2de81c6b851ff0ec90ce08c448a15a10_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2de81c6b851ff0ec90ce08c448a15a10_JaffaCakes118
Size

523KB
MD5

2de81c6b851ff0ec90ce08c448a15a10
SHA1

c5157496e6ce93a121418bf14196e29baad2e4af
SHA256

c01f21c87605b2a6972bdd955a26030c3ddc8f6237f559832e0db0054b27dc9a
SHA512

6ab6aa4837f994adff9b3a1964d5d9ec9960a90a91a33ff578098a691a929f97aa00fe612f36a156d9fa5c38f9d3308ab6703807e695b5b324f5e112137400cd
SSDEEP

12288:p7eo2r5FgINl/YOCL0ZaBqssJCTpbAqAMu:p7eoiFgINl/YxL0MBECb3A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2de81c6b851ff0ec90ce08c448a15a10_JaffaCakes118

Files

2de81c6b851ff0ec90ce08c448a15a10_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

ce0fdc605dc1f6423018774e2d52d60a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

sqloledb.pdb

Imports

advapi32

AllocateAndInitializeSid
AllocateLocallyUniqueId
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyExW
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
GetLengthSid
InitializeAcl
AddAccessDeniedAce
AddAccessAllowedAce

kernel32

CreateFileA
GetDiskFreeSpaceA
GlobalMemoryStatus
GetComputerNameA
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
DeviceIoControl
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
VirtualAlloc
IsDBCSLeadByte
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
LeaveCriticalSection
GetLastError
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
SetEvent
Sleep
GetTickCount
CloseHandle
CreateEventA
WaitForSingleObject
GetOEMCP
GetACP
MultiByteToWideChar
SetLastError
GetCPInfo
WideCharToMultiByte
GetLocalTime
GetCurrentProcessId
GetSystemTime
GetProcAddress
SetErrorMode
GetTimeZoneInformation
InterlockedExchange
OpenFile
GetModuleFileNameA
GetUserDefaultLCID
IsValidLocale
FreeLibrary
AreFileApisANSI
GetSystemDefaultLCID
GetModuleFileNameW
LoadLibraryExA
GetModuleHandleA
GetLocaleInfoA
IsBadReadPtr
LoadLibraryA
IsBadCodePtr
GetVersionExW
DisableThreadLibraryCalls
VirtualFree
LocalFree
LocalAlloc

msdart

FXMemAttach
MPCSInitialize
MPCSUninitialize
FXMemDetach
??0CEXAutoBackupFile@@QAE@XZ
??1CEXAutoBackupFile@@QAE@XZ
?BackupFile@CEXAutoBackupFile@@QAEJPBG@Z
?UndoBackup@CEXAutoBackupFile@@QAEJXZ
?RestoreFile@CEXAutoBackupFile@@QAEJXZ
mpRealloc
MPDeleteCriticalSection
MPInitializeCriticalSection
mpFree
mpMalloc
MpHeapAlloc
UMSEnterCSWraper
MpGetHeapHandle

