30315827fa3a43953430818895219dba_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

30315827fa3a43953430818895219dba_JaffaCakes118
Size

865KB
MD5

30315827fa3a43953430818895219dba
SHA1

d8006aa145c499b9baf8bfaa4a1f3b4164e99442
SHA256

a87200610bb81e45942093db632b182f08fff975b4341ae9a3553effa619d801
SHA512

c8ac5a34fcd31aa8754b9c3e2d55306cb8f3dbf2f5b047179e67a0de032a9b85f2433c8cfc99213c840658923824fb5415986af9fe04980e94cf69ba6cbf1886
SSDEEP

24576:rp6LfDFwW4GImkekRoigNd/v490liVupNKdQPbu:9IrLhj/zQ0K+Pbu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30315827fa3a43953430818895219dba_JaffaCakes118

Files

30315827fa3a43953430818895219dba_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9c56dac4ee8aaa4fadf335fe9a8135ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

fmifs

QueryFileSystemName
EnableVolumeCompression
Chkdsk
QueryDeviceInformationByHandle
QueryAvailableFileSystemFormat
FormatEx2
Format
DiskCopy
FormatEx
QueryLatestFileSystemVersion
QueryDeviceInformation
ComputeFmMediaType
SetLabel
Extend
ChkdskEx
QuerySupportedMedia

kernel32

EnterCriticalSection
LoadLibraryA
SetComputerNameExW
DosPathToSessionPathA
AddVectoredExceptionHandler
IsValidCodePage
EnumerateLocalComputerNamesA
BaseUpdateAppcompatCache
FileTimeToDosDateTime
VerifyConsoleIoHandle
GetDevicePowerState
TlsSetValue
RtlZeroMemory
VirtualAlloc
VerLanguageNameA
EnumSystemLanguageGroupsA
GlobalMemoryStatus
GetCompressedFileSizeW
WritePrivateProfileStringA
EnumSystemCodePagesW
GetNativeSystemInfo
UpdateResourceW
GetNamedPipeInfo
SetCurrentDirectoryA
EnumTimeFormatsA
IsValidLocale
GetUserDefaultLCID
FindNextVolumeMountPointW
DuplicateHandle
SetUnhandledExceptionFilter
SwitchToFiber
GetNumberOfConsoleInputEvents
DeleteVolumeMountPointW
SetupComm
lstrcpynW
OpenThread
IsDebuggerPresent
FindFirstVolumeMountPointW
GetVolumeNameForVolumeMountPointW
FileTimeToSystemTime
GetCPInfoExW
ReadFileEx

secur32

CredMarshalTargetInfo
InitializeSecurityContextW
AddSecurityPackageW
VerifySignature
LsaGetLogonSessionData
SaslGetProfilePackageW
AcquireCredentialsHandleA
LsaEnumerateLogonSessions
SaslIdentifyPackageW
AddSecurityPackageA
LsaDeregisterLogonProcess
GetUserNameExW
RevertSecurityContext
MakeSignature
ImportSecurityContextA
SecpFreeMemory
InitializeSecurityContextA
TranslateNameW
DeleteSecurityPackageA
AddCredentialsA
GetSecurityUserInfo
AddCredentialsW
ExportSecurityContext
SaslGetProfilePackageA
SaslInitializeSecurityContextA
AcquireCredentialsHandleW
LsaRegisterPolicyChangeNotification
FreeContextBuffer
SealMessage
SetContextAttributesW
TranslateNameA
CompleteAuthToken
LsaLookupAuthenticationPackage

gdi32

GetCharABCWidthsA
GdiGetBatchLimit
GdiPlayJournal
CreateDIBPatternBrushPt
GetNearestPaletteIndex
SetTextColor
ColorCorrectPalette
InvertRgn
OffsetClipRgn
GetDeviceGammaRamp
GetDCBrushColor
GetCharWidthI
GetSystemPaletteUse
SelectObject
PolyBezier
CopyEnhMetaFileW
CLIPOBJ_bEnum
GetTextFaceA
GetCharABCWidthsI
GdiEntry3
GetTextExtentPointI
CreateDIBitmap
DdEntry41
GdiEntry15
SetICMMode
DdEntry51
AnimatePalette
XFORMOBJ_iGetXform
AbortDoc
LPtoDP
PathToRegion
SetTextCharacterExtra
GdiCleanCacheDC

dnsapi

NetInfo_Build
DnsIsStatusRcode
Dns_ReadPacketName
DnsWriteQuestionToBuffer_UTF8
DnsValidateName_W
DnsReplaceRecordSetA
DnsAcquireContextHandle_A
Dns_ReadRecordStructureFromPacket
DnsValidateName_A
DnsFlushResolverCache
DnsApiSetDebugGlobals
DnsNotifyResolverEx
Dns_WriteQuestionToMessage
DnsModifyRecordsInSet_A
DnsNotifyResolverClusterIp
Dns_UpdateLib
DnsQueryConfigDword
Dns_CreateSocket
Dns_GetRandomXid
DnsDhcpSrvRegisterInitialize
DnsQueryExUTF8
DnsQuery_W
NetInfo_Free
DnsApiAlloc
DnsRegisterClusterAddress
Dns_WriteRecordStructureToPacketEx
NetInfo_Clean
DnsIsAMailboxType
DnsAcquireContextHandle_W
Dns_WriteDottedNameToPacket
DnsMapRcodeToStatus
DnsNameCompareEx_UTF8
DnsRecordCompare
DnsNotifyResolver

lz32

LZDone
LZCloseFile
LZClose
LZRead
LZSeek
CopyLZFile
LZInit
LZStart
LZOpenFileA
LZOpenFileW

Sections

.text
Size: 452KB - Virtual size: 452KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 326KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 82KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c56dac4ee8aaa4fadf335fe9a8135ee

Headers

DLL Characteristics

File Characteristics

Imports

fmifs

kernel32

secur32

gdi32

dnsapi

lz32

Sections

.text Size: 452KB - Virtual size: 452KB

.rdata Size: 326KB - Virtual size: 326KB

.data Size: 82KB - Virtual size: 1.5MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 452KB - Virtual size: 452KB

.rdata
Size: 326KB - Virtual size: 326KB

.data
Size: 82KB - Virtual size: 1.5MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB