1c1b31ae0f2e5a0366a55f7b63fc2f06_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1c1b31ae0f2e5a0366a55f7b63fc2f06_JaffaCakes118
Size

396KB
MD5

1c1b31ae0f2e5a0366a55f7b63fc2f06
SHA1

ee0526b92303be70d2b61e612fcca2c8ea6a349a
SHA256

692b747feec6c01134fa95eff50b1a3ee794503220b432a63c8742618390465c
SHA512

abc36ebdb9e23634ae4874a3dd02d757b111af5dd9eecf92547df7a8a00e096aa231313c29f082821bae5a280834556240788521581e3f1b51bc54a71e64e5a9
SSDEEP

6144:hUNoPPKj8j6N6DTX+X7jHsjVXnBQ3drmhR/Vln5jMKayuGPe8F:hUNoPPu8uGXM86trIFVFm8F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c1b31ae0f2e5a0366a55f7b63fc2f06_JaffaCakes118

Files

1c1b31ae0f2e5a0366a55f7b63fc2f06_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3bf1265e7c844a47691cd1d9bd8012c2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

y:\dbcomponents\dbdll\oracle\ReleaseU\crdb_oracle.pdb

Imports

msvcr71

memset
_wcsicoll
_wcsicmp
__CppXcptFilter
_adjust_fdiv
malloc
_initterm
?terminate@@YAXXZ
_onexit
__dllonexit
__security_error_handler
??1type_info@@UAE@XZ
_purecall
wcsstr
wcscat
wcschr
__RTtypeid
??8type_info@@QBEHABV0@@Z
_wsplitpath
wcscmp
wcsncpy
_splitpath
_exit
floor
_snwprintf
_CxxThrowException
??0exception@@QAE@ABV0@@Z
free
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memmove
wcslen
wcscpy
??2@YAPAXI@Z
??_V@YAXPAX@Z
_except_handler3
??_U@YAPAXI@Z
__CxxFrameHandler
??3@YAXPAX@Z