msdatl3

?CountOfBusySlots@CSlotListShort@@UAGKXZ
?SLSlotCapacity@CSlotListShort@@UAGKXZ
??1CVLHeap@@QAE@XZ
??1CRowsetConnectionPointContainer@@QAE@XZ
?DoRscNotify@CRowsetConnectionPointContainer@@QAEJKW4DBREASONENUM@@W4DBEVENTPHASEENUM@@PAUIRowset@@@Z
?fReasonNeeded@CRowsetConnectionPoint@@QAEHW4DBREASONENUM@@W4DBEVENTPHASEENUM@@@Z
?DoNotify@CRowsetConnectionPoint@@QAEJW4DBREASONENUM@@W4DBEVENTPHASEENUM@@W4ENOTIFICATIONTYPE@@PAUIRowset@@PATtagNOTIFYARGS@@@Z
?SetPropRequired@CUtlProps2@@QAEXKKF@Z
?GetValLong@CUtlProps2@@QBEJKK@Z
?SetPropertyStatus@CUtlProps2@@QAEXKQBUtagDBPROPSET@@@Z
?DwGetPlatformId@@YAKXZ
?OnUnicodeSystem@@YAHXZ
?W95GetComputerName@@YAHPAGPAK@Z
?W95GetUserName@@YAHPAGPAK@Z
??1CClassFactory@@QAE@XZ
?SetValLong@CUtlProps2@@QAEXKKJ@Z
??0CVLHeap@@QAE@XZ
??0CHashTbl@@QAE@XZ
??1CHashTbl@@UAE@XZ
?CompactExtBuffer@CExtBuffer@@QAGXXZ
?VLGrow@CVLHeap@@QAGPAXPAXK@Z
?AllocItems@CExtBuffer@@QAGPAEK@Z
?LockServer@CClassFactory@@UAGJH@Z
?Release@CClassFactory@@UAGKXZ
?AddRef@CClassFactory@@UAGKXZ
?QueryInterface@CClassFactory@@UAGJABU_GUID@@PAPAX@Z
??0CClassFactory@@QAE@PAJ0@Z
?FInit@CExtBuffer@@QAEHKK@Z
?ClearPropSupported@CUtlProps2@@QAEXKK@Z
??_7IBookmarkObj@@6B@
?W95SetWindowLong@@YAJPAXHJ@Z
?W95MessageBox@@YAHPAXPBG1I@Z
?NextBusySlot@CSlotListShort@@UAGJPAK@Z
?W95WritePrivateProfileString@@YAHPBG000@Z
?W95ConvertToUnicode@@YAJPBDJPAPAGPAKHH@Z
?W95GetPrivateProfileString@@YAKPBG00PAGK0@Z
?SetValString@CUtlProps2@@QAEJKKPBG@Z
?W95FullPath@@YAPAGPAGPBGK@Z
?W95CreateFile@@YAPAXPBGKKPAU_SECURITY_ATTRIBUTES@@KKPAX@Z
?FillDefaultValues@CUtlProps2@@QAEJK@Z
??0CUtlProps2@@QAE@K@Z
?SetCombinedPassThrough@CUtlProps2@@UAEJPBUtagDBPROPSET@@K@Z
?W95GetDlgItemText@@YAIPAXHPAGH@Z
?LoadRCData@@YAKPAXIPAGK@Z
?W95DialogBoxParam@@YAHPAXPBG0P6GHXZJ@Z
?W95LoadString@@YAHPAXIPAGH@Z
?LoadResourceDLL@@YAJPAG0PAXPAPAX@Z
?W95LoadCursor@@YAPAXPAXPBG@Z
?W95SendDlgItemMessage@@YAJPAXHIIJ@Z
?W95SetDlgItemText@@YAHPAXHPBG@Z
?W95SendMessage@@YAJPAXIIJ@Z
??0CUtlPropInfo@@QAE@XZ
?GetPropertyInfo@CUtlPropInfo@@QAEJKQBUtagDBPROPIDSET@@PAKPAPAUtagDBPROPINFOSET@@PAPAG@Z
?FInit@CUtlPropInfo@@QAEJXZ
?W95RegOpenKeyEx@@YAJPAXPBGKKPAPAX@Z
?W95RegEnumValue@@YAJPAXKPAGPAK22PAE2@Z
?W95RegQueryValueEx@@YAJPAXPAGPAK2PAE2@Z
?W95LoadLibraryEx@@YAPAXPBGPAXK@Z
??1CUtlPropInfo@@UAE@XZ
?W95PostMessage@@YAHPAXIIJ@Z
?VLAlloc@CVLHeap@@QAGPAXK@Z
?ConflictsWithCurrent@CUtlProps2@@UAEHKKABUtagVARIANT@@@Z
?W95GetWindowLong@@YAJPAXH@Z
?ResetBusySlotIteration@CSlotListShort@@UAGXXZ
?RecordInternalUse@CSlotListShort@@UAGXXZ
?IsValidSlot@CSlotListShort@@UAGJK@Z
?GetRowBuff@CSlotListShort@@UAIPAUtagRowBuff@@K@Z
?FInit@CHashTbl@@QAEHGPAVCSlotListShort@@PAVIBookmarkObj@@@Z
?InsertFindBmk@CHashTbl@@UAGJHKKPAEPAK@Z
?DeleteBmk@CHashTbl@@UAGJK@Z
??0CRowsetConnectionPointContainer@@QAE@PAUIUnknown@@@Z
?Init@CRowsetConnectionPointContainer@@QAEJXZ
?VLFree@CVLHeap@@QAGXPAX@Z
?CbHashTblSize@CHashTbl@@SGKK@Z
??1CSlotListShort@@UAE@XZ
??0CSlotListShort@@QAE@XZ
?FInit@CSlotListShort@@UAEHKPAPAVISlotList@@PAPAVIHashTbl@@K@Z
?GetNextSlots@CSlotListShort@@UAGJKKPAK@Z
?ReleaseSlots@CSlotListShort@@UAGKKK@Z
?FInit@CVLHeap@@QAEHK@Z
?NoBusySlots@CSlotListShort@@UAGJXZ
??1CExtBuffer@@QAE@XZ
??1CBitArray@@QAE@XZ
?InsertIntoExtBuffer@CExtBuffer@@QAGJPAXAAK@Z
?SetSlot@CBitArray@@QAGJK@Z
?FInit@CExtBuffer@@QAEHKPAXKK@Z
?DeleteFromExtBuffer@CExtBuffer@@QAGXK@Z
?FInit@CBitArray@@QAGJK@Z
??0CBitArray@@QAE@XZ
??0CExtBuffer@@QAE@XZ
?WriteIntoExtBuffer@CExtBuffer@@QAGJPBXK@Z
?WriteWCharToExtBuffer@CExtBuffer@@QAGJGK@Z
?W95CharLower@@YAPAGPAG@Z
?ReplaceInExtBuffer@CExtBuffer@@QAGJKKPBXK@Z
?GetProperties@CUtlProps2@@QAEJKQBUtagDBPROPIDSET@@PAKPAPAUtagDBPROPSET@@PBU_GUID@@@Z
?GetPropertiesArgChk@CUtlProps2@@QAEJKQBUtagDBPROPIDSET@@PAKPAPAUtagDBPROPSET@@@Z
?SetValBool@CUtlProps2@@QAEXKKF@Z
?SetProperties@CUtlProps2@@QAEJKQBUtagDBPROPSET@@H@Z
?SetPropertiesArgChk@CUtlProps2@@SAJKQBUtagDBPROPSET@@@Z
?CopyPropsInError@CUtlProps2@@QAEXPAV1@@Z
?SetPropertyInError@CUtlProps2@@QAEXKK@Z
?IsRequiredTrue@CUtlProps2@@QAEHKK@Z
?IsTrue@CUtlProps2@@QAEHKK@Z
?CompareDBIDs@@YAJPBUtagDBID@@0@Z
?FInit@CExtBuffer@@QAEHPAV1@@Z
?FIsValidColId@CUtlProps2@@UAEHPAUtagDBPROP@@@Z
?SetPassThrough@CUtlProps2@@UAEJPBUtagDBPROPSET@@@Z
?GetIndexofPropIdinPropSet@CUtlProps2@@UAEJKKPAK@Z
?GetIndexofPropSet@CUtlProps2@@UAEJPBU_GUID@@PAK@Z
?FInit@CUtlProps2@@UAEJPAV1@@Z
?GetUPropValIndex@CUtlProps2@@MAEKKK@Z
??1CUtlProps2@@UAE@XZ
?Free@CExtBuffer@@QAEXXZ
?Transfer@CExtBuffer@@QAEXPAV1@@Z
??1CBaseObj@@UAE@XZ
??0CBaseObj@@IAE@W4EBaseObjectType@@PAUIUnknown@@PAJ@Z

