f816a544b04166d52802859e0eaf48cc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f816a544b04166d52802859e0eaf48cc_JaffaCakes118
Size

58KB
MD5

f816a544b04166d52802859e0eaf48cc
SHA1

28ac917ba90d708747f7c68ff45b854039358d93
SHA256

5a4e7153c51b4db642c0352ef2aa832544e34f35e0bdd6a8e497d4f8b5c5d07a
SHA512

a078c64c151fe38a3fb277add288c07d6ba7add2957940e2d7b15087bf53066283ef0d53912c53587f066d768f97350453496b73c1a6dcabb8239d27bf0637a5
SSDEEP

1536:HHODqt8UOKffiywaL2IfTv0mvRwj8EuuQ3dtE0AM:H5CUO0fwifT8SfEGtCk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f816a544b04166d52802859e0eaf48cc_JaffaCakes118

Files

f816a544b04166d52802859e0eaf48cc_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ec28332873eb14cbb2a9d282438cd5c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

cmutil

?WPPS@CIniW@@QAEXPBG00@Z
CmStrrchrA
CmStripPathAndExtW
?SetRegPath@CIniW@@QAEXPBG@Z
?Write@CmLogFile@@AAEJPAG@Z
CmBuildFullPathFromRelativeW
CmStrCatAllocA
?SetParams@CmLogFile@@QAEJHKPBG@Z
?SetParams@CmLogFile@@QAEJHKPBD@Z
CmStripFileNameW
??1CIniW@@QAE@XZ
?GetLogFilePath@CmLogFile@@QAEPBGXZ
GetOSBuildNumber
?GetPrimaryRegPath@CIniA@@QBEPBDXZ
??1CmLogFile@@QAE@XZ
?GetRegPath@CIniA@@QBEPBDXZ
?GPPI@CIniW@@QBEKPBG0K@Z
?Log@CmLogFile@@QAAXW4_CMLOG_ITEM@@ZZ
?CIniW_GetEntryFromReg@CIniW@@IBEPAEPAUHKEY__@@PBG1KK@Z
?LoadSection@CIniA@@QBEPADPBD@Z

wsock32

GetServiceA
GetServiceW
EnumProtocolsW
AcceptEx
accept
GetNameByTypeW
getsockname
inet_network
getsockopt
GetNameByTypeA
GetAddressByNameA
rexec
getnetbyname
getprotobyname
ioctlsocket
WSACleanup
listen
WSACancelAsyncRequest
WSAUnhookBlockingHook
GetTypeByNameA
WSAGetLastError
inet_ntoa
ntohs
ntohl
inet_addr
WSAStartup

msvcrt40

rand
??4ostrstream@@QAEAAV0@ABV0@@Z
?x_lockc@ios@@0U_CRT_CRITICAL_SECTION@@A
??_Dstrstream@@QAEXXZ
_wcsnset
_mbscoll
_getw
??6ostream@@QAEAAV0@PAVstreambuf@@@Z
??_7stdiostream@@6B@
_wmktemp
_CIatan
_wtoi
_spawnlpe
strlen
??5istream@@QAEAAV0@AAI@Z
getchar
?clrlock@ios@@QAAXXZ
_mbslen
_mbsncat
setvbuf
__p__pctype
_mbcjmstojis
??4iostream@@IAEAAV0@AAV0@@Z
_wchmod
_ismbckata
_isnan
_setmaxstdio
_ismbcl2
_outpw
??_Distrstream@@QAEXXZ
_mbsicoll
__p__pwctype
_mbsstr
iswprint
??_Gistrstream@@UAEPAXI@Z
?flags@ios@@QAEJJ@Z
_getpid
_spawnv
??0streambuf@@IAE@PADH@Z
??_7ostream@@6B@
__mb_cur_max
?fd@filebuf@@QBEHXZ
_adj_fdivr_m32i
_ismbstrail
tmpfile
_acmdln
??4ostream@@IAEAAV0@PAVstreambuf@@@Z
??0filebuf@@QAE@XZ
wcstoul

