2abbdcecb9ce44315a87038523252f1d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2abbdcecb9ce44315a87038523252f1d_JaffaCakes118
Size

24KB
MD5

2abbdcecb9ce44315a87038523252f1d
SHA1

c73b1a18a2939b70f8c8644be6eab7570ce85010
SHA256

cd46a26c663ace68d03032c1cc2114431af27732e43ecfeb291c91784cdc1052
SHA512

c08ea2d27716328776a3600c03e0a6aeb11950584e0e16d30b4e3e2fd01ef461898e1584ecc56bb596ce23535fa6e4eaccd2a010aecfba797b59e1499f979f87
SSDEEP

384:9lvUyez8zudwR7kYPjvg39P8lvq8EEkwIF4tiO0qnna084uzVa:9lvUX8/jvePkvqAsjO0Sa33Va

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2abbdcecb9ce44315a87038523252f1d_JaffaCakes118

Files

2abbdcecb9ce44315a87038523252f1d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d326041a07bea200211b784118f35bec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dbnetlib

ConnectionWrite
GenClientContext
TermSession
ConnectionMode
ConnectionGetSvrUser
InitEnumServers
ConnectionWriteOOB
InitSSPIPackage
ConnectionClose
ConnectionTransact
ConnectionSqlVer
ConnectionFlushCache
TermSSPIPackage
ConnectionCheckForData
GetNextEnumeration
ConnectionObjectSize
InitSession
ConnectionStatus
ConnectionOpen
ConnectionErrorW
CloseEnumServers
ConnectionOpenW
ConnectionError
ConnectionServerEnumW
ConnectionOption
ConnectionVer
ConnectionRead
ConnectionServerEnum

adsldpc

ADsSetLastError
LdapNextEntry
LdapGetNextPageS
LdapCacheAddRef
ConvertU2TrusteeToSid
ADsEnumClasses
LdapParsePageControl
GetDisplayName
BerBvFree
LdapReadAttribute
ADSICloseDSObject
SchemaGetSyntaxOfAttribute
LdapMsgFree
FreeADsMem
LdapTypeCopyConstruct
?SetExclaimnationDisabler@CLexer@@QAEXH@Z
LdapDeleteS
ChangeSeparator
LdapCreatePageControl
FindSearchTableIndex
ReadPagingSupportedAttr
ReallocADsStr
LdapRenameExtS
ADsWriteAttributeDefinition
LdapTypeToAdsTypeDNWithBinary
ADSIGetPreviousRow
ADSIModifyRdn
AllocADsStr
GetDomainDNSNameForDomain
LdapParseResult
FreeADsStr
ADsDeleteDSObject
LdapTypeToAdsTypeUTCTime
LdapGetSyntaxOfAttributeOnServer
LdapSearchExtS
BuildLDAPPathFromADsPath2
LdapTypeToAdsTypeDNWithString
LdapCloseObject
LdapcSetStickyServer
ConvertSidToU2Trustee
AdsTypeToLdapTypeCopyConstruct
?SetFSlashDisabler@CLexer@@QAEXH@Z

user32

MoveWindow
IsIconic
SetScrollPos

opengl32

glDepthRange
glDepthFunc
glEndList
glPassThrough
glIsList
glColor3f
glTexEnvi
glGetBooleanv
glPrioritizeTextures
glTexCoord2f
GlmfCloseMetaFile
glPixelMapusv
glClearIndex
glRasterPos4f
glTexCoord1d
glIndexPointer
GlmfPlayGlsRecord
glRectfv
glCopyTexImage2D
glTexCoord2dv
glStencilOp
glLoadMatrixd
glListBase
glRectdv
glRotatef
glNormal3fv
glClear
glColor4s
glLightModelfv

mfcsubs

?GetBufferSetLength@CString@@QAEPAGH@Z
?HashKey@CMapStringToPtr@@QBEIPBG@Z
?ReverseFind@CString@@QBEHG@Z
??4CString@@QAEABV0@PBD@Z
?Init@CString@@IAEXXZ
??_7CSyncObject@@6B@
??4CString@@QAEABV0@PBG@Z
?MakeReverse@CString@@QAEXXZ
?Right@CString@@QBE?AV1@H@Z
??1CSyncObject@@UAE@XZ
?Format@CString@@QAAXPBGZZ
??0CMapStringToPtr@@QAE@H@Z
?Mid@CString@@QBE?AV1@HH@Z
?TrimLeft@CString@@QAEXXZ
??H@YG?AVCString@@ABV0@0@Z
?Create@CPlex@@SGPAU1@AAPAU1@II@Z
??1CMapStringToPtr@@UAE@XZ
??O@YG_NPBGABVCString@@@Z
?GetLength@CString@@QBEHXZ
?AssignCopy@CString@@IAEXHPBG@Z
?Release@CString@@IAEXXZ
?AfxW2AHelper@@YGPADPADPBGH@Z
??BCString@@QBEPBGXZ
??N@YG_NABVCString@@0@Z

