fad0a7d6e4a6be648e052fbc6ab1ef5d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fad0a7d6e4a6be648e052fbc6ab1ef5d_JaffaCakes118
Size

30KB
MD5

fad0a7d6e4a6be648e052fbc6ab1ef5d
SHA1

693cd5123d03fac756e318782839777ea1e26b61
SHA256

13b1c327e9fe748c85116a7648d8d4966b9e65335e84288d688c3ece26e25a20
SHA512

4bb3dc0af7c74b85625edc40bb0a945bb410827faa3f16f8da9b80034ec717b72bbb4b5294b1da7f19070972242734c2f2f5e369f1c1305688e00e1f3b48ef52
SSDEEP

768:o7V5a9sOOdAJSXkrRDfr27TEaLFsa51ANsrAUsn:ona9LOdHkN2NLX6srAZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fad0a7d6e4a6be648e052fbc6ab1ef5d_JaffaCakes118

Files

fad0a7d6e4a6be648e052fbc6ab1ef5d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

32abc7867093b21ea7dcf8ffab9b0f83

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

bsearch
RtlConvertUiListToApiList
ZwCreateEvent
NtAcceptConnectPort
RtlCaptureContext
RtlFinalReleaseOutOfProcessMemoryStream
RtlFindClearBits
ZwSuspendThread
ZwStopProfile
NtOpenSection
RtlNtStatusToDosError
CsrAllocateCaptureBuffer
LdrShutdownThread
ZwFlushWriteBuffer
_strnicmp
_ui64tow
RtlIntegerToUnicodeString
RtlCopyString
atoi
RtlDeleteNoSplay
RtlLargeIntegerToChar
NtRaiseException
_strlwr
RtlCheckForOrphanedCriticalSections
RtlVerifyVersionInfo
RtlUnhandledExceptionFilter2
RtlInitString
RtlUnicodeStringToAnsiString
NtSetHighEventPair
NlsAnsiCodePage
ZwQueryValueKey
RtlTimeToElapsedTimeFields
CsrCaptureMessageString
RtlFillMemory
ZwWaitForKeyedEvent
NtQuerySymbolicLinkObject
RtlStatMemoryStream

expsrv

rtcGetHourOfDay
__vbaGetOwner3
__vbaLenVarB
__vbaFpCSngR8
__vbaSetSystemError
BASIC_CLASS_GetIDsOfNames
rtcGetDateValue
EbDestroyContext
__vbaCyStr
rtcGetTimeValue
__vbaVarTextTstGt
rtcLeftCharBstr
__vbaObjSet
rtBoolFromErrVar
SetMemObj
__vbaDateStr
rtcInStrChar
rtcChangeDrive
TipInvokeMethod
__vbaErrorOverflow
rtcFileCopy
__vbaVarForInit
_adj_fpatan
_CIsqrt
rtcVarFromFormatVar
__vbaPutFxStr4
rtcAppActivate
__vbaVarDup
__vbaCopyBytesZero
rtcChoose

gdi32

GdiCreateLocalMetaFilePict
GdiConvertRegion
GetCharWidth32A
DdEntry44
GdiAddFontResourceW
GdiPlayEMF
EngWideCharToMultiByte
EngFindResource
FONTOBJ_pifi
GetTextAlign
EngTransparentBlt
GetViewportOrgEx
GetWinMetaFileBits
SetPixelV
PlayEnhMetaFileRecord
RealizePalette
GdiDeleteLocalDC
GdiSetLastError
GdiConvertToDevmodeW
AddFontResourceA
GetAspectRatioFilterEx
OffsetRgn
MoveToEx
GetBitmapAttributes
SetPixel
GetTextExtentExPointWPri
GdiConvertPalette
CopyEnhMetaFileW
DdEntry35
GetTextFaceAliasW
GetWindowExtEx
SetVirtualResolution
SetWindowExtEx
GdiEntry3
PtVisible
XLATEOBJ_cGetPalette
GetCharABCWidthsI
CreateEllipticRgnIndirect
PolyDraw
GetPixel
DeleteMetaFile
CopyMetaFileA
GdiSetPixelFormat
EnumFontFamiliesExW
GetGlyphOutlineW
BeginPath
StartPage
SetWinMetaFileBits
SetBrushAttributes
AnimatePalette
DdEntry17
UpdateICMRegKeyW
SetBitmapDimensionEx
GetTextFaceA
ScaleWindowExtEx
GetGlyphIndicesW
GdiEntry1
FONTOBJ_pfdg
CreateBitmap
ExtCreatePen
SetAbortProc
GdiPlayPageEMF
DdEntry12
SetTextJustification
SetBitmapAttributes
DdEntry23
UpdateColors
GdiAddGlsRecord
GetMiterLimit
DdEntry37
GetStretchBltMode
EngGetDriverName
DdEntry55
MaskBlt

user32

CallNextHookEx
DrawTextW
SetWindowTextW
ToAscii
UnregisterMessagePumpHook
CascadeWindows
CreateWindowStationW
DrawCaption
RegisterClassExA
CreateWindowExA
SetDeskWallpaper
GetClientRect
MoveWindow
GetWindowLongA
MessageBoxTimeoutA
GetAncestor
SetScrollPos
GetWindowModuleFileNameA
TranslateAccelerator
GetWindowTextLengthA
DeleteMenu
RedrawWindow
RecordShutdownReason
GetMenuStringA
OemToCharBuffA
DdeReconnect
SetClassWord
ValidateRect
SetProcessDefaultLayout
GetWindowTextLengthW
UnionRect
IMPQueryIMEW
CloseDesktop
BroadcastSystemMessageExW
CharLowerBuffA
GetMenuBarInfo
DispatchMessageA
GetPriorityClipboardFormat

kernel32

GetCurrentDirectoryW
VerSetConditionMask
LCMapStringW
EndUpdateResourceA
WritePrivateProfileStructA
SetLastConsoleEventActive
AllocConsole
CreateMutexA
VirtualLock
GetConsoleInputExeNameA
LoadResource
VDMConsoleOperation
VirtualAlloc
lstrcpyn
GetModuleHandleA
SetProcessAffinityMask
AddVectoredExceptionHandler
DelayLoadFailureHook
lstrcatA
GetCPInfoExW
EnumerateLocalComputerNamesW
SetVolumeMountPointW
ResetEvent
CreateFiber
SetConsoleCursorPosition
GetEnvironmentStringsA
ConsoleMenuControl
GetVersion
FindVolumeMountPointClose
EnumSystemLanguageGroupsW
Beep
EnumCalendarInfoExW
CloseConsoleHandle
FreeEnvironmentStringsW

mpr

WNetPasswordChangeNotify
WNetGetConnection3A
WNetEnumResourceW
WNetAddConnection2W
WNetGetDirectoryTypeA
WNetUseConnectionW
MultinetGetErrorTextW
WNetAddConnection2A
WNetConnectionDialog
WNetGetProviderNameW
WNetGetNetworkInformationA
WNetOpenEnumW
WNetAddConnectionA
WNetConnectionDialog1A
WNetGetUniversalNameW
WNetDisconnectDialog
WNetDisconnectDialog1W
WNetGetResourceInformationW
WNetGetProviderTypeW
WNetClearConnections
WNetGetDirectoryTypeW
WNetGetConnectionA
WNetGetPropertyTextW
WNetCancelConnection2A
WNetGetConnectionW
WNetSetLastErrorW
WNetGetUserW
WNetSetConnectionA
WNetCancelConnectionW
WNetOpenEnumA
WNetFormatNetworkNameW
WNetEnumResourceA

glmf32

glsEndObj
glsNullCommandFunc
glsUTF8toUCS4
glsCallArrayInContext
glsGetStreamCRC32
glsLongHigh
glsHeaderf
glsError
glsPixelSetup
glsCopyStream
glsNumbv
glsNumlv
glsBlock
glsGetHeaderfv
glsUCS4toUTF8
glsCaptureFlags
glsHeaderLayerf
glsULongLow
glsNumubv
glsGetStreamAttrib
glsNumulv
glsUCS4toUTF8z
glsIsExtensionSupported
glsGetHeaderi
glsGetOpcodes
glsGetHeaderf
glsPixelSetupGen
glsGetContextubz
glsUnsupportedCommand
glsGetGLRCi
glsCharubz
glsGetCurrentContext
__glsParser_create
glsGetLayeri
glsEndGLS
glsUpdateCaptureExecTable
glsReadFunc
glsCommandFunc

shell32

StrCmpNIW
SHGetUnreadMailCountW
StrStrA
SHHelpShortcuts_RunDLL
DragQueryFileA
StrNCmpW
SHQueryRecycleBinA
SHGetFolderPathAndSubDirA
SHGetNewLinkInfoW
CommandLineToArgvW
StrChrIA
ShellAboutW
SHGetDiskFreeSpaceExA
ShellExecuteExA
StrChrIW
DllGetClassObject
PrintersGetCommand_RunDLL
RealShellExecuteW
Control_RunDLL
DllUnregisterServer
SHLoadInProc
StrRStrW
DragQueryFileW
SHBindToParent
ExtractAssociatedIconExA
SHEmptyRecycleBinA
StrNCmpIW

