0f0296095461f9185704b15ed20e9123_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0f0296095461f9185704b15ed20e9123_JaffaCakes118
Size

875KB
MD5

0f0296095461f9185704b15ed20e9123
SHA1

0999fa1a0ee09ee1a556bb6336dcce22b627ab8f
SHA256

81f86ac693726c4829e8e31d9a2c4cdc6c37d08ebbaf8d44c692ba1171b34ae8
SHA512

64497a4527309ed10f4b031e0c1f374f6a64619c4b1c71849d70ca652419878bad16e4174d7aa941314559ea009a002893810d6bb11568a366f3561a1c605372
SSDEEP

24576:FFv1MldqeXbTuLgvA9zkQtT8qURFUSvdQe4:Tu9XbTuLg0jTR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f0296095461f9185704b15ed20e9123_JaffaCakes118

Files

0f0296095461f9185704b15ed20e9123_JaffaCakes118
.exe windows:5 windows x86 arch:x86

12fe47b253d2711771bfb58d73d6b899

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

query

?NumberOfSortProps@CCatState@@QBEIXZ
??1CEventItem@@QAE@XZ
?GetPhysicalPath@CWebServer@@QAEKPBGPAGKK@Z
?GetCD@CCatState@@QAEPBGXZ
?Clone@COccRestriction@@QBEPAV1@XZ
?Read@CRegAccess@@QAEPAGPBG0@Z
?Read@CRegAccess@@QAEKPBGK@Z
?Marshall@CDbParameter@@QBEXAAVPSerStream@@@Z
?GrowBuffer@CVirtualString@@AAEXK@Z
?Release@CFwPropertyMapper@@UAGKXZ
?ReadProperty@CPropStoreManager@@QAEHAAVCCompositePropRecord@@KAAUtagPROPVARIANT@@@Z
?UnMarshall@CDbProperties@@QAEHAAVPDeSerStream@@@Z
?Marshall@CRestriction@@QBEXAAVPSerStream@@@Z
?StartCI@CMachineAdmin@@QAEHXZ
?Release@CImpersonateRemoteAccess@@QAEXXZ
??0CPersDeComp@@QAE@AAVPDirectory@@KAAVCPhysIndex@@KHH@Z
??1CPhraseRestriction@@QAE@XZ
?Map@CMmStreamConsecBuf@@QAEXK@Z
??0CSort@@QAE@I@Z
?ReleaseWorkThreads@CWorkQueue@@QAEXXZ
??1CWordRestriction@@QAE@XZ
?GetStorage@CPropStoreManager@@QAEAAVPStorage@@K@Z
?ReadProperty@CPropStoreManager@@QAEHAAVCCompositePropRecord@@KAAUtagPROPVARIANT@@PAEPAI@Z
?SetSecret@@YGXPBG00K@Z
??0CEventItem@@QAE@GGKGKPBX@Z
??1CPropertyStore@@QAE@XZ
?MinPageInUse@CPhysStorage@@QAEHAAK@Z
?_ImpersonateIf@CImpersonateRemoteAccess@@AAEHPBG0K@Z
?WriteProperty@CPropStoreManager@@QAEJAAVCCompositePropRecordForWrites@@KABVCStorageVariant@@@Z
?ReadProperty@CPropStoreManager@@QAEHKKAAUtagPROPVARIANT@@@Z

kernel32

SetConsoleCursorInfo
GetEnvironmentStringsW
LoadLibraryA
UnlockFile
InitAtomTable
TerminateThread
ReleaseActCtx
RestoreLastError
SetConsoleOS2OemFormat
GetACP
GetConsoleCharType
ReadFileScatter
lstrcpyW
VirtualAlloc
GetNumaNodeProcessorMask
SetConsoleFont
SetLocaleInfoW
ContinueDebugEvent
GlobalFindAtomA
GetProcAddress
GetCommandLineA
GetCPInfoExA
GetDiskFreeSpaceExA
QueryDosDeviceA
GetThreadPriority
UpdateResourceA
WriteConsoleInputVDMW
GlobalFindAtomW
SetEnvironmentVariableW
TerminateJobObject
QueryActCtxW
SuspendThread
LocalShrink
GetPrivateProfileIntW
GlobalMemoryStatus
GetPrivateProfileStringA
GetConsoleCP
MapUserPhysicalPages
GetVolumeNameForVolumeMountPointW
InitializeCriticalSectionAndSpinCount
CloseHandle
OutputDebugStringA
PurgeComm
IsDBCSLeadByte
CommConfigDialogA
SetConsoleTitleW
GetNumaAvailableMemoryNode
LoadLibraryExA
GlobalMemoryStatusEx

msi

MsiRecordSetStreamW
MsiSetFeatureAttributesW
MsiSetTargetPathA
MsiEvaluateConditionA
MsiAdvertiseProductW
MsiSetInstallLevel
MsiSetExternalUIA
MsiSummaryInfoGetPropertyA
MsiRecordIsNull
MsiEnumComponentsW
MsiFormatRecordW
MsiQueryProductStateW
MsiGetFileHashA
MsiVerifyPackageA
MsiEnumFeaturesA
MsiSetFeatureStateW
MsiInstallMissingComponentA
MsiDatabaseMergeW
MsiCollectUserInfoA
MsiViewFetch
MsiEnumPatchesA
MsiSetComponentStateW
MsiSetFeatureStateA
MsiProvideComponentW
MsiProvideQualifiedComponentExA
MsiProvideAssemblyA
MsiViewModify
MsiOpenDatabaseW
MsiSourceListAddSourceA
MsiCloseHandle
MsiAdvertiseProductExA
MsiGetComponentPathA
MsiNotifySidChangeW
MsiProvideQualifiedComponentExW

sqlwoa

_GetObject@12
_SetProp@12
_GetComputerName@8
_GetDlgItemText@16
_LoadLibrary@4
_tsystem
_CreateDialogIndirectParam@20
_GetOpenFileName@4
_LoadCursor@8
_CreateWindowEx@48
_GetFileTitle@12
_PostMessage@16
_TranslateAccelerator@12
_GetWindowTextLength@4
_FormatMessage@28
_PeekMessage@20
_CommDlg_OpenSave_GetFilePath@12
_LoadMenu@8
_CreateFontIndirect@4
_trename
_tfopen
_FreeEnvironmentStrings@4
_GetWindowText@12
_IsDialogMessage@8
newWideCharFromMultiByte
_CallWindowProc@20
_GetWindowLong@8
_SendDlgItemMessage@20
_LoadIcon@8
_CommDlg_OpenSave_GetSpec@12

mfcsubs

?GetNextAssoc@CMapStringToPtr@@QBEXAAPAU__POSITION@@AAVCString@@AAPAX@Z
?FormatMessageW@CString@@QAAXIZZ
??0CObject@@IAE@XZ
??1CStringArray@@UAE@XZ
?FreeExtra@CString@@QAEXXZ
?AfxExtractSubString@@YGHAAVCString@@PBGHG@Z
??4CString@@QAEABV0@G@Z
?GetAllocLength@CString@@QBEHXZ
??0CStringArray@@QAE@XZ
??1CString@@QAE@XZ
?SetAt@CMapStringToPtr@@QAEXPBGPAX@Z
??4CString@@QAEABV0@PBG@Z
??_7CStringArray@@6B@
?Release@CString@@IAEXXZ
??M@YG_NABVCString@@PBG@Z
??H@YG?AVCString@@ABV0@0@Z
?GetAssocAt@CMapStringToPtr@@IBEPAUCAssoc@1@PBGAAI@Z
??P@YG_NABVCString@@PBG@Z
?SpanExcluding@CString@@QBE?AV1@PBG@Z
??_7CMapStringToPtr@@6B@
?AfxLoadString@@YGHIPAGI@Z
??0CString@@QAE@XZ
??P@YG_NABVCString@@0@Z
??8@YG_NABVCString@@PBG@Z
?AfxA2WHelper@@YGPAGPAGPBDH@Z
?AssignCopy@CString@@IAEXHPBG@Z

rtm

RtmGetEnumRoutes
EnumOverTable
RtmGetNextHopInfo
RtmGetEntityMethods
RtmCreateEnumerationHandle
RtmCreateDestEnum
RtmCreateRouteEnum
RtmReleaseRouteInfo
RtmEnumerateGetNextRoute
RtmDeregisterClient
RtmAddRoute
RtmWriteAddressFamilyConfig
RtmReferenceHandles
MgmAddGroupMembershipEntry
RtmDeleteRouteToDest
RtmLookupIPDestination
InsertIntoTable
CreateTable
MgmDeInitialize
MgmGetNextMfeStats
DestroyTable
RtmDeleteRouteTable
RtmUpdateAndUnlockRoute
MgmGetFirstMfeStats
RtmReleaseNextHops
RtmGetNextRoute

msdart

?SetDefaultSpinCount@CSpinLock@@SGXG@Z
??0CLockedDoubleList@@QAE@XZ
?sm_dblDfltSpinAdjFctr@CFakeLock@@1NA
?s_aBucketSizes@?1??BucketSizes@CLKRHashTableStats@@SGPBJXZ@4QBJB
?ReadOrWriteLock@CReaderWriterLock3@@QAE_NXZ
?GetStatistics@CLKRHashTable@@QBE?AVCLKRHashTableStats@@XZ
?ReadOrWriteLock@CCritSec@@QAE_NXZ
?Size@CLKRLinearHashTable@@QBEKXZ
?sm_dblDfltSpinAdjFctr@CReaderWriterLock3@@1NA
?RemoveEntry@CLockedDoubleList@@QAEXQAVCListEntry@@@Z
?_WriteLockSpin@CReaderWriterLock@@AAEXXZ
?IsMillnm@CMdVersionInfo@@SAHXZ
?WriteUnlock@CReaderWriterLock@@QAEXXZ
?ReadOrWriteLock@CFakeLock@@QAE_NXZ
??1CReaderWriterLock@@QAE@XZ
?HeadNode@CDoubleList@@QBEQBVCListEntry@@XZ
MpHeapFree
?ReadLock@CSmallSpinLock@@QAEXXZ
?sm_dblDfltSpinAdjFctr@CSmallSpinLock@@1NA
?ValidSignature@CLKRHashTable@@QBE_NXZ
?IsWriteUnlocked@CReaderWriterLock2@@QBE_NXZ
?NumSubTables@CLKRHashTable@@QBEHXZ
?GetDefaultSpinCount@CSpinLock@@SGGXZ
?IsReadUnlocked@CSpinLock@@QBE_NXZ
??1CFakeLock@@QAE@XZ
?GetDefaultSpinCount@CReaderWriterLock2@@SGGXZ

Sections

.text
Size: 361KB - Virtual size: 361KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 337KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12fe47b253d2711771bfb58d73d6b899

Headers

DLL Characteristics

File Characteristics

Imports

query

kernel32

msi

sqlwoa

mfcsubs

rtm

msdart

Sections

.text Size: 361KB - Virtual size: 361KB

.rdata Size: 173KB - Virtual size: 173KB

.data Size: 337KB - Virtual size: 1.8MB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 361KB - Virtual size: 361KB

.rdata
Size: 173KB - Virtual size: 173KB

.data
Size: 337KB - Virtual size: 1.8MB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 1024B