setupapi

CM_Get_Device_Interface_List_SizeW
SetupDiOpenDevRegKey
pSetupGetGlobalFlags
CM_Get_Device_Interface_ListW
CM_Is_Version_Available
SetupDiGetDeviceRegistryPropertyA
CM_Add_Empty_Log_Conf
SetupTerminateFileLog
SetupDiGetCustomDevicePropertyA
SetupRemoveFileLogEntryW
CM_Create_Range_List
pSetupStringTableGetExtraData
CM_Enumerate_Enumerators_ExW
CM_Delete_DevNode_Key_Ex
SetupDiSetDeviceInterfaceDefault
SetupGetTargetPathA
SetupDiBuildClassInfoListExW
SetupDiEnumDeviceInfo
CM_Get_Hardware_Profile_InfoA
SetupDiOpenDeviceInterfaceA
CM_Query_Arbitrator_Free_Data_Ex
CM_Request_Device_EjectW
InstallHinfSectionA
IsUserAdmin
CM_Get_Log_Conf_Priority_Ex
SetupDiCreateDevRegKeyA
CM_First_Range
pSetupQueryMultiSzValueToArray
SetupQueueDeleteA

msvcrt40

strncmp
??0strstreambuf@@QAE@ABV0@@Z
_fstati64
atof
_stricmp
?is_open@ofstream@@QBEHXZ
_fsopen
_errno
_mbbtype
_unlink
?hex@@YAAAVios@@AAV1@@Z
?x_curindex@ios@@0HA
??0ostream@@IAE@XZ
_strncoll
wcstod
time
_spawnv
??_Gbad_typeid@@UAEPAXI@Z
_wfopen
?delbuf@ios@@QAEXH@Z
?tie@ios@@QBEPAVostream@@XZ
?set_terminate@@YAP6AXXZP6AXXZ@Z
_tolower
??_Estdiobuf@@UAEPAXI@Z
puts
fwprintf
_fgetwchar

kernel32

GetFileInformationByHandle
DnsHostnameToComputerNameW
BaseUpdateAppcompatCache
LocalFlags
HeapUnlock
ProcessIdToSessionId
_lopen
CreateProcessInternalA
VerifyVersionInfoW
OpenSemaphoreA
Sleep
SetThreadPriority
QueryMemoryResourceNotification
CreateSemaphoreA
SetEnvironmentVariableA
SetProcessWorkingSetSize
GetDefaultCommConfigA
AttachConsole
GetConsoleCP
VirtualAlloc
IsBadHugeReadPtr
WritePrivateProfileSectionA
GetNumaProcessorNode
GetModuleHandleW
CreateHardLinkW
GetPrivateProfileIntA
SetConsoleCursor

expsrv

rtcImmediateIf
CopyRecord
rtcIsArray
__vbaFreeVarg
rtCyFromErrVar
__vbaVarTstEq
__vbaStopExe
__vbaFpR8
__vbaExitEachAry
rtcDateFromVar
__vbaMidStmtBstr
rtcRightCharBstr
rtcSetDateBstr
rtcEndOfFile
rtcAnsiValueBstr
__vbaI2Str
rtcGetMonthOfYear
__vbaObjSetAddref
rtcFormatNumber
rtcBstrFromAnsi
__vbaGetOwner3
rtcMidCharVar
__vbaVarIndexLoad
rtcGetDateValue
rtcFormatCurrency
rtcRandomNext
rtI2FromErrVar
__vbaVarDup
__vbaInStrVar
__vbaLineInputVar
__vbaStrErrVarCopy

gdi32

RectVisible

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1018B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d326041a07bea200211b784118f35bec

Headers

DLL Characteristics

File Characteristics

Imports

dbnetlib

adsldpc

user32

opengl32

mfcsubs

setupapi

msvcrt40

kernel32

expsrv

gdi32

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 1018B

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 1018B