query

?Cleanup@CDbProp@@QAEXXZ
?Setup@CPropStoreManager@@QAEXKKKKHK@Z
??0CDbQueryResults@@QAE@XZ
?GetVPathSSLAccess@CMetaDataMgr@@QAEKPBG@Z
??1CPropertyStore@@QAE@XZ
?IsValid@CAllocStorageVariant@@QBEHXZ
?UnMarshall@CDbProperties@@QAEHAAVPDeSerStream@@@Z
??1CRestriction@@QAE@XZ
?SetPhrase@CContentRestriction@@QAEXPBG@Z
?LokUpdate@CCatStateInfo@@QAEHXZ
?Copy@CDbProp@@QAEHABUtagDBPROP@@@Z
?GetI2@CAllocStorageVariant@@QBEFI@Z
?VT_VARIANT_EQ@@YGHABUtagPROPVARIANT@@0@Z
?StartCI@CMachineAdmin@@QAEHXZ
?GetBOOL@CAllocStorageVariant@@QBEFI@Z
??3CDbPropSet@@SGXPAX@Z
?IsSameDrive@CDriveInfo@@QAEHPBG@Z
?MakeBackupCopy@CPidLookupTable@@QAEXAAVPRcovStorageObj@@AAVPSaveProgressTracker@@@Z
?SkipChar@CMemDeSerStream@@UAEXK@Z
??1CDbQueryResults@@QAE@XZ
?VT_VARIANT_LE@@YGHABUtagPROPVARIANT@@0@Z
??1CContentRestriction@@QAE@XZ
CIGetGlobalPropertyList
?SaCreateData@@YGHAAVPVarAllocator@@GAAUtagSAFEARRAY@@1H@Z
?DisableVPathNotify@CMetaDataMgr@@QAEXXZ
?FetchProperty@COLEPropManager@@QAEXABU_GUID@@ABUtagPROPSPEC@@PAUtagPROPVARIANT@@PAI@Z
SvcEntry_CiSvc
?SetSZParam@CMachineAdmin@@QAEXPBG0K@Z
??1CSizeSerStream@@UAE@XZ
??0CSizeSerStream@@QAE@XZ
??1CGenericCiProxy@@UAE@XZ
?QueryCatalogAdmin@CMachineAdmin@@QAEPAVCCatalogAdmin@@PBG@Z

odbcjt32

AdvancedDialogProc
SQLNumParams
SQLConnectW
SQLExecute
SQLExtendedFetch
ConfigDSNExW
SQLSetDescRec
SQLAllocConnect
SQLGetCursorNameW
SQLParamData
SQLCopyDesc
SQLAllocStmt
SQLGetFunctions
ConfigDSNW
SQLGetData
InitializeLoginDialog
SQLSetDescFieldW
SQLFetchScroll
SQLBindParameter
ConfigDSN
SQLProcedureColumnsW
SQLBindCol
LoadByOrdinal
SQLSetScrollOptions
SQLGetDescRecW
SQLGetDescFieldW
SQLSetEnvAttr
DefTxtFmtDlgProc
SQLNumResultCols
SQLSetStmtAttrW
SQLAllocHandle
SQLSetPos
ConfigDriverW
SQLGetInfoW
SQLFetch
SQLSetCursorNameW
OpenDirHook
SQLBulkOperations
SQLRowCount

opengl32

glColor3f
glDepthFunc
wglGetProcAddress
glVertex2dv
glTexGend
glColor4ubv
glTexCoord3i
glStencilFunc
glEnableClientState
wglUseFontBitmapsA
glColor3s
glTexEnviv
glTexCoord3dv
glGetError
glIndexiv
glRasterPos4f
glPopMatrix
glRasterPos4iv
glTexCoord2i
glEvalPoint1
wglDescribePixelFormat
glRectdv
glTexCoord1fv
glVertex2f

olecli32

ErrQueryOutOfDate
ObjQuerySize
OleQuerySize
OleUpdate
LeSaveToStream
OleReconnect
OleActivate
LeQueryOutOfDate
LeSetTargetDevice
OleRevokeClientDoc
OleSetHostNames
GetTaskVisibleWindow
BmEnumFormat
DefCreateFromFile
OleQueryOutOfDate
OleQueryName
LeQueryOpen
OleRevertClientDoc
OleQueryLinkFromClip
OleCopyToClipboard
LeCreateInvisible
OleCreateInvisible
DibEqual
DibCopy
OleRequestData
BmGetData
OleCreateLinkFromFile
GenEnumFormat
MfCopy

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

32abc7867093b21ea7dcf8ffab9b0f83

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

expsrv

gdi32

user32

kernel32

mpr

glmf32

shell32

query

odbcjt32

opengl32

olecli32

Sections

.text Size: 13KB - Virtual size: 13KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 1024B - Virtual size: 2KB

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 1024B - Virtual size: 2KB