3e9fd90dd97bb69b937b3a9344f53df6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3e9fd90dd97bb69b937b3a9344f53df6_JaffaCakes118
Size

368KB
MD5

3e9fd90dd97bb69b937b3a9344f53df6
SHA1

77489a9d91bec6dadf736c35571b70b811caee5a
SHA256

e6fd72148b817ba0bcc9153d07477bed94ed402496b876116d4b2ad8bb162a84
SHA512

69f1b06e44fb73e7376c64ee0ffe50ed87bf6b0823388f07046df7972a91735758cbd7e1c2f4009de37a03a2234a1a620b79653f1fcdfc389f304f1048c92b59
SSDEEP

6144:diUTwyND2j5giI4sSeq6AfcQRH78oqhOx+K5C7psx9XJnf9D3/VkojI:bwXjDI4sST1l4v7K5Cy9dfl/V+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e9fd90dd97bb69b937b3a9344f53df6_JaffaCakes118

Files

3e9fd90dd97bb69b937b3a9344f53df6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

04ca44b88f40da002748a7d0b95c51c7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetSystemTimeAsFileTime
VerLanguageNameW
SetCriticalSectionSpinCount
GetConsoleOutputCP
lstrcpyA
RegisterWaitForSingleObject
WaitNamedPipeA
WriteConsoleInputA
QueryPerformanceFrequency
BaseUpdateAppcompatCache
CreateWaitableTimerW
GlobalHandle
OpenConsoleW
GetTimeFormatA
CreateMailslotW
SetTimerQueueTimer
CancelWaitableTimer
CreateTimerQueue
InitializeSListHead
GetCurrentDirectoryW
FindNextFileA
ReleaseMutex
CreateTapePartition
AddAtomA
SetMessageWaitingIndicator
SetHandleInformation
SetConsoleCursorInfo
LoadLibraryA
EnumTimeFormatsW
VirtualAlloc
GetModuleHandleExW
SetFilePointerEx
GetShortPathNameA
GetPrivateProfileIntA
GetHandleInformation
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
OpenMutexW
GetUserDefaultUILanguage
GetLargestConsoleWindowSize

polstore

IPSecCreateFilterData
IPSecSetPolicyData
IPSecDeleteNegPolData
IPSecCreateISAKMPData
IPSecCopyFilterSpec
IPSecSetISAKMPData
IPSecFreeFilterData
IPSecImportPolicies
IPSecDeletePolicyData
IPSecCreateNFAData
IPSecFreeNegPolData
IPSecFreeMulNegPolData
IPSecEnumNFAData
IPSecEnumNegPolData
IPSecFreeMulPolicyData
IPSecDeleteNFAData
IPSecAllocPolStr
IPSecGetISAKMPData
IPSecFreeNFAData
IPSecFreeMulFilterData
IPSecSetNFAData
IPSecDeleteISAKMPData
IPSecIsDomainPolicyAssigned
IPSecEnumFilterData
IPSecSetFilterData
IPSecFreeMulISAKMPData
IPSecOpenPolicyStore
IPSecGetAssignedPolicyData
IPSecCopyAuthMethod
IPSecSetNegPolData
IPSecAllocPolMem
IPSecFreeMulNFAData
IPSecDeleteFilterData
IPSecEnumISAKMPData
IPSecAssignPolicy
IPSecCopyNegPolData
IPSecFreePolicyData
IPSecCopyISAKMPData
IPSecClosePolicyStore
IPSecUnassignPolicy
IPSecFreePolStr
IPSecGetNegPolData
IPSecCopyFilterData
IPSecFreeISAKMPData

ntdll

RtlInitializeContext
NtQueryVolumeInformationFile
RtlImageRvaToSection
ZwDeleteObjectAuditAlarm
NtQueryBootOptions
NtSetEaFile
ZwStopProfile
ZwDebugContinue
ZwNotifyChangeKey
_strlwr
_strnicmp
ZwEnumerateSystemEnvironmentValuesEx
_aulldiv
ZwRenameKey
LdrProcessRelocationBlock
NtOpenObjectAuditAlarm
RtlRegisterSecureMemoryCacheCallback
RtlSetSecurityObjectEx
ZwCreatePagingFile
RtlLargeIntegerAdd
NtUnloadKeyEx
NtGetDevicePowerState
sqrt
RtlSetSecurityObject
NtRequestWaitReplyPort
RtlpNtMakeTemporaryKey
_aullrem
ZwAssignProcessToJobObject
ZwOpenProcess
ZwWriteFile
ZwQuerySystemInformation
RtlValidSid
LdrUnloadAlternateResourceModule
RtlDeleteTimerQueueEx
LdrFindResource_U

rasapi32

RasGetEntryPropertiesW
RasAutodialAddressToNetwork
RasGetCredentialsW
RasGetCredentialsA
RasGetProjectionInfoW
RasGetEapUserIdentityW
RasSetAutodialAddressW
RasSetAutodialAddressA
RasSetAutodialParamA
RasGetSubEntryPropertiesW
RasScriptReceive
RasEnumAutodialAddressesA
RasGetErrorStringA
RasGetConnectionStatistics
RasGetCustomAuthDataA
RasDialW
RasCreatePhonebookEntryA
RasAutoDialSharedConnection
RasQuerySharedConnection
RasEnumConnectionsW
RasEnumAutodialAddressesW
DDMGetPhonebookInfo
RasSetAutodialEnableA
RasGetAutodialAddressW
RasGetEapUserDataW
RasSetEntryPropertiesW
RasRenameEntryW
RasSetEntryPropertiesA
RasGetEapUserIdentityA
RasGetCountryInfoW
RasFreeEapUserIdentityA
RasScriptGetIpAddress
RasGetConnectStatusW
RasEnumEntriesW
RasGetConnectStatusA
RasGetEntryHrasconnW
RasIsSharedConnection
RasGetAutodialEnableA
RasConnectionNotificationA
RasGetCustomAuthDataW
RasEditPhonebookEntryW

