38cba0bc4a67249d0f4a07fec2fbd8df_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

38cba0bc4a67249d0f4a07fec2fbd8df_JaffaCakes118
Size

171KB
MD5

38cba0bc4a67249d0f4a07fec2fbd8df
SHA1

74bc7d470759d283713bcdb04f6c3b621b53d43d
SHA256

502207fbfa408f474bff98c8f0365b395314b9edb7f6a0a217ff1423e5b534a1
SHA512

7977ba7b1d5430d7a9d93021f286bc99d1f65a5e1675709e3ce45db6fe6d0b3bdfd0755a0b3114653263c576d477ee81dd8625b3ad8497b8a35bc2bed7117726
SSDEEP

3072:WP+xSpwXzI8NY4SM0ACKtM1IA/DTqUYQEHM0IHfx1Oa2n/2pqR:y+cpF8LSMNCKO1CUA7IHf92no

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38cba0bc4a67249d0f4a07fec2fbd8df_JaffaCakes118

Files

38cba0bc4a67249d0f4a07fec2fbd8df_JaffaCakes118
.exe windows:5 windows x86 arch:x86

98f47747a02fe0db273d839d6bb9b83a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

scecli

SceRegisterRegValues
SceStartTransaction
SceSetupUpdateSecurityService
SceGetSecurityProfileInfo
SceDcPromoteSecurity
SceOpenProfile
SceProcessSecurityPolicyGPO
SceAppendSecurityProfileInfo
SceSetDatabaseSetting
SceSvcUpdateInfo
SceAnalyzeSystem
SceGetScpProfileDescription
SceCloseProfile
SceGetDatabaseSetting
SceProcessSecurityPolicyGPOEx
SceCopyBaseProfile
SceSysPrep
SceGetServerProductType
SceConfigureConvertedFileSecurity
SceUpdateObjectInfo
SceSetupMoveSecurityFile
SceGetTimeStamp
SceSetupConfigureServices
SceRollbackTransaction
SceAddToNameStatusList
SceGetAreas
SceSetupUpdateSecurityKey
SceWriteSecurityProfileInfo
SceSetupUnwindSecurityFile
SceCommitTransaction
SceFreeMemory
SceFreeProfileMemory
SceSetupUpdateSecurityFile
SceAddToObjectList
SceSvcConvertTextToSD
SceSvcSetInfo
SceDcPromoCreateGPOsInSysvolEx
SceCompareNameList
SceSvcConvertSDToText
SceGetDbTime

mapistub

UNKOBJ_ScCOReallocate@12
OpenStreamOnFile
HrQueryAllRows@24
BMAPIDetails
UNKOBJ_Free@8
MNLS_MultiByteToWideChar@24
FtNegFt@8
MAPIDeinitIdle@0
FBadSortOrderSet@4
MAPIFreeBuffer@4
GetTnefStreamCodepage
DeregisterIdleRoutine@4
DllGetClassObject
MAPIAllocateMore@12
OpenIMsgOnIStg@44
FBadRow@4
ScRelocNotifications@20
HexFromBin@12
cmc_logoff
MAPILogonEx
UlAddRef@4
MAPIUninitialize
FtMulDwDw@8
MAPIInitialize@4
OpenStreamOnFile@24
UlFromSzHex@4
HrIStorageFromStream@16
MAPIFreeBuffer
IsBadBoundedStringPtr@8
LPropCompareProp@8
BMAPIAddress
FBadRestriction@4
__CPPValidateParameters@8
cmc_free
BMAPIReadMail
FtAddFt@16
MNLS_lstrcmpW@8
MAPIInitIdle@4
FixMAPI@0
ScRelocProps@20
LpValFindProp@12
MNLS_CompareStringW@24
MNLS_lstrcpyW@8
GetTnefStreamCodepage@12
cmc_logon

ntdll

RtlAnsiCharToUnicodeChar
RtlFormatMessage
NtCompressKey
RtlFreeOemString
RtlLocalTimeToSystemTime
RtlPopFrame
ZwSetEventBoostPriority
NtCreatePort
NtAreMappedFilesTheSame
NtGetDevicePowerState
NtSetValueKey
vDbgPrintExWithPrefix
RtlAddAccessDeniedAce
NtSetSystemPowerState
ZwAddBootEntry
DbgUiSetThreadDebugObject
NtInitiatePowerAction
RtlWalkFrameChain
ZwFindAtom
RtlSubAuthoritySid
ZwAccessCheckByTypeResultListAndAuditAlarm
PfxRemovePrefix
NtAccessCheckByTypeResultListAndAuditAlarm
ZwReadRequestData
RtlReleasePebLock
CsrGetProcessId
NtImpersonateClientOfPort
RtlQueryRegistryValues