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

cxlibw-2-6

?ToNumber@NeutralString@CXLib206@@SA_NABVSWCharString@2@AAJ@Z
??7iterator@?$SString_t@G$00@CXLib206@@QBE_NXZ
?ToNumber@NeutralString@CXLib206@@SA_NABVSWCharString@2@AAK@Z
?makeWords@SStringHelper@CXLib206@@SAXABVSWCharString@2@AAV?$SIArray@VSWCharString@CXLib206@@@2@0_N2@Z
?FromNumber@NeutralString@CXLib206@@SA?AVSWCharString@2@G@Z
??1SAnsiString@CXLib206@@QAE@XZ
??B?$SString_t@D$0A@@CXLib206@@QBEPBDXZ
??Y?$SString_t@D$0A@@CXLib206@@QAEAAV01@PBD@Z
??0SAnsiString@CXLib206@@QAE@PBD@Z
?setAt@?$SString_t@G$00@CXLib206@@QAEXIV?$SChar_t@G$00@2@@Z
?getNBytesForOCA@?$SString_t@G$00@CXLib206@@QBEIXZ
?Terminate@SResManager@CXLib206@@SA_NXZ
?GetCollection@SResManager@CXLib206@@SA?AV?$CSmartRefCountPtr@VSResCollection@CXLib206@@@2@PBG0QAUHINSTANCE__@@@Z
?Initialize@SResManager@CXLib206@@SA_NXZ
?Rfc1766ToLcid@SLocale@CXLib206@@SAKABVSWCharString@2@@Z
?GetEnv@SEnv@CXLib206@@SA?AVSWCharString@2@ABV32@@Z
??0?$SChar_t@G$00@CXLib206@@QAE@ABV01@@Z
?findLast@?$SString_t@G$00@CXLib206@@QBE?AViterator@12@V?$SChar_t@G$00@2@@Z
??0Registry@CXLib206@@QAE@ABVSWCharStringCI@1@0ABQAUHKEY__@@_N@Z
?ReadValue@Registry@CXLib206@@QBE?AVSWCharString@2@ABV32@@Z
??1Registry@CXLib206@@UAE@XZ
?copyFrom@?$SString_t@G$00@CXLib206@@QAE_NPBG@Z
?copyFrom@?$SString_t@G$00@CXLib206@@QAE_NPBD@Z
?ToString@SWCharStringConv@CXLib206@@SA?AVSWCharString@2@NH@Z
??0SDate@CXLib206@@QAE@FEE@Z
?FormatDate@SLocale@CXLib206@@SA?AVSWCharString@2@KABVSDate@2@@Z
?TZ_Local@STimeZone@CXLib206@@SAABV12@XZ
??0STime@CXLib206@@QAE@EEEGABVSTimeZone@1@@Z
?FormatTime@SLocale@CXLib206@@SA?AVSWCharString@2@KABVSTime@2@ABVSTimeZone@2@@Z
?ToString@SWCharStringConv@CXLib206@@SA?AVSWCharString@2@IH@Z
?ToString@SWCharStringConv@CXLib206@@SA?AVSWCharString@2@_KH@Z
?ToString@SWCharStringConv@CXLib206@@SA?AVSWCharString@2@_JH@Z
?FromString@SWCharStringConv@CXLib206@@SA_NABVSWCharString@2@AAN@Z
?ToNumber@NeutralString@CXLib206@@SA_NABVSWCharString@2@AA_J@Z
?fromMBCS@?$SString_t@G$00@CXLib206@@QAE_NPBD@Z
?toWChar@?$SString_t@G$00@CXLib206@@QBEIPAGI@Z
??Biterator@?$SString_t@G$00@CXLib206@@QBE_NXZ
??Yiterator@?$SString_t@G$00@CXLib206@@QAEAAV012@I@Z
??9?$SChar_t@G$00@CXLib206@@QBE_NABV01@@Z
??1SWCharStringCI@CXLib206@@QAE@XZ
?getAt@?$SString_t@G$00@CXLib206@@QBE?AV?$SChar_t@G$00@2@I@Z
??0SWCharString@CXLib206@@QAE@PBG@Z
??1SWCharString@CXLib206@@QAE@XZ
??8?$SString_t@G$00@CXLib206@@QBE_NABV01@@Z
?ToString@SWCharStringConv@CXLib206@@SA?AVSWCharString@2@JH@Z
?getNChars@?$SString_t@G$00@CXLib206@@QBEIXZ
?GetWin32Error@CXLib206@@YA?AVSWCharString@1@K@Z
?ShouldAssert@CXLib206@@YA_NPBD@Z
?SAssert@CXLib206@@YAXPBDH0@Z
??0SResString@CXLib206@@QAE@ABVSWCharString@1@ABV?$SChar_t@G$00@1@@Z
??6SResString@CXLib206@@QAEAAV01@K@Z
??BSResString@CXLib206@@QBE?AVSWCharString@1@XZ
??1SResString@CXLib206@@QAE@XZ
??6SResString@CXLib206@@QAEAAV01@ABVSWCharString@1@@Z
??4SWCharString@CXLib206@@QAEAAV01@G@Z
??0SStrTok@CXLib206@@QAE@PBG0@Z
?Next@SStrTok@CXLib206@@QAE?AVSWCharString@2@XZ
?toUpper@?$SString_t@G$00@CXLib206@@QAEXXZ
??1SStrTok@CXLib206@@UAE@XZ
??8?$SString_t@G$00@CXLib206@@QBE_NPBG@Z
?find@?$SString_t@G$00@CXLib206@@QBE?AViterator@12@ABV12@@Z
?isAtEnd@iterator@?$SString_t@G$00@CXLib206@@QBE_NXZ
?left@?$SString_t@G$00@CXLib206@@QBE?AV12@Viterator@12@@Z
??0SWCharString@CXLib206@@QAE@ABV?$SString_t@G$00@1@@Z
?right@?$SString_t@G$00@CXLib206@@QBE?AV12@Viterator@12@@Z
??Y?$SString_t@G$00@CXLib206@@QAEAAV01@V?$SChar_t@G$00@1@@Z
??H?$SString_t@G$00@CXLib206@@QBE?AV01@ABV01@@Z
?ToString@SWCharStringConv@CXLib206@@SA?AVSWCharString@2@HH@Z
?ToString@SWCharStringConv@CXLib206@@SA?AVSWCharString@2@KH@Z
?ToString@SWCharStringConv@CXLib206@@SA?AVSWCharString@2@F@Z
??0?$SString_t@G$00@CXLib206@@QAE@PBG@Z
??0SWCharStringCI@CXLib206@@QAE@PBG@Z
?LanguageIdToLCID@SLocale@CXLib206@@SAKVSWCharStringCI@2@@Z
??0SWCharString@CXLib206@@QAE@ABV01@@Z
??4SWCharString@CXLib206@@QAEAAV01@ABV01@@Z
?compareNoCase@?$SString_t@G$00@CXLib206@@QBEHABV12@@Z
??0?$SChar_t@G$00@CXLib206@@QAE@G@Z
?findFirst@?$SString_t@G$00@CXLib206@@QBE?AViterator@12@V?$SChar_t@G$00@2@@Z
??0iterator@?$SString_t@G$00@CXLib206@@QAE@ABV12@@Z
?mid@?$SString_t@G$00@CXLib206@@QBE?AV12@Viterator@12@0@Z
??4SWCharString@CXLib206@@QAEAAV01@ABV?$SString_t@G$00@1@@Z
??1?$SString_t@G$00@CXLib206@@QAE@XZ
??Eiterator@?$SString_t@G$00@CXLib206@@QAEAAV012@XZ
?mid@?$SString_t@G$00@CXLib206@@QBE?AV12@Viterator@12@@Z
??Y?$SString_t@G$00@CXLib206@@QAEAAV01@ABV01@@Z
??Y?$SString_t@G$00@CXLib206@@QAEAAV01@PBG@Z
?isEmpty@?$SString_t@G$00@CXLib206@@QBE_NXZ
??B?$SString_t@G$00@CXLib206@@QBEPBGXZ
??4SWCharString@CXLib206@@QAEAAV01@PBG@Z
?right@?$SString_t@G$00@CXLib206@@QBE?AV12@I@Z
?compare@?$SString_t@G$00@CXLib206@@QBEHABV12@@Z
?empty@?$SString_t@G$00@CXLib206@@QAEXXZ
??0SWCharString@CXLib206@@QAE@XZ
?deleteChar@?$SString_t@G$00@CXLib206@@QAEXI@Z

oci

OCIAttrGet
OCIDescriptorFree
OCIStmtGetPieceInfo
OCIStmtSetPieceInfo
OCIStmtFetch
OCIDefineByPos
OCIDescriptorAlloc
OCILobGetLength
OCILobFileOpen
OCILobRead
OCILobFileClose
OCIResultSetToStmt
OCIBindByName
OCIParamGet
OCIDescribeAny
OCIStmtExecute
OCIStmtPrepare
OCIEnvNlsCreate
OCISessionEnd
OCIHandleFree
OCIServerDetach
OCIHandleAlloc
OCIServerAttach
OCIAttrSet
OCISessionBegin
OCIServerVersion
OCIErrorGet

libocasecurityw-1-6

?instance@SSOSessionManager@Ocalibsecurity106@@SAPAV12@XZ

kernel32

GetModuleFileNameA
LoadLibraryA
GetVersionExW
GlobalUnlock
GlobalAlloc
GlobalSize
GlobalLock
InterlockedExchange
GetACP
GetLocaleInfoA
FreeLibrary
GlobalFree
SetErrorMode
GetModuleFileNameW
SetEnvironmentVariableW
GetEnvironmentVariableW
ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetVersionExA
LoadLibraryW
GetProcAddress
CloseHandle
GetLastError
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetThreadLocale

advapi32

RegQueryValueExA
RegOpenKeyExW
RegQueryValueExW
LogonUserW
ImpersonateLoggedOnUser
RegCloseKey
RevertToSelf
GetUserNameW
RegOpenKeyExA

oleaut32

VarDecFromStr
VarDecFromR8
VarR8FromDec
VarDecInt
VarBstrFromDec
VarCyFromStr
VarCyFromDec
VarBstrFromCy
SysFreeString

Exports

Exports

DbBindToField
DbBindToFieldEx
DbBuildCommand
DbCloseRowset
DbConvertValueToString
DbExecuteQuery
DbFetchDatabaseType
DbFetchLogonUIInfo
DbFetchRowsetFields
DbFetchServerName
DbFetchTableFields
DbFetchTableIndexes
DbFetchTableInfo
DbFetchTableInfoEx
DbFetchTableList
DbFetchTableParameters
DbFetchTableQualifiers
DbFreeErrorInfo
DbFreeFieldBinding
DbFreeFieldList
DbFreeFieldValue
DbFreeForeignKeyInfoList
DbFreeIndexList
DbFreeLogonInfo
DbFreeParametersList
DbFreePropertyCollection
DbFreeServerFunctionInfo
DbFreeString
DbFreeTableInfo
DbFreeTableList
DbFreeTableQualifiers
DbGetForeignKeyInfo
DbGetInfo
DbGetNRecords
DbGetServerFunctionInfo
DbHandleUIPropertyRequest
DbInitialize
DbLogoffServer
DbLogonServer
DbMatchLogonInfo
DbParseExpressionOnServer
DbReadFieldValue
DbReadRecord
DbReadRecordEx
DbTerminate
IsThreadSafe

Sections

.text
Size: 156KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3bf1265e7c844a47691cd1d9bd8012c2

Headers

File Characteristics

PDB Paths

Imports

msvcr71

msvcp71

cxlibw-2-6

oci

libocasecurityw-1-6

kernel32

advapi32

oleaut32

Exports

Exports

Sections

.text Size: 156KB - Virtual size: 153KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 24KB - Virtual size: 20KB

.text Size: 152KB - Virtual size: 152KB

.text
Size: 156KB - Virtual size: 153KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 24KB - Virtual size: 20KB

.text
Size: 152KB - Virtual size: 152KB