28426b0cf2b5208648dae3cae5465e73_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

28426b0cf2b5208648dae3cae5465e73_JaffaCakes118
Size

865KB
MD5

28426b0cf2b5208648dae3cae5465e73
SHA1

66ad945185afb0de6784d6164dcffd422c610b64
SHA256

453bc044e8cee9d1f7b4aa09cc47235730406152fbf63653383571c955af1711
SHA512

34ff0d5da52ddf695c6e1f1360ff2ea6d6d922c59236520854d924ea0eb5432ed17a4a1c7de9f708a49dabe40d304d8b0227ef6975ab715ed530e098e59c2c50
SSDEEP

12288:DnVadFXQMG9qycY6pP68nS2H+SA3Rb41Kjq4+JbIXSzyRag9BXwroz9UQnbvyex:DEkXM68nS2TWKKiISzGV9BXpUQnDJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28426b0cf2b5208648dae3cae5465e73_JaffaCakes118

Files

28426b0cf2b5208648dae3cae5465e73_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b077afd77e5c0521f6837522fece98b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadDirectoryChangesW
EnumSystemLanguageGroupsA
GetSystemWow64DirectoryA
ReplaceFile
LoadLibraryA
OutputDebugStringA
SuspendThread
PostQueuedCompletionStatus
VirtualAlloc
SetHandleContext
WritePrivateProfileStringW
RtlMoveMemory
GetStdHandle
GetLocaleInfoW
InterlockedExchangeAdd
SetEnvironmentVariableW
GetHandleInformation
WriteProfileSectionW
ReadFileScatter
PrivCopyFileExW
LocalUnlock
CloseProfileUserMapping
GlobalGetAtomNameW
WTSGetActiveConsoleSessionId
VirtualUnlock
lstrcmpiW
GetComputerNameExW
AllocConsole
DeleteTimerQueue
GetSystemDefaultLangID
CreateHardLinkA
SetConsoleTitleA
GetTickCount
OpenJobObjectA
GetCurrentDirectoryA
GetProcessPriorityBoost
ExpungeConsoleCommandHistoryA
QueueUserAPC
GetFileSize
GetProcessTimes
CreateDirectoryExW
ExpungeConsoleCommandHistoryW
TlsSetValue

odbcjt32

SQLSetConnectAttrW
SQLSetDescRec
SQLFreeStmt
SQLFreeEnv
ConfigDialogProc
InitializeLoginDialog
InitDialogAgain
SQLExecDirectW
SQLCloseCursor
SQLGetInfoW
ConfigDSNW
SQLGetData
SQLGetCursorNameW
SQLGetStmtAttrW
InvisibleSelectDb
SQLRowCount
SQLParamData
SQLProcedureColumnsW
SQLSetScrollOptions
SelectUIdxDlgProc
DefTxtFmtDlgProc
SQLColumnsW
SQLFetch
SQLGetTypeInfoW
SQLEndTran
SQLSetEnvAttr
SQLCancel
SQLGetDiagRecW
SQLAllocStmt
SQLFreeConnect
SQLExecute

w32topl

ToplVertexInit
ToplSTHeapInit
ToplListNumberOfElements
ToplEdgeDestroy
ToplSTHeapExtractMin
ToplVertexNumberOfInEdges
ToplVertexGetOutEdge
ToplSTHeapCostReduced
ToplVertexNumberOfOutEdges
ToplGraphDestroy
ToplVertexGetParent
ToplVertexFree
ToplScheduleCacheCreate
ToplIsToplException
ToplEdgeGetFromVertex
ToplVertexGetInEdge
ToplPScheduleValid
ToplGraphMakeRing
ToplIterAdvance
ToplListRemoveElem
ToplGraphCreate
ToplGetAlwaysSchedule
ToplFree
ToplEdgeFree
ToplScheduleCreate
ToplSetAllocator
ToplIterFree
ToplGraphSetVertexIter
ToplVertexSetParent
ToplIterGetObject
ToplVertexSetId
ToplScheduleValid
ToplScheduleCacheDestroy
ToplScheduleDuration
ToplEdgeSetVtx
ToplGraphNumberOfVertices
ToplEdgeAssociate
ToplScheduleNumEntries
ToplGraphAddVertex

advapi32

SetTokenInformation
ElfRegisterEventSourceW
ObjectDeleteAuditAlarmW
GetSecurityDescriptorRMControl
TrusteeAccessToObjectA
WmiSetSingleItemA
StartServiceW
SystemFunction035
ElfRegisterEventSourceA
CryptExportKey
EqualSid
CryptDestroyHash
BuildImpersonateTrusteeA
GetTokenInformation
SystemFunction016
AdjustTokenPrivileges
GetInformationCodeAuthzPolicyW
SaferiCompareTokenLevels
AccessCheckByTypeAndAuditAlarmA
CredGetTargetInfoA
RegConnectRegistryA
GetOldestEventLogRecord
SystemFunction015
QueryAllTracesA
ObjectPrivilegeAuditAlarmA
FileEncryptionStatusA
RegFlushKey
ReadEventLogW
SystemFunction030
EnumServicesStatusW
CloseServiceHandle
AccessCheckByTypeAndAuditAlarmW
LsaLookupPrivilegeDisplayName
BuildTrusteeWithObjectsAndSidA
LsaQueryInfoTrustedDomain
WmiQueryAllDataMultipleW

mprapi

MprAdminGetPDCServer
MprAdminTransportGetInfo
MprInfoBlockSet
MprConfigTransportGetInfo
MprAdminGetErrorString
MprInfoBlockFind
MprAdminInterfaceUpdatePhonebookInfo
MprAdminUserGetInfo
MprAdminInterfaceTransportSetInfo
MprAdminInterfaceUpdateRoutes
MprAdminUserRead
MprAdminInterfaceTransportGetInfo
MprDomainRegisterRasServer
MprAdminMIBBufferFree
MprAdminPortDisconnect
MprAdminInterfaceCreate
MprInfoDuplicate
MprInfoCreate
MprAdminIsDomainRasServer
MprConfigInterfaceCreate
RasPrivilegeAndCallBackNumber
MprConfigInterfaceEnum
MprInfoBlockRemove
MprAdminInterfaceGetCredentials
CompressPhoneNumber
MprConfigGetGuidName
MprConfigServerRefresh
MprConfigInterfaceTransportGetHandle
MprDomainQueryRasServer
MprAdminInterfaceSetCredentials
MprConfigInterfaceTransportAdd
MprAdminTransportSetInfo
MprAdminUserSetInfo

Sections

.text
Size: 370KB - Virtual size: 370KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 334KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 157KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b077afd77e5c0521f6837522fece98b2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

odbcjt32

w32topl

advapi32

mprapi

Sections

.text Size: 370KB - Virtual size: 370KB

.rdata Size: 334KB - Virtual size: 334KB

.data Size: 157KB - Virtual size: 1.6MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 370KB - Virtual size: 370KB

.rdata
Size: 334KB - Virtual size: 334KB

.data
Size: 157KB - Virtual size: 1.6MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB