1637c2aabe4789aee887160680797043_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1637c2aabe4789aee887160680797043_JaffaCakes118
Size

867KB
MD5

1637c2aabe4789aee887160680797043
SHA1

99bddaa0a58889cde7ba70940fa22d77d42a91b2
SHA256

31d4d547e34114d422175966d93a232ee700a8214a663c9322f3209a0c765463
SHA512

ae6faeb3f88476fb4e1b91589d3bd9416d61a6c62dba69abf8b63e0940ba82c4939fa9eac3388ede7e79983ce825c2f205dfd72aaee0050e5ef96afbaa50ef98
SSDEEP

24576:1l4FlwKCHepGdUApwJ7vBSJds/otxVmFkD:1YwKCH0keAds/YxQS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1637c2aabe4789aee887160680797043_JaffaCakes118

Files

1637c2aabe4789aee887160680797043_JaffaCakes118
.exe windows:5 windows x86 arch:x86

001e0195d057f6d7a26b728346cb907c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetTextCharset
EngGetDriverName
SwapBuffers
EnumFontFamiliesA
CreateSolidBrush
GetTextCharsetInfo
ColorMatchToTarget
GdiSetAttrs
PolyBezier
EnumICMProfilesA
GdiConvertBitmap
DdEntry50
bMakePathNameW
GdiFixUpHandle
GetTextExtentExPointW
CreateDIBSection
EngCreateClip
GdiInitSpool
BRUSHOBJ_pvGetRbrush
GetCharABCWidthsFloatW
SetDCPenColor
SetColorSpace
CreateCompatibleBitmap
RectInRegion
DdEntry36
CreateDIBPatternBrush
FillPath
EngFreeModule
EngPlgBlt
SetFontEnumeration
EngQueryLocalTime
BitBlt
ColorCorrectPalette
Escape

kernel32

CreateFiberEx
LeaveCriticalSection
lstrcmpiA
SetHandleContext
LoadLibraryExW
LoadLibraryA
DeleteVolumeMountPointA
IsDebuggerPresent
HeapReAlloc
WriteConsoleW
FreeEnvironmentStringsW
SetConsoleScreenBufferSize
RemoveDirectoryW
GetUserDefaultLCID
CreateMailslotW
GetLocalTime
GetLargestConsoleWindowSize
CommConfigDialogA
SetConsolePalette
ExpungeConsoleCommandHistoryA
CloseHandle
WriteConsoleA
DeleteTimerQueue
VirtualAlloc
WaitForSingleObjectEx
IsProcessorFeaturePresent
EnterCriticalSection
InitAtomTable
GetPrivateProfileSectionW
SetComputerNameW
RtlCaptureStackBackTrace
GetShortPathNameA
SetWaitableTimer
GlobalFindAtomA
IsValidCodePage
GetSystemWow64DirectoryA
GetSystemPowerStatus
GetProcessTimes
IsValidLocale
RemoveDirectoryA

opengl32

glTexCoord1sv
glGetTexGenfv
glBitmap
glColor3dv
glColor4b
glVertex4d
glClearColor
glRecti
glViewport
glIsList
glColor4fv
glRasterPos2s
glRasterPos2d
glEvalCoord1fv
glVertex3i
glEvalPoint1
GlmfPlayGlsRecord
glAccum
wglSetLayerPaletteEntries
glDepthFunc
glRasterPos2dv
glMultMatrixd
wglCreateContext
glTexParameteri
glTexCoord1f
glColor3fv
glTexCoord3iv
glColor4iv
wglSetPixelFormat
glShadeModel
glNormal3i
glPointSize
glListBase
glGenTextures
glMapGrid2f
glEvalCoord1d

query

??0CPersDeComp@@QAE@AAVPDirectory@@KAAVCPhysIndex@@KHH@Z
??0CDbQueryResults@@QAE@XZ
??0CTimeLimit@@QAE@KK@Z
?GetProperties@CDbProperties@@UAGJKQBUtagDBPROPIDSET@@PAKPAPAUtagDBPROPSET@@@Z
?CiNtOpen@@YGPAXPBGKKK@Z
?AcqPath@CQueryScanner@@QAEPAGXZ
?DeleteRegistryParamNoThrow@CCatalogAdmin@@QAEXPBG@Z
?AcquireRead@CPropertyStore@@AAEXAAVCReadWriteLockRecord@@@Z
?Next@CScopeEnum@@QAEHXZ
?Add@CDbSortSet@@QAEHABVCDbColId@@KI@Z
?GetLPWSTR@CAllocStorageVariant@@QBEPAGI@Z
?Rewind@CMmStreamConsecBuf@@QAEXXZ
?SetLPWSTR@CStorageVariant@@QAEXPBGI@Z
?ReadProperty@CPropStoreManager@@QAEHKKAAUtagPROPVARIANT@@@Z
??1CWorkManager@@QAE@XZ
?PutWString@@YGXAAVPSerStream@@PBG@Z
?CloseRecord@CPropStoreManager@@QAEXPAVCCompositePropRecordForWrites@@@Z
??0CPidLookupTable@@QAE@XZ
?Marshall@CNatLanguageRestriction@@QBEXAAVPSerStream@@@Z
LocateCatalogsA
?GetCGIVariableW@CWebServer@@QAEHPBGAAV?$XArray@G@@AAK@Z
?GetAllEntries@CPropertyList@@UAEJPAPAVCPropEntry@@K@Z
?UnMarshall@CDbProperties@@QAEHAAVPDeSerStream@@@Z
?FormQueryTree@@YGPAVCDbCmdTreeNode@@AAV1@AAVCCatState@@PAUIColumnMapper@@HH@Z
??1COccRestriction@@QAE@XZ
?IsValid@CNodeRestriction@@QBEHXZ
??0CAllocStorageVariant@@QAE@PBDAAVPMemoryAllocator@@@Z
?SetRestriction@CDbSelectNode@@QAEHPAVCDbCmdTreeNode@@@Z
?MakePrivileged@CImpersonateSystem@@AAEXXZ
?AllocHeapAndGetWString@@YGPAGAAVPDeSerStream@@@Z
?AddArg@CEventItem@@QAEXPBG@Z
?Flush@CDynStream@@QAEXXZ
??1CContentRestriction@@QAE@XZ
?StrLen@CKey@@QBEIXZ
?Init@CFileMapView@@QAEXXZ
??1CEventLog@@QAE@XZ
?QueryInterface@CEnumString@@UAGJABU_GUID@@PAPAX@Z
?Release@CEnumString@@UAGKXZ
?AddCatalog@CMachineAdmin@@QAEXPBG0@Z
??0CTransaction@@QAE@XZ

lz32

LZRead
CopyLZFile
LZClose
LZDone
LZCopy
LZOpenFileA
LZOpenFileW
LZStart
LZCloseFile
GetExpandedNameA
LZInit
LZSeek

dpnhupnp

DllGetClassObject

Sections

.text
Size: 453KB - Virtual size: 453KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 335KB - Virtual size: 335KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

001e0195d057f6d7a26b728346cb907c

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

kernel32

opengl32

query

lz32

dpnhupnp

Sections

.text Size: 453KB - Virtual size: 453KB

.rdata Size: 335KB - Virtual size: 335KB

.data Size: 74KB - Virtual size: 1.5MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 453KB - Virtual size: 453KB

.rdata
Size: 335KB - Virtual size: 335KB

.data
Size: 74KB - Virtual size: 1.5MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB