3bec2ed653ddff8c83085cefb36e1779_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3bec2ed653ddff8c83085cefb36e1779_JaffaCakes118
Size

869KB
MD5

3bec2ed653ddff8c83085cefb36e1779
SHA1

fc79363ccac373943ae515cb5245b73be6e658dd
SHA256

dfbc749b5559ed1df9a28129f5fb6a61d2c860be6c114f8dfd430563a96cbb6b
SHA512

474e582410064c82f67651b627253594b9b8da4fbf8d71aaf7d78875311304688514946a576c060d4f6e3274c8604732fdebb2a3c72736bfe84403b69f2eea99
SSDEEP

24576:ATmlg3FrNzyhGx3Eu+igooJskll806yn:emihzyv99sAlfn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3bec2ed653ddff8c83085cefb36e1779_JaffaCakes118

Files

3bec2ed653ddff8c83085cefb36e1779_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f5371a0f30be4d62a73d6318b954d6c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rtm

RtmDeleteRoute
RtmGetDestInfo
MgmDeRegisterMProtocol
RtmDequeueRouteChangeMessage
RtmReferenceHandles
CheckTable
DestroyTable
RtmGetInstances
RtmGetMostSpecificDestination
RtmGetNextHopPointer
RtmGetEntityMethods
RtmDeleteRouteToDest
RtmGetEnumRoutes
RtmLookupIPDestination
RtmDereferenceHandles
RtmRegisterClient
RtmDeleteRouteList
MgmGetFirstMfe
RtmWriteInstanceConfig
RtmIsMarkedForChangeNotification
RtmBlockSetRouteEnable
RtmBlockMethods
RtmFindNextHop
InsertIntoTable
RtmReleaseEntityInfo
RtmCreateRouteListEnum
DeleteFromTable
RtmGetListEnumRoutes
MgmGetMfe
RtmLockNextHop
RtmGetChangeStatus
RtmGetExactMatchDestination
RtmDeleteEnumHandle
RtmRegisterForChangeNotification
RtmGetEnumDests
NextMatchInTable
RtmGetRouteAge
RtmReleaseNextHops
RtmUpdateAndUnlockRoute
RtmGetRoutePointer

ifsutil

?DoesIntersectSet@NUMBER_SET@@QBEEVBIG_INT@@0@Z
??0DP_DRIVE@@QAE@XZ
?Initialize@READ_WRITE_CACHE@@QAEEPAVIO_DP_DRIVE@@K@Z
?InvalidateVolume@IO_DP_DRIVE@@QAEEXZ
??0MOUNT_POINT_TUPLE@@QAE@XZ
??1INTSTACK@@UAE@XZ
?AddEdge@DIGRAPH@@QAEEKK@Z
?IsFileSystemEnabled@IFS_SYSTEM@@SGEPBVWSTRING@@PAE@Z
?QueryAutochkTimeOut@VOL_LIODPDRV@@SGEPAK@Z
?Initialize@INTSTACK@@QAEEXZ
?GetDrive@SECRUN@@QAEPAVIO_DP_DRIVE@@XZ
??0TLINK@@QAE@XZ
?GetData@TLINK@@QAEAAVBIG_INT@@PAX@Z
?QueryMemberCount@TLINK@@QBEGXZ
?AddStart@NUMBER_SET@@QAEEVBIG_INT@@@Z
?Initialize@READ_CACHE@@QAEEPAVIO_DP_DRIVE@@K@Z
?Look@INTSTACK@@QBE?AVBIG_INT@@K@Z
?Initialize@LOG_IO_DP_DRIVE@@QAEEPBVWSTRING@@0PAVMESSAGE@@E@Z
??1SECRUN@@UAE@XZ
?GetData@TLINK@@QAEAAVBIG_INT@@G@Z
?AddVolumeName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z
?SendSonyMSRequestSenseCmd@DP_DRIVE@@QAEEPAU_SENSE_DATA@@@Z
?Initialize@TLINK@@QAEEG@Z
?RestoreThreadExecutionState@@YGXJK@Z
?EnableFileSystem@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?QueryCanonicalNtDriveName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@@Z
?QuerySectors@DP_DRIVE@@UBE?AVBIG_INT@@XZ
?IsEntryPresent@AUTOREG@@SGEPBVWSTRING@@@Z
?Recover@VOL_LIODPDRV@@QAEEPBVWSTRING@@PAVMESSAGE@@@Z
?CheckAndAdd@NUMBER_SET@@QAEEVBIG_INT@@PAE@Z
?EnableVolumeUpgrade@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?QuerySectorSize@DP_DRIVE@@UBEKXZ
?CheckValidSecurityDescriptor@IFS_SYSTEM@@SGEKPAU_SECURITY_DESCRIPTOR@@@Z
?QueryContainingRange@NUMBER_SET@@QBEEVBIG_INT@@PAV2@1@Z
?Remove@NUMBER_SET@@QAEEVBIG_INT@@@Z
?Initialize@MOUNT_POINT_MAP@@QAEEXZ
?QueryNtfsTime@IFS_SYSTEM@@SGXPAT_LARGE_INTEGER@@@Z
??0MOUNT_POINT_MAP@@QAE@XZ
?IsThisNtfs@IFS_SYSTEM@@SGEVBIG_INT@@KPAX@Z

ntdsapi

DsAddSidHistoryA
DsListDomainsInSiteA
DsListServersInSiteA
DsServerRegisterSpnW
DsClientMakeSpnForTargetServerA
DsFreeSpnArrayW
DsListSitesA
DsMakePasswordCredentialsW
DsFreeSchemaGuidMapW
DsReplicaAddA
DsInheritSecurityIdentityA
DsListServersForDomainInSiteW
DsReplicaAddW
DsaopBindWithCred
DsListRolesW
DsReplicaConsistencyCheck
DsFreeDomainControllerInfoW
DsInheritSecurityIdentityW
DsCrackSpnA
DsFreeDomainControllerInfoA
DsReplicaUpdateRefsW
DsListDomainsInSiteW
DsFreePasswordCredentials
DsGetSpnA
DsIsMangledDnW
DsBindW
DsReplicaSyncAllW
DsMapSchemaGuidsA
DsGetDomainControllerInfoW
DsAddSidHistoryW
DsFreeSchemaGuidMapA
DsReplicaDelA
DsReplicaDelW
DsReplicaSyncAllA
DsReplicaVerifyObjectsW

atl

AtlUnadvise
AtlAxGetControl
AtlUnmarshalPtr
AtlWaitWithMessageLoop
DllGetClassObject
AtlGetObjectSourceInterface
AtlModuleRegisterTypeLib
AtlCreateTargetDC
AtlComQIPtrAssign
AtlModuleInit
AtlDevModeW2A
AtlModuleAddTermFunc
AtlFreeMarshalStream
AtlInternalQueryInterface
AtlAxCreateDialogW
AtlModuleRegisterServer
AtlModuleUnRegisterTypeLib
AtlModuleUnregisterServerEx
AtlModuleGetClassObject
AtlModuleUnregisterServer
AtlModuleRegisterClassObjects
AtlModuleTerm
AtlAxGetHost
AtlIPersistStreamInit_Load
AtlComPtrAssign
AtlMarshalPtrInProc
AtlIPersistPropertyBag_Load
AtlAxDialogBoxA
AtlModuleRevokeClassObjects
AtlAxCreateDialogA
AtlPixelToHiMetric
AtlModuleAddCreateWndData
AtlSetErrorInfo

kernel32

DebugBreak
InterlockedPushEntrySList
GetTempPathA
SetConsoleCursorPosition
WriteConsoleOutputCharacterW
GetCurrentThread
GetConsoleKeyboardLayoutNameA
GetCommModemStatus
GetEnvironmentVariableA
GetComputerNameA
GetVolumeInformationW
HeapAlloc
GlobalHandle
QueryPerformanceCounter
RemoveDirectoryA
GetComputerNameW
FormatMessageA
VirtualAlloc
WriteFileGather
IsBadWritePtr
HeapDestroy
ExpandEnvironmentStringsW
LocalAlloc
GetLargestConsoleWindowSize
GetSystemInfo
OpenJobObjectW
GlobalAlloc
SetVolumeLabelA
DeleteTimerQueue
GetEnvironmentStringsW
LoadLibraryA
DebugSetProcessKillOnExit
HeapFree
GetCurrentProcess

dhcpsapi

DhcpGetClassInfo
DhcpGetClientInfoV4
DhcpGetMibInfo
DhcpDsCleanup
DhcpAddSubnetElement
DhcpSetOptionInfo
DhcpSetServerBindingInfo
DhcpServerBackupDatabase
DhcpScanDatabase
DhcpAddMScopeElement
DhcpAuditLogSetParams
DhcpDeleteClass
DhcpGetOptionInfoV5
DhcpDeleteSuperScopeV4
DhcpServerSetConfig
DhcpDsClearHostServerEntries
DhcpRemoveOptionV5
DhcpGetServerBindingInfo
DhcpEnumMScopeClients
DhcpGetSubnetInfo
DhcpSetOptionInfoV5
DhcpEnumOptionValues
DhcpRemoveSubnetElementV5
DhcpSetClientInfo
DhcpEnumSubnetClientsV5
DhcpServerQueryAttributes
DhcpSetSubnetInfo
DhcpGetOptionValue
DhcpRemoveSubnetElement
DhcpDsInit
DhcpServerRestoreDatabase
DhcpEnumClasses
DhcpScanMDatabase

Sections

.text
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 295KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 413KB - Virtual size: 413KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f5371a0f30be4d62a73d6318b954d6c4

Headers

DLL Characteristics

File Characteristics

Imports

rtm

ifsutil

ntdsapi

atl

kernel32

dhcpsapi

Sections

.text Size: 158KB - Virtual size: 158KB

.rdata Size: 295KB - Virtual size: 295KB

.data Size: 1KB - Virtual size: 1.8MB

.rsrc Size: 413KB - Virtual size: 413KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 158KB - Virtual size: 158KB

.rdata
Size: 295KB - Virtual size: 295KB

.data
Size: 1KB - Virtual size: 1.8MB

.rsrc
Size: 413KB - Virtual size: 413KB

.reloc
Size: 1024B - Virtual size: 1024B