kernel32

GetCurrentDirectoryW
DnsHostnameToComputerNameA
GetNamedPipeHandleStateW
VirtualAlloc
GlobalHandle
BackupSeek
GetTapeParameters
LoadLibraryA
HeapCreate
GetThreadPriority
GetSystemDefaultLCID
GetConsoleScreenBufferInfo
VirtualLock
FindActCtxSectionStringW
SetPriorityClass
SetConsoleNumberOfCommandsW
BaseFlushAppcompatCache
FindResourceA
GlobalFix
GetACP
SetConsoleIcon
GetCommProperties
ExpandEnvironmentStringsA
PeekConsoleInputW
UpdateResourceA
GetConsoleCursorInfo
EnumResourceTypesW
GlobalGetAtomNameW
GetSystemTime
GetNumberOfConsoleInputEvents
GetModuleHandleExA

query

??0CPropertyValueParser@@QAE@AAVCQueryScanner@@GK@Z
?Cleanup@CDbProp@@QAEXXZ
?VT_VARIANT_GT@@YGHABUtagPROPVARIANT@@0@Z
?MakePrivileged@CImpersonateSystem@@AAEXXZ
?DeleteRecord@CPropStoreManager@@QAEXK@Z
?GetSZParam@CMachineAdmin@@QAEHPBGPAGK@Z
?EnumVPaths@CMetaDataMgr@@QAEXAAVCMetaDataCallBack@@@Z
?Marshall@CDbByGuid@@QBEXAAVPSerStream@@@Z
??1CPhraseRestriction@@QAE@XZ
?QueryPidLookupTable@CiStorage@@QAEPAVPRcovStorageObj@@K@Z
?Release@CImpersonateRemoteAccess@@QAEXXZ
?GetWeight@CDbCmdTreeNode@@QBEJXZ
?SetBSTR@CStorageVariant@@QAEXPAGI@Z
?AcqPhrase@CQueryScanner@@QAEPAGXZ
??0CRegNotify@@QAE@PBG@Z
?AcqWord@CQueryScanner@@QAEPAGXZ
?DecodeHtmlNumeric@@YGXPAG@Z
?Commit@CRcovStrmAppendTrans@@QAEXXZ
_StartFWCiSvcWork@12
?SkipFloat@CMemDeSerStream@@UAEXXZ

msvcirt

__dummy_export
?seekpos@streambuf@@UAEJJH@Z
??_8iostream@@7Bistream@@@
??0Iostream_init@@QAE@AAVios@@H@Z
??_7fstream@@6B@
?eof@ios@@QBEHXZ
?lockbuf@ios@@QAAXXZ
??_Gfilebuf@@UAEPAXI@Z
?ebuf@streambuf@@IBEPADXZ
??4istream_withassign@@QAEAAV0@ABV0@@Z
??6ostream@@QAEAAV0@O@Z
??_Gstdiobuf@@UAEPAXI@Z
??0ifstream@@QAE@XZ
??0ios@@QAE@PAVstreambuf@@@Z
??7ios@@QBEHXZ
??0strstreambuf@@QAE@ABV0@@Z
??_Eistrstream@@UAEPAXI@Z
??0strstream@@QAE@XZ
??0ostream@@IAE@XZ
??5istream@@QAEAAV0@PAD@Z
?flush@@YAAAVostream@@AAV1@@Z
??0ostrstream@@QAE@PADHH@Z
?bitalloc@ios@@SAJXZ
??_8ostream_withassign@@7B@
??0Iostream_init@@QAE@XZ
??0strstreambuf@@QAE@PAEH0@Z

msorcl32

SQLNumResultCols
SQLGetCursorName
SQLDescribeCol
SQLSetPos
DllMain
SQLMoreResults
SQLAllocStmt
SQLAllocEnv
SQLPrepare
DllRegisterServer
SQLForeignKeys
SQLTransact
SQLCancel
SQLRowCount
SQLError
SQLBindParameter
SQLSetStmtOption
SQLSetCursorName
SQLBindCol
LoadByOrdinal
SQLStatistics
SQLGetData
SQLNativeSql
SQLExtendedFetch
SQLSetConnectOption

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec28332873eb14cbb2a9d282438cd5c6

Headers

DLL Characteristics

File Characteristics

Imports

cmutil

wsock32

msvcrt40

kernel32

query

msvcirt

msorcl32

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 18KB - Virtual size: 57KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 160B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 18KB - Virtual size: 57KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 160B