0c759ba8708e2f5546f7aeab89f77a0e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0c759ba8708e2f5546f7aeab89f77a0e_JaffaCakes118
Size

46KB
MD5

0c759ba8708e2f5546f7aeab89f77a0e
SHA1

2ab379371e656462360228135fdd192a6e383fd4
SHA256

8e97a3f3f3aaac54e431571610e6410533d9917fbdbb8e8bf71f4cc7f6a667d0
SHA512

41c2f406609399277d89179dfa70c6dfe649ccb3333b6186b09104da2f724fd70f21d60b35120195179ca41524d2b2e3494c063bd31b4ac3dd06481bf917d5c1
SSDEEP

768:TNB2zI8pbaa1q1B47bsgL04mFFuOBt/kYM99DVuEB11dFlngrJ0Q:ZYF1q167bsgL0ZHBRhM5dx3gl0Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c759ba8708e2f5546f7aeab89f77a0e_JaffaCakes118

Files

0c759ba8708e2f5546f7aeab89f77a0e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

23c266c87766148b43b49b7948dcc7a1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

query

?GetCommandChar@CQueryScanner@@QAEGXZ
?SetUI2@CStorageVariant@@QAEXGI@Z
?GetScodeError@@YGJAAVCException@@@Z
?UnMarshall@CDbColId@@QAEHAAVPDeSerStream@@@Z
DoneCIISAPIPerformanceData
??0CDbSelectNode@@QAE@XZ
??1CPerfMon@@QAE@XZ
?ReadProperty@CPropertyStore@@QAEHKKAAUtagPROPVARIANT@@@Z
?SkipBlob@CMemDeSerStream@@UAEXK@Z
?Marshall@CContentRestriction@@QBEXAAVPSerStream@@@Z
??1CColumns@@QAE@XZ
??0CLocalGlobalPropertyList@@QAE@PAVCEmptyPropertyList@@HPBGK@Z
?SetEndKey@CRangeRestriction@@QAEXABVCKeyBuf@@@Z
?PutWString@@YGXAAVPSerStream@@PBG@Z
?IsImpersonated@CImpersonateSystem@@SGHXZ
?Find@CPropertyList@@UAEPBVCPropEntry@@ABVCDbColId@@@Z
?WritePrimaryProperty@CPropStoreManager@@QAEJKKABVCStorageVariant@@@Z
?GetByte@CMemDeSerStream@@UAEEXZ
??1CDbSortKey@@QAE@XZ
?GetOleError@@YGJAAVCException@@@Z
??1CImpersonateClient@@QAE@XZ
?AddEntry@CPropertyList@@UAEXPAVCPropEntry@@H@Z
_StartFWCiSvcWork@12
?Clone@CDbCmdTreeNode@@QBEPAV1@H@Z
??0CNodeRestriction@@QAE@KI@Z
?SetCurrentProperty@CQueryParser@@AAEXPBGW4PropertyType@@@Z
??0SStorageObject@@QAE@PAVPStorageObject@@@Z
??0CGetDbProps@@QAE@XZ
?SetPhrase@CContentRestriction@@QAEXPBG@Z
?UnMarshall@CDbContentVector@@QAEHAAVPDeSerStream@@@Z
?IsCIStopped@CMachineAdmin@@QAEHXZ
?GetStartupData@CGenericCiProxy@@QAEPBEAAU_GUID@@AAK@Z
CIBuildQueryNode
??1CInternalPropertyRestriction@@QAE@XZ

kernel32

OutputDebugStringA
GetNativeSystemInfo
GetConsoleFontInfo
GetACP
GetWindowsDirectoryW
GetShortPathNameA
GetModuleFileNameW
ConsoleMenuControl
ReadFile
CreateJobObjectA
GlobalMemoryStatus
VirtualQuery
ReadConsoleOutputW
PrivCopyFileExW
SetMailslotInfo
SetPriorityClass
CreateJobSet
SetProcessWorkingSetSize
GetProcAddress
DebugBreak
GetConsoleWindow
LoadLibraryA
SetEnvironmentVariableW
GetBinaryType
GetEnvironmentStringsW
CreateProcessInternalW
CreateFileA
GetConsoleInputExeNameW
GetHandleInformation
CompareStringA
FindFirstVolumeW
VirtualAlloc
LocalLock
GetOEMCP
OpenThread
SwitchToFiber
WaitNamedPipeA
SignalObjectAndWait

ntdll

NtPrivilegeCheck
NtTestAlert
iswdigit
NtCreateKeyedEvent
RtlTimeToSecondsSince1980
RtlGetVersion
_allshl
RtlValidSecurityDescriptor
ZwQueryInstallUILanguage
NtFlushBuffersFile
RtlImpersonateSelf
ZwQueryInformationFile
NtAccessCheckByTypeResultList
ZwSetUuidSeed
RtlxAnsiStringToUnicodeSize
RtlRunDecodeUnicodeString
DbgUiGetThreadDebugObject
RtlRandomEx
NtQueryMultipleValueKey
NtPowerInformation
ZwCreateFile
RtlAddressInSectionTable
ZwQueryInformationJobObject
LdrDisableThreadCalloutsForDll
ZwQueryBootEntryOrder
strcpy
wcsncpy
RtlInitializeAtomPackage
RtlSetSecurityObjectEx
ZwSetInformationFile
RtlQueryAtomInAtomTable
ZwFlushInstructionCache
RtlDllShutdownInProgress
RtlpNtCreateKey
RtlFindLastBackwardRunClear
NtShutdownSystem
_stricmp

user32

CallMsgFilter
GetCursor
DdeNameService
BroadcastSystemMessageW
CheckMenuRadioItem
DrawStateW
CharToOemA
DestroyCursor
DrawAnimatedRects
ShowWindowAsync
CascadeChildWindows
WaitMessage
DdeReconnect
RealChildWindowFromPoint
CopyAcceleratorTableW
GetKeyboardType
DrawIcon
DrawCaption
GetWindowContextHelpId
DdeGetLastError
MessageBoxExW
CreateDialogParamW
BuildReasonArray
EnumDisplaySettingsW
GetWindowLongW
IsWindowUnicode
MessageBoxTimeoutA
RegisterClassW
DlgDirListComboBoxW
EnumDisplaySettingsExW
SendMessageCallbackA
FindWindowW
GetSysColorBrush
UnregisterMessagePumpHook
CharToOemBuffA
ChangeDisplaySettingsW
BeginPaint
UnregisterHotKey
WINNLSEnableIME
DrawFrame
PtInRect
GetWindowRgn
InvalidateRect
SetWindowsHookExW
GetKeyboardLayoutList
SendInput
ImpersonateDdeClientWindow
GetClassLongW
MenuWindowProcW
TranslateMessage
DdePostAdvise
RegisterClassExA
SetScrollInfo
UpdateLayeredWindow
DrawStateA
SendMessageTimeoutA
GetAncestor
GetAltTabInfo
ScreenToClient
GetTabbedTextExtentA
AllowSetForegroundWindow
CallNextHookEx

oleaut32

VarI2FromDec
VarUI2FromStr
VarUI4FromUI1
VarDecMul
SafeArraySetIID
VarBoolFromUI1
VarR8FromStr
VarCyInt
VarI8FromDisp
VarUI4FromBool
OleIconToCursor
VarR8FromUI8
SysAllocStringByteLen
VarUI1FromR4
VarI4FromR4
SafeArrayCopy
VarUI4FromR8
DosDateTimeToVariantTime
VarBstrFromI2
VarInt
VARIANT_UserMarshal
VarUI8FromUI2
VarI8FromDate
VarR8FromDisp
OleCreatePictureIndirect
VarI4FromR8
VarDecFromStr
VarUI1FromI4
DispInvoke
VarI4FromBool
VarBoolFromUI8
VarDecCmp
VarUI4FromR4
VarPow
VarI1FromDec
VarI4FromDisp
VarUI2FromI1
VarI8FromBool
SafeArrayCreateVectorEx
VarBstrFromR8

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

23c266c87766148b43b49b7948dcc7a1

Headers

DLL Characteristics

File Characteristics

Imports

query

kernel32

ntdll

user32

oleaut32

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 1KB - Virtual size: 60KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1024B - Virtual size: 29KB

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 1KB - Virtual size: 60KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 29KB