0a8e9f74f96a2ff1406b50693078e45f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0a8e9f74f96a2ff1406b50693078e45f_JaffaCakes118
Size

71KB
MD5

0a8e9f74f96a2ff1406b50693078e45f
SHA1

f5edb165545e3818c06a069406099ecd029931de
SHA256

08c0d94d475acb296b373041c85d48c53d8b50f8467b3b9098718ae129055763
SHA512

afbc19b1181d26ebce0efd0260415af58e6df06532c8978a5e68b15e864a81918950e4a7a14b767dd26018ae2941ad2347c5ab04495cb13c7977835815da4d13
SSDEEP

1536:4X/1mJEgqipZidB6RoLn+doJ+doTGdGydIYtTSCFAg:60JEgnpkdB4o90KSIYtTpFT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a8e9f74f96a2ff1406b50693078e45f_JaffaCakes118

Files

0a8e9f74f96a2ff1406b50693078e45f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fec08dd6667fa78c38758b62199b45ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteProcessMemory
FindNextChangeNotification
SetTapePosition
GetSystemDefaultLCID
GetLongPathNameA
CreateActCtxA
CreateSocketHandle
IsBadCodePtr
SystemTimeToTzSpecificLocalTime
SetFileValidData
SetConsoleMenuClose
ExpandEnvironmentStringsW
LeaveCriticalSection
UnhandledExceptionFilter
IsValidLocale
EnterCriticalSection
EnumResourceTypesW
LoadLibraryA
Module32Next
GetComputerNameExA
WTSGetActiveConsoleSessionId
GetCPInfoExA
FindNextVolumeA
GlobalAddAtomA
GetSystemDefaultLangID
ReadConsoleOutputW
SetVolumeLabelA
VirtualAlloc
GetConsoleWindow
IsValidCodePage
GetHandleContext
SetThreadPriority
GetConsoleAliasesA
DnsHostnameToComputerNameW
OpenMutexA
IsDebuggerPresent
RtlZeroMemory
lstrcpynW
AreFileApisANSI
GetUserDefaultLCID
SetLocaleInfoW
GetCommandLineW
DeleteAtom
GlobalHandle
HeapReAlloc
ConsoleMenuControl

setupapi

CM_Get_DevNode_Custom_Property_ExW
SetupCloseInfFile
CM_Get_Hardware_Profile_Info_ExA
SetupCreateDiskSpaceListA
SetupEnumInfSectionsA
SetupDiEnumDriverInfoA
InstallCatalog
SetupDiRegisterCoDeviceInstallers
SetupRenameErrorA
CM_Get_HW_Prof_Flags_ExA
pSetupIsGuidNull
SetupDiGetClassRegistryPropertyA
pSetupGetFileTitle
SetupSetDirectoryIdA
CM_Get_DevNode_Custom_Property_ExA
CM_Get_DevNode_Custom_PropertyW
CMP_Report_LogOn
SetupCommitFileQueueW
SetupDiGetClassImageList
SetupDuplicateDiskSpaceListA
SetupDiOpenClassRegKeyExA
SetupGetStringFieldA
SetupDiOpenClassRegKeyExW
SetupDiInstallClassW
SetupGetInfSections
CM_Connect_MachineA
SetupQueueRenameSectionA
CM_Get_Device_ID_List_SizeA
CM_Enumerate_Classes_Ex

sqlsrv32

SQLStatisticsW
ConnectDlgProc
SQLDebug
SQLSetConnectAttrW
SQLGetDescFieldW
SQLSpecialColumnsW
WizDatabaseDlgProc
SQLColAttributeW
SQLGetConnectOptionW
SQLGetConnectAttrW
SQLPrimaryKeysW
SQLSetConnectOptionW
TestDlgProc
SQLParamOptions
ConfigDSNW
BCP_readfmt
SQLDriverConnectW
SQLExecDirectW
BCP_sendrow
SQLNumParams
SQLProcedureColumnsW
BCP_collen
SQLCopyDesc
SQLParamData
ConfigDriverW
SQLFreeStmt
SQLSetDescFieldW
SQLForeignKeysW
SQLSetPos
SQLGetDiagFieldW
SQLNativeSqlW
BCP_writefmt
SQLGetDiagRecW

lz32

CopyLZFile
GetExpandedNameA
LZInit
LZCopy
LZClose
LZSeek
LZRead
LZDone
LZOpenFileW
LZOpenFileA
LZCloseFile
GetExpandedNameW
LZCreateFileW
LZStart

