25550e45a73d9704584988ea187a7894_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

25550e45a73d9704584988ea187a7894_JaffaCakes118
Size

864KB
MD5

25550e45a73d9704584988ea187a7894
SHA1

b86798915eda15eac4080556da99504092734e79
SHA256

ad76eb24f17205de8886c3f6c72beadf61cbee8829d961a31e8b4c778429bb4d
SHA512

fec57d4d92147158c5011a88c04646be7e679fa841b191ed172a6d9d51ae35fbd1edffca6f9ce35c46239cf9b548736a2f8943d6aec871fe943207fbdb704546
SSDEEP

12288:tFFWi2tbdPabJRQVx5qVazwrjJbVoLT11mI9gh3V1Elh+FoMn72/E+F3vgZwue7a:sLtRC16VxCSGRafqIem+FjMvMJZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25550e45a73d9704584988ea187a7894_JaffaCakes118

Files

25550e45a73d9704584988ea187a7894_JaffaCakes118
.exe windows:5 windows x86 arch:x86

26c43a78e200b8292855babb4ed25dfc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

pdh

PdhGetDefaultPerfObjectA
PdhGetLogFileTypeW
PdhBrowseCountersHA
PdhVbOpenLog
PdhTranslateLocaleCounterW
PdhRelogW
PdhValidatePathA
PdhListLogFileHeaderW
PdhAdd009CounterW
PdhEnumMachinesHW
PdhExpandWildCardPathHW
PdhGetLogFileTypeA
PdhExpandCounterPathA
PdhGetFormattedCounterValue
PdhMakeCounterPathW
PdhGetDllVersion
PdhIsRealTimeQuery
PdhParseInstanceNameW
PdhGetDefaultPerfCounterHA
PdhCreateSQLTablesW
PdhFormatFromRawValue
PdhTranslate009CounterA
PdhEnumMachinesHA
PdhVbUpdateLog
PdhEnumObjectItemsW
PdhSelectDataSourceW
PdhRemoveCounter
PdhEnumObjectsA
PdhGetDefaultPerfCounterA
PdhGetDefaultPerfObjectHA
PdhAddCounterA

crypt32

PFXIsPFXBlob
CertFreeCRLContext
I_CryptDisableLruOfEntries
CertAddCRLLinkToStore
I_CryptReadTrustedPublisherDWORDValueFromRegistry
CertNameToStrA
CryptFreeOIDFunctionAddress
CryptGetDefaultOIDFunctionAddress
CryptHashMessage
RegDeleteValueU
CryptImportPublicKeyInfo
CertEnumSystemStoreLocation
RegOpenHKCUKeyExU
CryptExportPublicKeyInfo
CryptSIPGetSignedDataMsg
CryptSIPRetrieveSubjectGuidForCatalogFile
CertGetCertificateChain
CertFindAttribute
I_CryptEnableLruOfEntries
PFXVerifyPassword
RegOpenKeyExU
CryptMsgGetAndVerifySigner
CertVerifyCertificateChainPolicy
CertGetCTLContextProperty
CryptVerifySignatureU
CryptSignAndEncryptMessage
CertGetCertificateContextProperty

msvcrt40

??0ifstream@@QAE@PBDHH@Z
_vsnprintf
??6ostream@@QAEAAV0@P6AAAVios@@AAV1@@Z@Z
rewind
??0filebuf@@QAE@XZ
_heapmin
?underflow@strstreambuf@@UAEHXZ
??_Dfstream@@QAEXXZ
??1istream_withassign@@UAE@XZ
_fullpath
_pgmptr
atol
?_query_new_handler@@YAP6AHI@ZXZ
?fd@ifstream@@QBEHXZ
labs
__mb_cur_max
fclose
??6ostream@@QAEAAV0@J@Z
_spawnlpe
??0fstream@@QAE@XZ
_nextafter
?setlock@streambuf@@QAEXXZ
?setp@streambuf@@IAEXPAD0@Z
??0bad_typeid@@QAE@ABV0@@Z
?basefield@ios@@2JB
??4ostream@@IAEAAV0@ABV0@@Z
_stat
atoi
??_Gostrstream@@UAEPAXI@Z
_getpid
_read
_mbscmp
__RTDynamicCast
?seekg@istream@@QAEAAV1@J@Z
?put@ostream@@QAEAAV1@C@Z
??_7bad_typeid@@6B@
??1Iostream_init@@QAE@XZ
rename
??0istream_withassign@@QAE@ABV0@@Z
??_Diostream@@QAEXXZ
?ipfx@istream@@QAEHH@Z
??_Gstreambuf@@UAEPAXI@Z
??_8ifstream@@7B@
_mbscat
_ismbcpunct
?unlock@streambuf@@QAEXXZ
?flags@ios@@QBEJXZ
_getdcwd
??4ostream@@IAEAAV0@PAVstreambuf@@@Z
_snprintf
_spawnvpe
??4filebuf@@QAEAAV0@ABV0@@Z

odbc32

SQLSpecialColumns
SQLGetDiagFieldW
SQLColAttributeW
SQLDataSourcesA
SQLSpecialColumnsW
SQLColAttributesA
SQLGetDiagField
SQLBrowseConnect
SQLPrimaryKeysW
SQLCopyDesc
SQLDescribeCol
SQLEndTran
SQLGetDiagFieldA
SQLSetConnectOption
SQLTransact
SQLColAttribute
SQLPutData
SQLExecDirectA
SQLStatisticsA
SQLGetStmtAttrA
SQLBindParameter
SQLBulkOperations
SQLNativeSqlA
SQLDisconnect
SQLSetConnectOptionW
ValidateErrorQueue
SQLSetParam
SQLColumnPrivilegesW
SQLGetDiagRecW
SQLGetDescRecW
SQLCloseCursor
SQLAllocHandleStd
SQLTables
CollectODBCPerfData

msvcrt

_setmode
?what@exception@@UBEPBDXZ
_wfindnexti64
_fmode
_wcsnset
_wcsicoll
fsetpos
freopen
_nextafter
_eof
_sopen
_cprintf
strcpy
clock
_ismbclower
_ultoa
clearerr
_mbsnset
_strtime
iswspace
_toupper
mbstowcs
_Gettnames
_local_unwind2
atexit
___lc_handle_func
_wpgmptr
_wpopen
_wsearchenv
??8type_info@@QBEHABV0@@Z

kernel32

SetConsoleLocalEUDC
EnumLanguageGroupLocalesW
FatalAppExitW
UpdateResourceW
_hread
LZOpenFileA
ConvertThreadToFiber
AttachConsole
QueryPerformanceCounter
GetNumberOfConsoleMouseButtons
SetFirmwareEnvironmentVariableW
CreateRemoteThread
CreateDirectoryW
GetTapePosition
GetLastError
RemoveLocalAlternateComputerNameA
FindFirstFileExA
GetCurrentThread
DeactivateActCtx
LoadLibraryA
SetHandleInformation
RemoveVectoredExceptionHandler
GlobalUnlock
GetStartupInfoA
GetFullPathNameW
VerifyVersionInfoA
GetConsoleCommandHistoryA
SetFilePointer
GlobalMemoryStatus
ResetEvent
VirtualAlloc
GetAtomNameW
SetConsoleTitleW
SetFileShortNameW
DeleteFileW
RaiseException
SetCommState
DefineDosDeviceW
ClearCommBreak
GetCurrentConsoleFont
BeginUpdateResourceA
LocalAlloc
ActivateActCtx
GlobalUnfix
GetEnvironmentStringsW

user32

RegisterClassW
PostQuitMessage
DefWindowProcW

Sections

.text
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 318KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 388KB - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

26c43a78e200b8292855babb4ed25dfc

Headers

DLL Characteristics

File Characteristics

Imports

pdh

crypt32

msvcrt40

odbc32

msvcrt

kernel32

user32

Sections

.text Size: 154KB - Virtual size: 154KB

.rdata Size: 318KB - Virtual size: 318KB

.data Size: 512B - Virtual size: 1.8MB

.rsrc Size: 388KB - Virtual size: 388KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 154KB - Virtual size: 154KB

.rdata
Size: 318KB - Virtual size: 318KB

.data
Size: 512B - Virtual size: 1.8MB

.rsrc
Size: 388KB - Virtual size: 388KB

.reloc
Size: 1KB - Virtual size: 1KB