2d1db6dbf065973a5170659924b14482_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2d1db6dbf065973a5170659924b14482_JaffaCakes118
Size

39KB
MD5

2d1db6dbf065973a5170659924b14482
SHA1

6eb29835971a52388e3b97ac1eaba0fb50fb7733
SHA256

f50b0e6ff5ac841ab1a614987fa68e64ff3384b9772f06c8ed7abf2e5d52cc64
SHA512

6a26f86b4649c05d2341b6def4ef60813bc6b7613ca001d21b73ff538571b865ab47725769a13d18ae8bf92431601450443fa6ecf8b372e3a63b65a9a6ea6c3b
SSDEEP

768:+9gUNWfhprY01gE9xy3sJoNWzf7jYJB6vWBZYqc2EXEq:uShpr2EzDjQJBQWUqc2oE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d1db6dbf065973a5170659924b14482_JaffaCakes118

Files

2d1db6dbf065973a5170659924b14482_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d19e95aa01d6c1260438d79ffec7ac57

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetConsoleTitleW
SignalObjectAndWait
ReadConsoleInputW
GetStringTypeExA
SetTapePosition
FillConsoleOutputCharacterW
SetConsoleScreenBufferSize
GlobalFindAtomA
SetInformationJobObject
GetCPInfoExA
SetSystemTime
GetStartupInfoA
EnumerateLocalComputerNamesA
GetCommMask
ReadFile
GetConsoleCharType
FormatMessageW
VirtualAlloc
GetConsoleInputWaitHandle
lstrlen
IsBadWritePtr
GetDriveTypeA
GetFileAttributesExA
GetConsoleAliasW
RaiseException
GetConsoleAliasExesLengthA
GetProcessWorkingSetSize
GlobalMemoryStatusEx
EnumResourceNamesW
GetCurrentActCtx
RemoveDirectoryW
SetConsoleNlsMode
SetConsoleCursorInfo
PeekConsoleInputA
SetLocalPrimaryComputerNameA
CreateFileMappingW
ReadConsoleOutputCharacterW
SetTapeParameters
GetUserDefaultLangID
SetConsoleTextAttribute
GetCommTimeouts
CmdBatNotification
ReplaceFileA
DebugSetProcessKillOnExit
SetProcessAffinityMask
InterlockedFlushSList
GetConsoleNlsMode
AddAtomA
InitializeCriticalSection
GetConsoleWindow
ConnectNamedPipe
SetFileAttributesA
GetDefaultCommConfigW
FormatMessageA
GlobalHandle
GlobalFix
SetMessageWaitingIndicator
DuplicateHandle
SetErrorMode
CreateActCtxW
GetTapeParameters
GlobalUnWire
SetProcessWorkingSetSize
ExitVDM
GetBinaryTypeW
GetConsoleTitleA
LoadLibraryA
GetConsoleCommandHistoryW
GetConsoleAliasesLengthW
SetConsoleOutputCP
ReadConsoleOutputW
Heap32Next

sqlsrv32

BCP_bind
SQLCopyDesc
SQLSetPos
ConfigDSNW
SQLCancel
SQLSetScrollOptions
SQLExecute
SQLFetchScroll
SQLSpecialColumnsW
SQLParamOptions
SQLGetCursorNameW
ConnectDlgProc
SQLFreeStmt
SQLParamData
SQLSetStmtAttrW
WizDSNDlgProc
SQLTablesW
SQLColumnsW
WizLanguageDlgProc
SQLPrepareW
SQLForeignKeysW
WizIntSecurityDlgProc
SQLSetCursorNameW
BCP_moretext
SQLFreeHandle
BCP_readfmt
SQLConnectW
SQLMoreResults
SQLColumnPrivilegesW
SQLSetDescRec
SQLSetDescFieldW
SQLExtendedFetch
BCP_colfmt
SQLRowCount
SQLFetch
BCP_exec
SQLGetConnectAttrW
SQLStatisticsW
TestDlgProc
BCP_colptr
BCP_batch

