299efa92212e9f31a297321938a4c5ba_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

299efa92212e9f31a297321938a4c5ba_JaffaCakes118
Size

402KB
MD5

299efa92212e9f31a297321938a4c5ba
SHA1

f95b47410dcea498121476eaa15d921f9d0b06fa
SHA256

7596cd1eae2bc59dab1b42186e32bc7ed5c116d41e5f83a0856b42a7a7048a7f
SHA512

fbc4bee7eefd3dc2df4edcc16e03c16344ef5f3df73e8e90092fbd2d85ad3458682c8dbf18c1826f1bcda99c021216ed405289031c0ac4aa96dcf8cf9d7ed9ae
SSDEEP

12288:paBgvrx4Ak3dMpOjFhmfZvbGB0hgUEMUNZwE4qGX1C:3x4FdMgq+ZwE4pX1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
299efa92212e9f31a297321938a4c5ba_JaffaCakes118

Files

299efa92212e9f31a297321938a4c5ba_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a2b6dd4112dfe43bd563ad16f8fb5924

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

EnumerateLocalComputerNamesA
VirtualAlloc
GetPrivateProfileIntW
TerminateProcess
ReadConsoleA
TryEnterCriticalSection
ConsoleMenuControl
EnumResourceNamesA
GetFileAttributesExW
SetCommBreak
Thread32First
GetCommandLineA
GetCPInfoExW
SetUnhandledExceptionFilter
EnumResourceTypesA
FileTimeToSystemTime
EnumSystemCodePagesA
GetStartupInfoA
CreateToolhelp32Snapshot
InterlockedIncrement
TransactNamedPipe
SetConsoleOS2OemFormat
SetConsoleCtrlHandler
WriteConsoleInputVDMA
SleepEx
FreeLibraryAndExitThread
SetConsoleCursorMode
GetModuleHandleW
GetProcAddress
FoldStringA
WriteFileEx
HeapCreate
LoadLibraryA

oleaut32

VarUI4FromI4
VarR8FromI1
DispGetParam
SafeArrayUnlock
VarCyFromR4
VarI2FromUI4
VarR8FromBool
VarR4FromStr
LoadRegTypeLib
VarR8FromR4
VarBoolFromUI8
VarNeg
SysAllocStringLen
LPSAFEARRAY_UserFree
VarCyFromUI2
VarBoolFromStr
VarDateFromUdateEx
VarR4FromUI4
VarUdateFromDate
VarDecDiv
OleCreatePropertyFrame
VarI1FromI2

catsrvut

ManagedRequestW
COMPlusUninstallActionW
??_7CComPlusInterface@@6B@
??0CComPlusMethod@@QAE@ABV0@@Z
RegDBBackup
SysprepComplus
??4CComPlusMethod@@QAEAAV0@ABV0@@Z
??0CComPlusObject@@QAE@ABV0@@Z
??1CComPlusComponent@@UAE@XZ
RegDBRestore
DllRegisterServer
??0CComPlusInterface@@QAE@ABV0@@Z
FindAssemblyModulesW
WinlogonHandlePendingInfOperations
??4CComPlusInterface@@QAEAAV0@ABV0@@Z
??_7CComPlusComponent@@6B@
??4CComPlusTypelib@@QAEAAV0@ABV0@@Z
SysprepComplus2
DllGetClassObject
??4CComPlusObject@@QAEAAV0@ABV0@@Z
??1CComPlusInterface@@UAE@XZ
??0CComPlusComponent@@QAE@ABV0@@Z
??_7CComPlusMethod@@6B@
DllCanUnloadNow
??4CComPlusComponent@@QAEAAV0@ABV0@@Z
QueryUserDllW
StartMTSTOCOM
CGMIsAdministrator

setupapi

CM_Request_Device_EjectW
CM_Detect_Resource_Conflict_Ex
CM_Enumerate_Classes
SetupInitializeFileLogW
SetupOpenAppendInfFileW
CM_Get_Device_ID_List_SizeA
SetupQueueCopyA
SetupGetBackupInformationW
CM_Get_Depth
SetupDiGetClassDescriptionExW
SetupSetDirectoryIdA
pSetupStringFromGuid
SetupFindNextLine
SetupGetInfSections
CM_Disconnect_Machine
SetupDiGetDriverInstallParamsA
CMP_GetBlockedDriverInfo
CM_Create_DevNode_ExW
CM_Remove_SubTree
CM_Query_And_Remove_SubTreeW
SetupDiClassNameFromGuidExA
CM_Run_Detection_Ex
CM_Get_Log_Conf_Priority_Ex
pSetupMultiByteToUnicode
CM_Get_Sibling_Ex
InstallHinfSectionA
CM_Get_Class_Key_NameW
pSetupStringTableSetExtraData
IsUserAdmin

ole32

StgCreateStorageEx
CreateErrorInfo
ReadClassStg
CoGetApartmentID
OleRegGetMiscStatus
HMENU_UserUnmarshal
CoReleaseServerProcess
CoRegisterMallocSpy
OleDuplicateData
CoQueryReleaseObject
OleCreateLinkEx
OleCreateEx
CoLockObjectExternal
SetConvertStg
OleConvertOLESTREAMToIStorageEx
HACCEL_UserMarshal
CLSIDFromProgID
CoCreateInstance
CoFreeUnusedLibraries
CoQueryProxyBlanket
OleLoadFromStream
HBRUSH_UserFree
OleCreateDefaultHandler
OleLockRunning
OleTranslateAccelerator
OleRegEnumVerbs
CreateObjrefMoniker
StringFromCLSID
IsValidInterface
CLIPFORMAT_UserUnmarshal

regapi

RegWinStationSetSecurityW
RegWinStationQueryDefaultSecurity
RegBuildNumberQuery
RegUserConfigDelete
RegGetUserConfigFromUserParameters
RegOpenServerW
RegWinStationQueryNumValueW
RegWinStationSetNumValueW
RegWdEnumerateW
RegWinStationQuerySecurityW
RegDefaultUserConfigQueryW
RegWdCreateA
RegGetMachinePolicyEx
RegWdDeleteA
RegQueryOEMId
RegIsMachinePolicyAllowHelp
RegUserConfigQuery
RegWdDeleteW
RegWdQueryA
RegWinStationQueryA
RegCdEnumerateW
RegPdDeleteA
RegFreeUtilityCommandList
RegCdCreateA
WaitForTSConnectionsPolicyChanges

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 139KB - Virtual size: 531KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a2b6dd4112dfe43bd563ad16f8fb5924

Headers

File Characteristics

Imports

kernel32

oleaut32

catsrvut

setupapi

ole32

regapi

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 156KB - Virtual size: 155KB

.data Size: 139KB - Virtual size: 531KB

.tls Size: 512B - Virtual size: 4B

.rsrc Size: 99KB - Virtual size: 99KB

.reloc Size: 512B - Virtual size: 296B

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 156KB - Virtual size: 155KB

.data
Size: 139KB - Virtual size: 531KB

.tls
Size: 512B - Virtual size: 4B

.rsrc
Size: 99KB - Virtual size: 99KB

.reloc
Size: 512B - Virtual size: 296B