30f0476a848dca84e8b6af7abb134d59_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

30f0476a848dca84e8b6af7abb134d59_JaffaCakes118
Size

62KB
MD5

30f0476a848dca84e8b6af7abb134d59
SHA1

ade32b389fd98b2257b7f7f12a8a2f50a1d50992
SHA256

635e1b50fe995df768d1c1e729c873231930c38af1a35079b2810113dbc11df2
SHA512

9139bc15762c6f2d5206dfa51b928a79c967597abd07ec955917af1a5de27c23eabc79eab7e89bbbb4aedb97b96a01aabcd42d2dabe5bad0bb367a514ddb8bc8
SSDEEP

1536:LXcEfBS2SVOxTLA6mFGaPS8DtuRLS2H13bXXiGqby7N/F:LMmS2SVIApFG0w5Vy7+t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30f0476a848dca84e8b6af7abb134d59_JaffaCakes118

Files

30f0476a848dca84e8b6af7abb134d59_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d88d898a30e56c292c3c469cd6290140

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetConsoleMaximumWindowSize
FreeResource
RtlMoveMemory
GetFileType
RegisterWaitForSingleObjectEx
GlobalAddAtomW
VirtualAlloc
QueryPerformanceFrequency
SetConsoleCursorMode
UpdateResourceW
GetTimeFormatA
AttachConsole
GetCurrentProcessId
RtlCaptureStackBackTrace
WriteConsoleOutputW
GetBinaryTypeA
GetPrivateProfileStringW
GetVersion
GetNumberFormatA
GetVolumeNameForVolumeMountPointW
GetStartupInfoW
LoadLibraryA
GetCurrentThreadId
SetSystemTimeAdjustment
ReadConsoleOutputAttribute
QueryPerformanceCounter
GetTickCount
WaitCommEvent
UnhandledExceptionFilter
ReadConsoleOutputW
LocalFileTimeToFileTime
GetConsoleCommandHistoryLengthA
GetNativeSystemInfo
GetVersionExA

ntdll

NtCreateKey
ZwNotifyChangeKey
ZwFlushInstructionCache
NtSetThreadExecutionState
RtlImageRvaToVa
RtlEnumerateGenericTableAvl
memchr
RtlUnicodeToCustomCPN
RtlOemToUnicodeN
RtlInitMemoryStream
NtPulseEvent
KiUserCallbackDispatcher
NtGetWriteWatch
RtlDeleteRegistryValue
CsrAllocateCaptureBuffer
RtlpNtCreateKey
ZwCompressKey
RtlAddAce
RtlSetControlSecurityDescriptor
RtlCopyUnicodeString
ZwRemoveProcessDebug
NtAdjustGroupsToken
ZwQueryEvent
NtQueryIntervalProfile
isgraph
RtlAddAccessAllowedObjectAce
RtlConsoleMultiByteToUnicodeN
labs
RtlPrefixUnicodeString
ZwQueryDefaultLocale
RtlEqualLuid
NlsAnsiCodePage
LdrFindEntryForAddress
RtlIpv4StringToAddressW
RtlPinAtomInAtomTable
NtOpenSection
NtQueryKey
RtlPcToFileHeader
RtlpNtEnumerateSubKey
__toascii
DbgBreakPoint
NtQueueApcThread
ZwPrivilegeObjectAuditAlarm
NtMapUserPhysicalPages
NtOpenThreadTokenEx
NtTranslateFilePath

esent

JetSetColumn@28
JetReadFileInstance
JetRenameTable
JetSetColumns
JetGetDatabaseInfo
JetCreateDatabase
JetRestore2
JetDupCursor
JetAttachDatabase
JetCommitTransaction@8
JetGetLogInfoInstance
JetRetrieveColumn
JetRetrieveTaggedColumnList
JetOpenTempTable2
JetSetCurrentIndex4
JetPrepareUpdate
JetCloseTable
JetEndExternalBackupInstance
JetSnapshotStart
JetTerm
JetCloseTable@8
JetIndexRecordCount
JetStopServiceInstance
JetSetSessionContext
JetUnregisterCallback
JetOpenFileInstance
JetGrowDatabase
JetEnumerateColumns
JetCreateDatabaseWithStreaming
JetStopService
JetResetSessionContext
JetGetLock
JetRollback
JetExternalRestore2
JetBeginTransaction@4
JetGetTruncateLogInfoInstance
JetGetSystemParameter
ese
JetRetrieveColumns
JetSetTableSequential
JetGetCurrentIndex
JetMove@16
JetOpenFile
JetSeek
JetBeginExternalBackup
JetOSSnapshotThaw
JetGotoSecondaryIndexBookmark
JetGotoBookmark
JetGetRecordPosition
JetOSSnapshotFreeze
JetInit@4
JetCloseDatabase
JetMakeKey
JetDelete@8

dmdskmgr

?GetDiskInfo@CDMNodeObj@@QAEHAAUdiskinfoex@@@Z
?GetResultStringArray@CDMNodeObj@@QAEHAAVCStringArray@@@Z
?GetDeviceState@CDMNodeObj@@QAEKXZ
?GetDiskInfoFromVolCookie@CTaskData@@QAEXJAAHAAKPAPAJKH@Z
?ContainsPageFile@CDMNodeObj@@QAEHXZ
?GetPort@CDMNodeObj@@QAEHXZ
?IsRevertable@CDMNodeObj@@QAEHXZ
?IsLocalMachine@CTaskData@@QAEHXZ
?FindFileSystem@CTaskData@@QAEH_JAAUfilesysteminfo@@@Z
?GetStorageType@CDMNodeObj@@QAE?AW4_STORAGE_TYPES@@XZ
?EnumFirstVolumeMember@CDMNodeObj@@QAEXAAJ0@Z
?GetName@CDMNodeObj@@QAEXAAVCString@@@Z
?EnumNTFSwithDriveLetter@CDataCache@@QAEXPAHPAPAG@Z
?GetBootPort@CTaskData@@QAEHXZ
?EnumVolumeMembers@CDMNodeObj@@QAEXPAPAJAAJ@Z
?GetNumMembers@CDMNodeObj@@QAEKXZ
?IsFirstFreeRegion@CDMNodeObj@@QAEHXZ
?GetVolumeStatus@CDMNodeObj@@QAEHAAVCString@@@Z
?IsCurrSystemVolume@CDMNodeObj@@QAEHXZ
?GetServerName@CDataCache@@QAE?AVCString@@XZ
?IsWolfpack@CTaskData@@QAEHXZ
?IsESPPartition@CDMNodeObj@@QAEHXZ
?GetDMDataObjPtrFromId@CTaskData@@QAEPAVCDMNodeObj@@_J@Z
?ContainsLogicalDrvBootPartition@CDMNodeObj@@QAEHXZ
?GetExtendedRegionColor@CDMNodeObj@@QAEKXZ
?GetDeviceType@CDMNodeObj@@QAEKXZ
?SetFSId@CDMNodeObj@@QAEX_J@Z
DllCanUnloadNow
?GetNumRegions@CDMNodeObj@@QAEKXZ
IsRequestPending

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d88d898a30e56c292c3c469cd6290140

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

esent

dmdskmgr

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 22KB - Virtual size: 64KB

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: 512B - Virtual size: 324B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 22KB - Virtual size: 64KB

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 512B - Virtual size: 324B