secur32

GetUserNameExA
InitSecurityInterfaceA
AddCredentialsA
LsaCallAuthenticationPackage
QuerySecurityPackageInfoA
CompleteAuthToken
GetComputerObjectNameA
SecpTranslateNameEx
SetContextAttributesA
SealMessage
GetUserNameExW
AddSecurityPackageA
QueryCredentialsAttributesA
LsaRegisterLogonProcess
GetSecurityUserInfo
EncryptMessage
EnumerateSecurityPackagesA
TranslateNameW
CredMarshalTargetInfo
QueryContextAttributesA
RevertSecurityContext
SaslIdentifyPackageA
DeleteSecurityPackageW
GetComputerObjectNameW
SaslInitializeSecurityContextW
AddSecurityPackageW
LsaLookupAuthenticationPackage
AcquireCredentialsHandleA
InitializeSecurityContextA
DecryptMessage
LsaFreeReturnBuffer

user32

GetClassLongW
EnumDesktopsW
GetCapture
RemovePropA
SetThreadDesktop
GetClassNameW
DefDlgProcW
GetForegroundWindow
ToAscii
CharToOemA
GrayStringW
SetMenuItemInfoW
ShowStartGlass
EnumDisplaySettingsA
GetUpdateRgn
SetCursorContents
IsDialogMessage
RecordShutdownReason
UnregisterHotKey
DrawMenuBarTemp
GetMonitorInfoA
PostQuitMessage
DdePostAdvise
UpdateWindow
GetMessageExtraInfo
GetMenuItemInfoW
GetCursorInfo
GetMenuItemCount
SendNotifyMessageW
LoadKeyboardLayoutA
IsCharLowerW
ActivateKeyboardLayout
PrivateExtractIconExA
GetDlgCtrlID

advapi32

QueryServiceStatus
ElfRegisterEventSourceA
DestroyPrivateObjectSecurity
EncryptionDisable
GetInheritanceSourceW
A_SHAUpdate
LsaQueryInformationPolicy
DeregisterEventSource
BuildExplicitAccessWithNameW
GetAce
ReadEventLogW
SetFileSecurityA
LsaICLookupSidsWithCreds
CancelOverlappedAccess
SaferiCompareTokenLevels
ConvertStringSDToSDRootDomainA
RegisterServiceCtrlHandlerW
GetSecurityDescriptorRMControl
QueryServiceConfigW
QueryServiceObjectSecurity
CreateWellKnownSid
SetServiceObjectSecurity
RegEnumKeyExW
SystemFunction021
BuildTrusteeWithObjectsAndSidA
I_ScPnPGetServiceName
LsaClose
RegQueryValueExW
SetNamedSecurityInfoExA
BuildImpersonateTrusteeA
LsaDeleteTrustedDomain
EncryptFileA

kernel32

CloseHandle
GetNumaHighestNodeNumber
Heap32ListNext
BeginUpdateResourceA
PrivCopyFileExW
LocalHandle
GetThreadTimes
QueryPerformanceCounter
WaitCommEvent
GetConsoleTitleW
GetSystemDirectoryA
UnlockFile
FindFirstFileExW
UnregisterWaitEx
GetDriveTypeW
FindFirstVolumeMountPointA
SetDefaultCommConfigA
GetCurrentActCtx
GetConsoleKeyboardLayoutNameA
WaitNamedPipeW
lstrcatW
Process32NextW
VirtualAlloc
GetConsoleNlsMode
GetTimeFormatW
SetLastConsoleEventActive
GetCommProperties
GetModuleHandleExA
GetPrivateProfileSectionW
WriteConsoleOutputCharacterW
GetCurrentProcessId
DeactivateActCtx
RestoreLastError
SetThreadPriorityBoost
GetTempPathA
EnumCalendarInfoExA
CreateTimerQueue
SetConsoleDisplayMode
RegisterWaitForSingleObjectEx
UnhandledExceptionFilter
lstrlenA
SetCriticalSectionSpinCount
GetConsoleCommandHistoryLengthW
GetPrivateProfileSectionNamesW
LZRead
ExpandEnvironmentStringsA
SetStdHandle
GetOEMCP
BaseCheckAppcompatCache
_lopen
VerifyVersionInfoA
GetEnvironmentStringsW
TzSpecificLocalTimeToSystemTime
RegisterConsoleIME
lstrcmpiW
CreateFileW
SetFirmwareEnvironmentVariableW
FindFirstVolumeMountPointW
BaseDumpAppcompatCache
HeapLock
GetCurrentDirectoryA
WriteConsoleA
GetNamedPipeInfo
GetUserDefaultLangID
EnumResourceTypesA
ReadConsoleInputA
AllocateUserPhysicalPages
SetTimerQueueTimer
QueryInformationJobObject
IsDebuggerPresent
WriteConsoleInputW
VerLanguageNameW
CreateFileA
GetProcAddress
GetCommMask
ClearCommBreak
WideCharToMultiByte
GetConsoleProcessList
FindFirstFileA
TransmitCommChar
GetWindowsDirectoryW
TlsSetValue
SwitchToThread
SetLastError
EscapeCommFunction
CreateMailslotA
GlobalAddAtomA
ReleaseSemaphore
DosDateTimeToFileTime
LoadLibraryA
GetStringTypeExA
UnmapViewOfFile
WaitNamedPipeA
IsValidLocale
OutputDebugStringW
GetStartupInfoW

query

?Set@CPidRemapper@@QAEXAAV?$XArray@K@@@Z
?Accept@CQueryScanner@@QAEXXZ
?SetNumberOfSortProps@CCatState@@QAEXI@Z
?ReadPrimaryProperty@CPropStoreManager@@QAEHKKAAUtagPROPVARIANT@@@Z
?SetRunningAsSystem@CImpersonateSystem@@SGXXZ
??0CCiRegParams@@QAE@PBG@Z
?OpenRecordForWrites@CPropStoreManager@@QAEPAVCCompositePropRecordForWrites@@KPAE@Z
?Next@CPropertyList@@UAEPBVCPropEntry@@XZ
?Add@CDbQueryResults@@QAEXPAGK@Z
??0CNodeRestriction@@QAE@KI@Z
?QueryCatalogAdmin@CMachineAdmin@@QAEPAVCCatalogAdmin@@PBG@Z
BindIFilterFromStream
?ReadProperty@CPropertyStore@@QAEHKKAAUtagPROPVARIANT@@@Z
?Marshall@CContentRestriction@@QBEXAAVPSerStream@@@Z
?IsCIEnabled@CMachineAdmin@@QAEHXZ
?DisableVPathNotify@CMetaDataMgr@@QAEXXZ
?SetDATE@CStorageVariant@@QAEXNI@Z
?GetWString@CMemDeSerStream@@UAEPAGXZ
?SetDefaultProperty@CCatState@@QAEXPBG@Z
??0CStandardPropMapper@@QAE@XZ
??0CFilterDaemon@@QAE@AAVCiProxy@@AAVCCiFrameworkParams@@AAVCLangList@@PAEKPAUICiCFilterClient@@@Z
?AppendListElement@CDbListAnchor@@IAEHPAVCDbCmdTreeNode@@@Z
InitializeCIPerformanceData
?UnMarshall@CDbProp@@QAEHAAVPDeSerStream@@@Z
?SetPhrase@CNatLanguageRestriction@@QAEXPBG@Z
?GetVPathAccess@CMetaDataMgr@@QAEKPBG@Z
?MinPageInUse@CPhysStorage@@QAEHAAK@Z
??8CDbColId@@QBEHABV0@@Z
??0CSort@@QAE@I@Z
?SetDWORDParam@CCatalogAdmin@@QAEXPBGK@Z
?GetLCIDFromString@@YGKPAG@Z
?BorrowNewBuffer@CPhysStorage@@QAEPAKK@Z
?UnMarshall@CDbByGuid@@QAEHAAVPDeSerStream@@@Z
?AddArg@CFwEventItem@@QAEXK@Z
?GetLPSTR@CAllocStorageVariant@@QBEPADI@Z
??0CRequestQueue@@QAE@IIIHIIABU_GUID@@@Z
?Release@CEnumString@@UAGKXZ

netapi32

NetReplImportDirDel
NetWkstaTransportDel
DsGetDcNameW
NetAlertRaiseEx
NetApiBufferReallocate
NetServiceEnum
NetUnjoinDomain
NetMessageBufferSend
NetRemoteTOD
I_NetDfsGetVersion
NetpwNameCanonicalize
RxNetAccessDel
NetDfsAdd
NetpAllocFtinfoEntry
NetLocalGroupDel
NetDfsRemoveFtRootForced
NetServiceInstall
NetWkstaSetInfo
NetUserModalsGet
DsRoleGetDatabaseFacts
Netbios
DsRoleGetDcOperationProgress
I_BrowserQueryStatistics
NetpIsUncComputerNameValid
NetServerEnumEx
RxNetAccessGetUserPerms
RxNetAccessGetInfo
NetUseDel
NlBindingRemoveServerFromCache
NetGroupSetUsers
NetGroupAddUser

qmgrprxy

DllGetClassObject

Sections

.text
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98f47747a02fe0db273d839d6bb9b83a

Headers

DLL Characteristics

File Characteristics

Imports

scecli

mapistub

ntdll

secur32

user32

advapi32

kernel32

query

netapi32

qmgrprxy

Sections

.text Size: 83KB - Virtual size: 83KB

.rdata Size: 39KB - Virtual size: 39KB

.data Size: 45KB - Virtual size: 211KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 83KB - Virtual size: 83KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 45KB - Virtual size: 211KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 1024B