d3d8thk

OsThunkDdCreateSurface
OsThunkD3dContextCreate
OsThunkDdCreateSurfaceObject
OsThunkDdColorControl
OsThunkDdCanCreateSurface
OsThunkDdDestroyD3DBuffer
OsThunkDdAlphaBlt
OsThunkDdCreateDirectDrawObject
OsThunkDdCreateMoComp
OsThunkDdGetMoCompFormats
OsThunkDdEndMoCompFrame
OsThunkDdSetColorKey
OsThunkDdGetDC
OsThunkDdGetDriverState
OsThunkDdSetGammaRamp
OsThunkDdBlt
OsThunkDdQueryDirectDrawObject
OsThunkDdUnlockD3D
OsThunkDdReleaseDC
OsThunkDdReenableDirectDrawObject
OsThunkDdGetScanLine
OsThunkD3dDrawPrimitives2
OsThunkDdQueryMoCompStatus
OsThunkDdGetDriverInfo
OsThunkDdSetOverlayPosition
OsThunkDdLock
OsThunkDdUnlock
OsThunkDdUpdateOverlay
OsThunkDdResetVisrgn
OsThunkD3dContextDestroy
OsThunkD3dValidateTextureStageState
OsThunkDdGetInternalMoCompInfo
OsThunkDdSetExclusiveMode

rtm

RtmEnumerateGetNextRoute
RtmGetListEnumRoutes
RtmGetLessSpecificDestination
RtmGetRegisteredEntities
MgmInitialize
RtmCreateNextHopEnum
RtmDeleteRouteToDest
CheckTable
RtmReadInstanceConfig
RtmReleaseNextHopInfo
RtmBlockSetRouteEnable
RtmBlockDeleteRoutes
RtmWriteAddressFamilyConfig
RtmGetRouteInfo
RtmHoldDestination
RtmGetRouteAge
RtmGetFirstRoute
RtmReleaseChangedDests
RtmDeregisterFromChangeNotification
RtmDeleteRoute
MgmGroupEnumerationEnd
RtmAddRouteToDest
RtmLockDestination
RtmCreateRouteList
RtmReleaseEntities
MgmReleaseInterfaceOwnership
RtmUpdateAndUnlockRoute
RtmDereferenceHandles
DumpTable
RtmInvokeMethod
RtmAddRoute
RtmDeregisterClient
RtmReferenceHandles
RtmCreateRouteEnum
RtmGetChangedDests
RtmCloseEnumerationHandle
RtmMarkDestForChangeNotification
SearchInTable
DeleteFromTable
MgmGetMfeStats
MgmGetMfe

msvcrt40

_winmajor
strcmp
?sh_none@filebuf@@2HB
_flsbuf
_pipe
_wcsset
?str@strstreambuf@@QAEPADXZ
??1istream_withassign@@UAE@XZ
ispunct
??_Gistream@@UAEPAXI@Z
?peek@istream@@QAEHXZ
_copysign
clock
_mbsnbcnt
_beginthread
_mbsncpy
??_Eifstream@@UAEPAXI@Z
fputws
iswupper
vsprintf
??4iostream@@IAEAAV0@AAV0@@Z
?flush@@YAAAVostream@@AAV1@@Z
wcstod
_wcsdup
??6ostream@@QAEAAV0@I@Z
?stdiofile@stdiobuf@@QAEPAU_iobuf@@XZ
_strerror
??_7strstream@@6B@
??0exception@@QAE@ABV0@@Z
?rdbuf@istrstream@@QBEPAVstrstreambuf@@XZ
??_Gstrstream@@UAEPAXI@Z
_spawnl
_getdrive
??6ostream@@QAEAAV0@PBE@Z
__p__pgmptr
??0ios@@IAE@ABV0@@Z
_except_handler2
??1bad_cast@@UAE@XZ

wiashext

AddDeviceWasChosen
AddDeviceWasChosenA
DllGetClassObject
DoDeleteAllItems
MakeFullPidlForDevice
AddDeviceWasChosenW

msvcrt

__set_app_type
__p__commode
__getmainargs
exit

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fec08dd6667fa78c38758b62199b45ed

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

setupapi

sqlsrv32

lz32

d3d8thk

rtm

msvcrt40

wiashext

msvcrt

Sections

.text Size: 63KB - Virtual size: 63KB

.rdata Size: 76KB - Virtual size: 76KB

.data Size: 27KB - Virtual size: 219KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 63KB - Virtual size: 63KB

.rdata
Size: 76KB - Virtual size: 76KB

.data
Size: 27KB - Virtual size: 219KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB