27b1f588a83787f89707b82a95920733_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

27b1f588a83787f89707b82a95920733_JaffaCakes118
Size

865KB
MD5

27b1f588a83787f89707b82a95920733
SHA1

263042dff72701ed97b3897227a2f263be0f31bc
SHA256

786ed5e8f64260be082e303ddedd5271a2987898fc056cae8b4a92718cc5b059
SHA512

6d1a00dc793d9a1d1340941beac9275dd988829082df2320e49745a702fba8fa079315636c3f0684f5ffe03e56272998d9d56bb828a6619a00dc5026ce28fae5
SSDEEP

12288:mLWt5kpdEqVt0cLQR9auqIk6qNbxXkirIJxTIOuPgVwxa8v0F36+a90mOB:ZqpCytow+AZoHuPgVW/v+ta9y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27b1f588a83787f89707b82a95920733_JaffaCakes118

Files

27b1f588a83787f89707b82a95920733_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b34a882f48302e98711abcc6c407c0c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DelayLoadFailureHook
PrepareTape
CreateWaitableTimerW
CopyFileExW
CreateFileMappingW
IsValidCodePage
FlushViewOfFile
FindNextVolumeA
GetLogicalDriveStringsA
GetCurrentProcessId
SetCommBreak
EnumSystemLanguageGroupsA
HeapSetInformation
EnumDateFormatsW
GetAtomNameW
SetThreadExecutionState
GetCalendarInfoA
CreateMailslotW
GetConsoleInputWaitHandle
SetCommMask
SetTimerQueueTimer
SetConsoleCursor
CreateFiberEx
WaitForMultipleObjects
GetShortPathNameW
ContinueDebugEvent
EnumTimeFormatsA
CreateIoCompletionPort
IsDebuggerPresent
SetLastConsoleEventActive
GetPrivateProfileSectionW
PulseEvent
SystemTimeToTzSpecificLocalTime
GlobalDeleteAtom
GetTempFileNameW
GetVolumeNameForVolumeMountPointA
WriteConsoleInputW
UTUnRegister
WriteConsoleInputVDMA
GetConsoleOutputCP
SetCriticalSectionSpinCount
AttachConsole
AddLocalAlternateComputerNameW
lstrcpy
OpenProcess
RtlCaptureStackBackTrace
FatalAppExitA
GetEnvironmentStringsA
LoadLibraryA
QueryPerformanceCounter
InterlockedPushEntrySList
SetDefaultCommConfigW
EnumResourceTypesA
SetNamedPipeHandleState
ConvertDefaultLocale
ScrollConsoleScreenBufferW
Process32NextW
VirtualAlloc
GetNamedPipeHandleStateA
SetEnvironmentVariableA
OpenMutexA
ResetEvent
EnumSystemCodePagesW
GlobalFix
FreeLibraryAndExitThread
CreateSemaphoreW
HeapDestroy
EnumCalendarInfoW
WriteTapemark
CopyFileExA
GetCurrentConsoleFont
SetupComm

regapi

RegWinStationQueryDefaultSecurity
RegWinStationQueryNumValueW
RegIsMachinePolicyAllowHelp
RegDefaultUserConfigQueryA
RegWinStationQuerySecurityA
RegOpenServerA
RegPdCreateW
RegUserConfigRename
RegWdDeleteA
WaitForTSConnectionsPolicyChanges
RegWinStationEnumerateA
RegWinStationSetSecurityW
RegQueryUtilityCommandList
RegSAMUserConfig
RegWinStationSetNumValueW
RegCdEnumerateW
RegDefaultUserConfigQueryW
RegWdCreateA
RegGetMachinePolicyEx
RegCdDeleteW
RegGetUserConfigFromUserParameters
RegWinStationQueryW
RegBuildNumberQuery
RegPdDeleteA
RegOpenServerW
RegWinStationDeleteW
RegCdQueryW
RegWdEnumerateA
RegConsoleShadowQueryA
RegCdQueryA
RegWinStationQueryEx
RegWinStationCreateA
RegCdCreateA
RegPdQueryA
RegUserConfigDelete
RegWinStationCreateW
RegIsTServer
RegFreeUtilityCommandList
RegWdEnumerateW
RegPdQueryW
RegPdEnumerateA
RegPdDeleteW

msvcrt40

_adj_fdiv_m64
?seekpos@streambuf@@UAEJJH@Z
_execv
__unDName
__p__wenviron
tanh
_ismbcupper
?get@istream@@QAEAAV1@PACHD@Z
towupper
isalpha
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_local_unwind2
_spawnvp
_jn
??_Estrstreambuf@@UAEPAXI@Z
strchr
strtok
_set_error_mode
_wsplitpath
?pbackfail@streambuf@@UAEHH@Z
ferror
wcsspn
_setjmp3
strlen
?sh_none@filebuf@@2HB
_getpid
??_Efilebuf@@UAEPAXI@Z
?stossc@streambuf@@QAEXXZ
??5istream@@QAEAAV0@AAH@Z
_tzset
??0fstream@@QAE@H@Z
_fmode
strrchr
??0ofstream@@QAE@PBDHH@Z
_seh_longjmp_unwind
??4iostream@@IAEAAV0@AAV0@@Z
_ismbbgraph
?is_open@fstream@@QBEHXZ
fputc
_execvp
_mbccpy
??_Eostream_withassign@@UAEPAXI@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
??_7stdiostream@@6B@

msvcrt

_putws
__set_app_type
_strset
asin
_fstat
_y1
_getw
putchar
___setlc_active_func
_scalb
__argc
iswascii
_wcsnset
_cwait
strncat
_pclose
_fmode
_adj_fprem
is_wctype
?name@type_info@@QBEPBDXZ
_ftime64
__p__commode
__threadid
_set_SSE2_enable
__mb_cur_max
_heapmin
ldexp
vfprintf
_lfind
exit
_setmbcp
strrchr
_get_osfhandle
_chgsign
_wcsnicoll
_osver
_swab
_adj_fdiv_m32i
__getmainargs

odbccu32

SQLFreeHandle
ReleaseCLStmtResources
SQLSetStmtOption
SQLFetchScroll
SQLGetDescRec
SQLGetData
SQLMoreResults
SQLGetInfo
SQLSetStmtAttr
SQLSetConnectOption
SQLCancel
SQLExtendedFetch
SQLFetch
SQLSetPos
SQLPutData
SQLBulkOperations
SQLExecute
SQLSetConnectAttr
SQLPrepare
SQLNativeSql
SQLGetDescField
SQLNumParams
SQLSetScrollOptions
SQLExecDirect
SQLTransact
SQLSetDescRec
SQLEndTran
SQLParamOptions
SQLCloseCursor
SQLGetStmtOption
SQLRowCount
SQLFreeStmt
SQLGetStmtAttr
SQLBindCol
SQLParamData
SQLSetDescField
SQLBindParameter

Sections

.text
Size: 377KB - Virtual size: 377KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 313KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b34a882f48302e98711abcc6c407c0c4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

regapi

msvcrt40

msvcrt

odbccu32

Sections

.text Size: 377KB - Virtual size: 377KB

.rdata Size: 171KB - Virtual size: 171KB

.data Size: 313KB - Virtual size: 1.7MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 377KB - Virtual size: 377KB

.rdata
Size: 171KB - Virtual size: 171KB

.data
Size: 313KB - Virtual size: 1.7MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B