msvcrt

wcscpy
wcslen
_wcsnicmp
wcsncpy
wcsstr
wcschr
iswspace
_snwprintf
towlower
iswdigit
?terminate@@YAXXZ
time
localtime
towupper
iswxdigit
_itow
wcstol
_ultoa
wcsrchr
wcsncat
_ultow
sprintf
swprintf
modf
floor
_ftol
_except_handler3
swscanf
_wtoi
atoi
memmove
wcsncmp
_ltow
wcscat
_purecall
free
malloc
_CxxThrowException
_wtol
wcscmp
_wcsicmp
__CxxFrameHandler

netapi32

Netbios

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoUnmarshalInterface
CoReleaseMarshalData
CoGetClassObject
CLSIDFromProgID
CreatePointerMoniker
CoGetMalloc
CoMarshalInterface

oleaut32

SafeArrayGetDim
VarCyFromR8
VarDateFromCy
VarDecFromR8
VarBstrFromDate
VarDateFromDec
VarI2FromR8
VarI1FromR8
SysStringLen
GetErrorInfo
SafeArrayUnlock
VarBstrFromDec
SysStringByteLen
SysAllocStringLen
VariantInit
VariantClear
SysFreeString
SysAllocString
SetErrorInfo
SafeArrayLock
VariantCopy

rpcrt4

UuidCreate

user32

OemToCharBuffA
SetFocus
CheckDlgButton
EnableWindow
ShowWindow
GetDlgItem
ReleaseCapture
SetCursor
SetCapture
MoveWindow
wsprintfW
wsprintfA
EndDialog
IsWindowEnabled
IsDlgButtonChecked
MessageBoxW
GetParent
GetWindowRect
IsWindowVisible
GetSystemMetrics
CharToOemBuffA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
SQLDebug

Sections

.text
Size: 476KB - Virtual size: 474KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdbid
Size: 4KB - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce0fdc605dc1f6423018774e2d52d60a

Headers

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msdart

msdatl3

msvcrt

netapi32

ole32

oleaut32

rpcrt4

user32

Exports

Exports

Sections

.text Size: 476KB - Virtual size: 474KB

.data Size: 8KB - Virtual size: 7KB

.sdbid Size: 4KB - Virtual size: 696B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 24KB - Virtual size: 24KB

.text
Size: 476KB - Virtual size: 474KB

.data
Size: 8KB - Virtual size: 7KB

.sdbid
Size: 4KB - Virtual size: 696B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 24KB - Virtual size: 24KB