perfctrs

CollectTcpIpPerformanceData
CloseIPXPerformanceData
OpenDhcpPerformanceData
OpenSPXPerformanceData
OpenIPXPerformanceData
CollectSPXPerformanceData
OpenNbfPerformanceData
CloseNWNBPerformanceData
CollectIPXPerformanceData
CloseNbfPerformanceData
CollectNWNBPerformanceData
CloseTcpIpPerformanceData
CollectNbfPerformanceData
OpenTcpIpPerformanceData
OpenNWNBPerformanceData
CloseSPXPerformanceData
CloseDhcpPerformanceData
CollectDhcpPerformanceData

vssapi

?OnPostSnapshot@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPostSnapshot@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnBackupCompleteBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?CreateVssBackupComponents@@YGJPAPAVIVssBackupComponents@@@Z
?OnThawBegin@CVssJetWriter@@UAG_NXZ
?OnBackOffIOOnVolume@CVssWriter@@UAG_NPAGU_GUID@@1@Z
?OnThawEnd@CVssJetWriter@@UAG_N_N@Z
?CreateVssExamineWriterMetadata@@YGJPAGPAPAVIVssExamineWriterMetadata@@@Z
?OnAbortBegin@CVssJetWriter@@UAGXXZ
??0CVssWriter@@QAE@XZ
?OnPostRestoreEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
?OnPrepareSnapshotEnd@CVssJetWriter@@UAG_N_N@Z
?Subscribe@CVssWriter@@QAGJK@Z
?GetCurrentVolumeCount@CVssWriter@@IBGIXZ
?OnIdentify@CVssWriter@@UAG_NPAVIVssCreateWriterMetadata@@@Z
IsVolumeSnapshotted
?GetCurrentSnapshotSetId@CVssWriter@@IBG?AU_GUID@@XZ
?Uninitialize@CVssJetWriter@@QAGXXZ
?OnContinueIOOnVolume@CVssWriter@@UAG_NPAGU_GUID@@1@Z
?OnPrepareBackupEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
?OnPreRestoreBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnAbortEnd@CVssJetWriter@@UAGXXZ
?OnBackupComplete@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPrepareBackup@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?IsPartialFileSupportEnabled@CVssWriter@@IBG_NXZ
?OnVSSShutdown@CVssWriter@@UAG_NXZ
?OnPostRestoreBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?CreateVssSnapshotSetDescription@@YGJU_GUID@@JPAPAVIVssSnapshotSetDescription@@@Z
?GetCurrentLevel@CVssWriter@@IBG?AW4_VSS_APPLICATION_LEVEL@@XZ
?Unsubscribe@CVssWriter@@QAGJXZ
?OnIdentify@CVssJetWriter@@UAG_NPAVIVssCreateWriterMetadata@@@Z
??1CVssJetWriter@@UAE@XZ
?GetBackupType@CVssWriter@@IBG?AW4_VSS_BACKUP_TYPE@@XZ
?AreComponentsSelected@CVssWriter@@IBG_NXZ
?InstallAlternateWriter@CVssWriter@@QAGJU_GUID@@0@Z
?OnFreezeBegin@CVssJetWriter@@UAG_NXZ
??0CVssJetWriter@@QAE@XZ
?OnPostRestore@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
??1CVssWriter@@UAE@XZ
?OnPreRestore@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z

wininet

FtpGetCurrentDirectoryW
GopherFindFirstFileA
DetectAutoProxyUrl
HttpSendRequestExW
GetUrlCacheEntryInfoA
InternetDialW
GetUrlCacheEntryInfoW
DeleteUrlCacheGroup
LoadUrlCacheContent
CommitUrlCacheEntryA
FindFirstUrlCacheEntryExW
InternetLockRequestFile
GetUrlCacheGroupAttributeW
RetrieveUrlCacheEntryFileW
InternetGetConnectedStateEx
FtpFindFirstFileA
PrivacyGetZonePreferenceW
ForceNexusLookupExW
InternetWriteFile
InternetQueryOptionW
FtpPutFileEx
FtpCommandW
HttpOpenRequestW
InternetSetCookieW
FtpRemoveDirectoryW
GopherOpenFileA
InternetGetCookieW
InternetSetOptionA
InternetSetFilePointer
FtpCreateDirectoryA
InternetOpenUrlA
ForceNexusLookup
DeleteUrlCacheEntryW
InternetCanonicalizeUrlA
InternetQueryOptionA
SetUrlCacheConfigInfoA
FtpGetFileSize
InternetGetConnectedStateExA
InternetGetConnectedStateExW
InternetTimeFromSystemTimeW

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 79KB - Virtual size: 445KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

04ca44b88f40da002748a7d0b95c51c7

Headers

File Characteristics

Imports

kernel32

polstore

ntdll

rasapi32

perfctrs

vssapi

wininet

Sections

.text Size: 136KB - Virtual size: 136KB

.rdata Size: 117KB - Virtual size: 117KB

.data Size: 79KB - Virtual size: 445KB

.rsrc Size: 34KB - Virtual size: 34KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 136KB - Virtual size: 136KB

.rdata
Size: 117KB - Virtual size: 117KB

.data
Size: 79KB - Virtual size: 445KB

.rsrc
Size: 34KB - Virtual size: 34KB

.reloc
Size: 1024B - Virtual size: 1024B