f99e3db4096432124c26949ca3a64e7f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f99e3db4096432124c26949ca3a64e7f_JaffaCakes118
Size

868KB
MD5

f99e3db4096432124c26949ca3a64e7f
SHA1

51b7e813a8e4e037d332c196c9df081b0af66368
SHA256

ecd9b30aa5ea7aaaae10cc7309eef4fb0c21e8a3fca6dabe89963781ba10f148
SHA512

1fac8bbe9dc9990be35189693cdc5cacca7eedbd188b4b4e9f3db1cfe8aabef9ed4fc6a23d582692fa268ba230e45faa7a179c066a1ab8d76d71b3a68f2cfe94
SSDEEP

24576:9Szk0RAgYvonioRL6slommjkjnHpTZHvkMr7:9Sw0RAgY0ioTlkgnHpdHcMr7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f99e3db4096432124c26949ca3a64e7f_JaffaCakes118

Files

f99e3db4096432124c26949ca3a64e7f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

84a71c195ebedfd6f0e6822bc5d0716a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

opengl32

glVertex4i
glRotatef
glDeleteLists
wglDescribeLayerPlane
glFogiv
glGetDoublev
glColor3ubv
glShadeModel
glVertex3iv
glLighti
wglSetPixelFormat
glLightModelf
glTexCoord1d
glColor3s
wglChoosePixelFormat
glRasterPos3dv
glRasterPos2d
glLoadMatrixd
glFlush
glMapGrid2d
glVertex2d
wglUseFontOutlinesW
glColor4dv
glTexParameteriv
glMap2d
wglCopyContext
glNormal3bv
glTexCoordPointer
glEvalPoint2
glInitNames
glDeleteTextures
glCallList
glDrawBuffer
glGetPixelMapuiv
glNormalPointer
glIndexd
glGetPixelMapusv
glTexCoord1iv
glRasterPos4s

crtdll

towupper
strncat
fseek
free
wcsrchr
_strrev
isgraph
_fputwchar
_ismbcsymbol
pow
ctime
fwscanf
strtol
wcsstr
_fpreset
_msize
atan
realloc
wcscpy
_mbclen
isxdigit
_cscanf
freopen
_ismbcl1
vfprintf
fwprintf
wcsftime
_mbctombb
exit
_beep
_mbsnbcpy

kernel32

GetFileAttributesW
FindNextChangeNotification
CreateMemoryResourceNotification
LZClose
GetNumberFormatA
GetCurrentThreadId
GetExpandedNameA
GetCurrentThread
TransactNamedPipe
GetProcessHeaps
UnregisterConsoleIME
GlobalAlloc
GetThreadContext
EnumCalendarInfoExW
GetEnvironmentStringsA
ScrollConsoleScreenBufferA
SetSystemPowerState
AddLocalAlternateComputerNameW
VirtualAlloc
GetConsoleAliasA
SetConsoleScreenBufferSize
HeapUnlock
UnregisterWaitEx
GetUserDefaultUILanguage
GetModuleHandleExA
GlobalDeleteAtom
HeapCreate
SetFilePointerEx
DeleteVolumeMountPointA
LoadLibraryA
RtlCaptureContext
InitAtomTable
EnumLanguageGroupLocalesW
QueryDosDeviceW
SetCalendarInfoW
EnumUILanguagesW
ClearCommError
GetNextVDMCommand
GetDateFormatW

sqlunirl

_OpenFile_@12
_SetWindowsHookEx_@16
_OpenFileMapping_@12
_StartDoc@8
_LoadImage_@24
_DragQueryFile_@16
_InsertMenuItem_@16
_CopyFileEx_@24
_FindResourceEx_@16
_FindNextFile_@8
_GetBinaryType_@8
_LoadKeyboardLayout_@8
_GetICMProfile_@12
_ModifyMenu_@20
_CreateMetaFile_@4
_CreateService_@52
_GetVersionEx@4
_SetICMProfile_@8
_VerQueryValue_@16
_GetOutlineTextMetrics_@12
_NDdeIsValidShareName_@4
_CopyAcceleratorTable_@12
_PostThreadMessage_@16
_OpenDesktop_@16
_GetObject@12
_WritePrivateProfileStruct_@20
_FatalAppExit_@8
_CreateMailslot_@16
_CharLower@4
_WaitNamedPipe_@8
_EnumProps_@8
_OpenSCManager_@12
_GetShortPathName_@12
_IsDialogMessage@8
_CreateScalableFontResource_@16
_OutputDebugString_@4
_WriteProfileSection_@8
_NDdeTrustedShareEnum_@24
_GetModuleHandle_@4
_DrawState_@40
_lstrcpyn_@12
_CreateFontIndirect@4

advapi32

SystemFunction001
ConvertSidToStringSidA
CredUnmarshalCredentialA
CryptReleaseContext
SaferSetLevelInformation
AreAnyAccessesGranted
RegOpenKeyExA
ObjectOpenAuditAlarmW
GetInheritanceSourceW
SystemFunction020
CredMarshalCredentialW
ObjectPrivilegeAuditAlarmW
LsaGetQuotasForAccount
ElfOpenEventLogA
CopySid
RevertToSelf
AllocateAndInitializeSid
LsaLookupNames
CredGetTargetInfoA
ElfReadEventLogW
ElfOpenBackupEventLogA
GetLocalManagedApplicationData
ReadEventLogA
RegisterEventSourceW
LogonUserW

esent

JetOpenTempTable3
JetBeginExternalBackup
JetDelete@8
JetExternalRestore2
JetSetColumn@28
JetSetLS
JetGrowDatabase
JetTruncateLog
JetMakeKey@20
JetCloseTable@8
JetSetDatabaseSize
JetCreateDatabaseWithStreaming
JetCreateDatabase
JetDeleteIndex
JetOpenDatabase
JetCreateIndex
JetDupCursor
JetGetCounter
JetOpenFileInstance
JetOpenFileSectionInstance
JetEndSession@8
JetStopBackupInstance
JetGetRecordPosition
JetUpgradeDatabase
JetIdle
JetAttachDatabaseWithStreaming
JetGotoPosition
JetInit3
JetGotoBookmark
JetCreateIndex2
JetCloseTable
JetCompact
JetEnumerateColumns
JetGetInstanceInfo
JetOpenTempTable
JetRetrieveColumn@32
JetCloseFileInstance
JetCreateInstance
JetInit2
JetSetColumnDefaultValue
JetOpenTempTable2

Sections

.text
Size: 191KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 566KB - Virtual size: 568KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 107KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

84a71c195ebedfd6f0e6822bc5d0716a

Headers

DLL Characteristics

File Characteristics

Imports

opengl32

crtdll

kernel32

sqlunirl

advapi32

esent

Sections

.text Size: 191KB - Virtual size: 192KB

.rdata Size: 566KB - Virtual size: 568KB

.data Size: 107KB - Virtual size: 1.5MB

.rsrc Size: 1KB - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 191KB - Virtual size: 192KB

.rdata
Size: 566KB - Virtual size: 568KB

.data
Size: 107KB - Virtual size: 1.5MB

.rsrc
Size: 1KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 4KB