKXZ
?GetLongName@CDMNodeObj@@QAEXAAVCString@@H@Z
?GetColorRef@CDMNodeObj@@QAEKXZ
?GetFileSystemName@CDMNodeObj@@QAEXAAVCString@@@Z
?GetMaxAdjustedFreeSize@CDMNodeObj@@QAEXAA_J@Z
?RefreshFileSys@CContextMenu@@QAEXJ@Z
DllGetClassObject
?GetIVolumeClientVersion@CTaskData@@QAEFXZ
?IsFTVolume@CDMNodeObj@@QAEHXZ
?GetSize@CDMNodeObj@@QAEXAA_JH@Z
?ContainsBootVolumesNumberChange@CDMNodeObj@@QAEH_JPAH@Z
?GetDiskTypeName@CDMNodeObj@@QAEXAAVCString@@@Z
?GetDiskCookiesForUpgrade@CTaskData@@QAEXAAKPAPAJ@Z
?EnhancedIsUpgradeable@CDMNodeObj@@QAEHPAVCTaskData@@@Z
?ContainsBootIniPartitionForWolfpack@CDMNodeObj@@QAEHXZ
?GetStorageType@CDMNodeObj@@QAEXAAVCString@@H@Z
?GetPartitionStyle@CDMNodeObj@@QAE?AW4_PARTITIONSTYLE@@XZ
?GetParentVolumePtr@CDMNodeObj@@QAEPAV1@XZ
?GetPatternRef@CDMNodeObj@@QAEHXZ
?IsFirstFreeRegion@CDMNodeObj@@QAEHXZ
?ContainsSubDiskNeedResync@CDMNodeObj@@QAEHXZ
?EnumDisks@CTaskData@@QAEXAAKPAPAJ@Z
?GetDeviceType@CDMNodeObj@@QAEKXZ
?HasExtendedPartition@CDMNodeObj@@QAEHXZ
?IsMember@CDMNodeObj@@QAEHPAV1@@Z
?GetIVolumeClientVersion@CDMNodeObj@@QAEFXZ
?GetServerName@CDataCache@@QAE?AVCString@@XZ
?GetFileSystemLabel@CDMNodeObj@@QAEXAAVCString@@@Z

msvcrt40

_mbsnbcat
_close
??0streambuf@@IAE@PADH@Z
_getdiskfree
??4ostream@@IAEAAV0@PAVstreambuf@@@Z
??6ostream@@QAEAAV0@PBE@Z
??4stdiobuf@@QAEAAV0@ABV0@@Z
_mbctombb
??_Eexception@@UAEPAXI@Z
_CIsinh
??_8istrstream@@7B@
??1__non_rtti_object@@UAE@XZ
??1istream@@UAE@XZ
_snwprintf
vfwprintf
_mbctoupper
??_Difstream@@QAEXXZ
_wspawnl
__p__amblksiz
?gcount@istream@@QBEHXZ
__p__wenviron
__CxxFrameHandler
??5istream@@QAEAAV0@AAK@Z
fgets
??0ofstream@@QAE@H@Z
_umask
?blen@streambuf@@IBEHXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z

amstream

DllUnregisterServer
DllGetClassObject
DllRegisterServer
DllCanUnloadNow

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 139KB - Virtual size: 525KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9409b3968c052f70219c9c7ece425e8

Headers

File Characteristics

Imports

olecli32

ntdll

kernel32

rasman

dmdskmgr

msvcrt40

amstream

Sections

.text Size: 9KB - Virtual size: 8KB

.rdata Size: 156KB - Virtual size: 156KB

.data Size: 139KB - Virtual size: 525KB

.tls Size: 512B - Virtual size: 4B

.rsrc Size: 99KB - Virtual size: 99KB

.reloc Size: 512B - Virtual size: 460B

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 156KB - Virtual size: 156KB

.data
Size: 139KB - Virtual size: 525KB

.tls
Size: 512B - Virtual size: 4B

.rsrc
Size: 99KB - Virtual size: 99KB

.reloc
Size: 512B - Virtual size: 460B