5265f5e5b89ef6b989ae9c3dbec81f52_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5265f5e5b89ef6b989ae9c3dbec81f52_JaffaCakes118
Size

137KB
MD5

5265f5e5b89ef6b989ae9c3dbec81f52
SHA1

21e2559b3bc46432a98ff4d254be2a6f2a88f19e
SHA256

81f9700bd3db33d8a5341c70837f9b3da57fb910c9192b9a8134dc2ba053d751
SHA512

82fb9017496c59df9d2df9807f78a9ebb0d1fd90ffa0b612135fcf314195fb52eb739c0d97a0519360831428cb03390cb943dd2218ba25a17f026e7ba8729ac8
SSDEEP

3072:ZIdZw+5L3184LB6jplrcXcBZqXH85e3Ru:ZIDw+B18MIt1dBZHMu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5265f5e5b89ef6b989ae9c3dbec81f52_JaffaCakes118

Files

5265f5e5b89ef6b989ae9c3dbec81f52_JaffaCakes118
.exe windows:5 windows x86 arch:x86

995eb96937b56063704bd9f5332f48af

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

vssapi

?OnBackupComplete@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPrepareBackupEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
??1CVssJetWriter@@UAE@XZ
IsVolumeSnapshotted
?Subscribe@CVssWriter@@QAGJK@Z
?OnContinueIOOnVolume@CVssWriter@@UAG_NPAGU_GUID@@1@Z
?CreateVssBackupComponents@@YGJPAPAVIVssBackupComponents@@@Z
?AreComponentsSelected@CVssWriter@@IBG_NXZ
??0CVssWriter@@QAE@XZ
?OnIdentify@CVssJetWriter@@UAG_NPAVIVssCreateWriterMetadata@@@Z
?IsPartialFileSupportEnabled@CVssWriter@@IBG_NXZ
?OnPreRestoreBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPostRestoreBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
??1CVssWriter@@UAE@XZ
?OnVSSShutdown@CVssWriter@@UAG_NXZ
??0CVssJetWriter@@QAE@XZ
?OnPreRestore@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPostRestoreEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
?OnThawBegin@CVssJetWriter@@UAG_NXZ
?OnBackupCompleteEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
?OnBackupCompleteBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPrepareBackup@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?GetBackupType@CVssWriter@@IBG?AW4_VSS_BACKUP_TYPE@@XZ
VssFreeSnapshotProperties
?CreateVssExamineWriterMetadata@@YGJPAGPAPAVIVssExamineWriterMetadata@@@Z
?OnPostSnapshot@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z

kernel32

FormatMessageA
RegisterWowBaseHandlers
_hwrite
GetEnvironmentVariableA
WritePrivateProfileStringW
GetConsoleAliasA
lstrcat
GetFileTime
HeapAlloc
RegisterConsoleIME
GetLocaleInfoW
ReleaseMutex
LeaveCriticalSection
GlobalUnWire
GetACP
CancelWaitableTimer
AddConsoleAliasA
GetCurrentThread
LocalLock
LocalFree
GetModuleHandleW
ReadConsoleInputExW
FindFirstVolumeW
LoadLibraryW
SetFileAttributesW
VerSetConditionMask
LocalFileTimeToFileTime

snmpapi

SnmpUtilUTF8ToUnicode
SnmpUtilUnicodeToUTF8
SnmpSvcAddrToSocket
SnmpUtilPrintOid
SnmpUtilVarBindCpy
SnmpUtilVarBindListCpy
SnmpUtilAsnAnyCpy
SnmpUtilOidCmp
SnmpTfxQuery
SnmpUtilVarBindFree
SnmpUtilMemFree
SnmpUtilOctetsCpy
SnmpSvcGetEnterpriseOID
SnmpUtilAsnAnyFree
SnmpSvcSetLogType
SnmpUtilMemReAlloc
SnmpUtilDbgPrint
SnmpUtilAnsiToUnicode
SnmpUtilOidFree
SnmpUtilVarBindListFree
SnmpSvcInitUptime
SnmpTfxClose
SnmpUtilOidNCmp

ws2_32

gethostbyaddr
getaddrinfo
htons
WSAInstallServiceClassA
WSAWaitForMultipleEvents
WSAAsyncGetProtoByNumber
__WSAFDIsSet
WSAGetServiceClassNameByClassIdA
WSAJoinLeaf
ntohl
WSAEnumNetworkEvents
WSAStringToAddressA
WSAAsyncGetServByPort
WSACancelBlockingCall
WSASetEvent
gethostname
WSAAddressToStringA
WSASend
WSAUnhookBlockingHook
WSCGetProviderPath
WSAAsyncGetProtoByName
WSAAsyncGetHostByName
WSASetServiceA
ntohs

winmm

midiStreamPosition
joySetCapture
waveOutGetNumDevs
mmioStringToFOURCCW
waveInGetID
midiStreamStop
mciSendStringA
WOW32ResolveMultiMediaHandle
timeGetTime
GetDriverModuleHandle
mciGetYieldProc
mmTaskYield
midiInGetErrorTextW
waveOutClose
midiInGetID
joyGetNumDevs
midiConnect
waveOutGetDevCapsW
mmioSetBuffer
waveInGetErrorTextW
midiOutLongMsg
joyGetPos
waveOutGetID
mciDriverNotify
mciGetErrorStringW
wod32Message
waveOutSetPlaybackRate
mxd32Message

user32

GetKeyboardLayoutNameW
DragObject
TabbedTextOutA
GetSubMenu
DdeNameService
DdeAccessData
WaitForInputIdle
CharToOemW
InSendMessage
SystemParametersInfoA
SendNotifyMessageW
GetDCEx
SetWindowContextHelpId
MapVirtualKeyW
GetWindowContextHelpId
SetPropA
GetGUIThreadInfo
AnimateWindow
IsDialogMessageW
LoadKeyboardLayoutEx

cryptext

CryptExtAddSPC
CryptExtAddP7RW
CryptExtOpenCRLW
CryptExtAddPFX
CryptExtOpenCATW
CryptExtOpenCERW
CryptExtOpenPKCS7W
CryptExtAddCTLW
CryptExtOpenP7R
DllUnregisterServer
CryptExtOpenSTR
CryptExtOpenSTRW
CryptExtOpenCRL
CryptExtAddCTL
CryptExtOpenCER
CryptExtOpenCAT
CryptExtAddCRL
CryptExtOpenCTLW
CryptExtOpenPKCS7
CryptExtOpenCTL
CryptExtAddCERW
CryptExtOpenP7RW

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

995eb96937b56063704bd9f5332f48af

Headers

File Characteristics

Imports

vssapi

kernel32

snmpapi

ws2_32

winmm

user32

cryptext

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 54KB - Virtual size: 53KB

.data Size: 27KB - Virtual size: 27KB

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 54KB - Virtual size: 53KB

.data
Size: 27KB - Virtual size: 27KB

.rsrc
Size: 6KB - Virtual size: 5KB