shlwapi

PathAddBackslashA
PathStripToRootW
SHStrDupW
PathRemoveExtensionA
PathIsRelativeA
PathRemoveBlanksA
PathBuildRootW
PathRemoveBackslashA
SHRegGetBoolUSValueA
PathStripPathW
StrCmpIW
SHGetValueA
SHRegCreateUSKeyW
UrlCompareA
PathIsPrefixA
PathAddBackslashW
PathFileExistsW
SHRegCreateUSKeyA
SHGetInverseCMAP
PathIsUNCServerW
UrlIsOpaqueA
SHSetValueW
StrRChrIW
SHRegDuplicateHKey
SHDeleteOrphanKeyA
PathIsDirectoryEmptyW
SHCreateShellPalette
UrlEscapeA
SHCopyKeyW
SHRegQueryUSValueW
PathCommonPrefixA
PathCompactPathA
SHRegQueryInfoUSKeyA
UrlGetPartW
StrFromTimeIntervalA
StrPBrkW
SHRegEnumUSKeyW
UrlIsNoHistoryW

odbc32

SQLCancel
SQLBulkOperations
SQLGetConnectAttrA
SQLDescribeParam
g_hHeapMalloc
SQLTablePrivileges
SQLBrowseConnectW
SQLAllocEnv
SQLErrorA
ODBCQualifyFileDSNW
SQLGetTypeInfo
SQLDataSourcesW
SQLGetCursorNameA
SQLBrowseConnectA
SQLSetStmtAttr
SQLSetDescFieldW
SQLError
SQLFreeConnect
SQLProcedureColumnsW
SQLFetch
SQLSetDescField
SQLTablesA
SQLProcedures
SQLGetConnectOptionA
SQLColumnPrivileges
SQLColumnPrivilegesA
ValidateErrorQueue
SQLGetData
SQLGetTypeInfoA
VRetrieveDriverErrorsRowCol
SQLPrepareA
SQLConnectW
SQLTablesW
SQLGetFunctions

msasn1

ASN1BEREoid_free
ASN1char16string_cmp
ASN1BEREncOctetString
ASN1CEREncUTCTime
ASN1_CreateModule
ASN1BERDecU8Val
ASN1ztchar16string_cmp
ASN1BERDecOpenType
ASN1CEREncBeginBlk
ASN1CEREncOctetString
ASN1octetstring_free
ASN1CEREncChar32String
ASN1BERDecPeekTag
ASN1intx2uint32
ASN1BERDecSXVal
ASN1BEREoid2DotVal
ASN1DecRealloc
ASN1_CloseModule
ASN1BEREncCheck
ASN1BEREncDouble
ASN1intx2int32
ASN1BERDecCharString
ASN1BERDecU32Val
ASN1_CreateDecoderEx
ASN1intx_add
ASN1CEREncGeneralizedTime
ASN1BERDecMultibyteString
ASN1open_cmp
ASN1BEREncEndOfContents
ASN1Free
ASN1CEREncChar16String
ASN1EncSetError
ASN1BEREncMultibyteString
ASN1BEREncBool
ASN1BERDecZeroCharString
ASN1BERDecFlush
ASN1octetstring_cmp

vssapi

??1CVssWriter@@UAE@XZ
?OnPreRestoreEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
?IsBootableSystemStateBackedUp@CVssWriter@@IBG_NXZ
?OnPrepareBackup@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?GetCurrentLevel@CVssWriter@@IBG?AW4_VSS_APPLICATION_LEVEL@@XZ
?OnVSSApplicationStartup@CVssWriter@@UAG_NXZ
?OnBackOffIOOnVolume@CVssWriter@@UAG_NPAGU_GUID@@1@Z
?OnPostSnapshot@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?IsPartialFileSupportEnabled@CVssWriter@@IBG_NXZ
?OnThawBegin@CVssJetWriter@@UAG_NXZ
?OnAbortEnd@CVssJetWriter@@UAGXXZ
?CreateVssBackupComponents@@YGJPAPAVIVssBackupComponents@@@Z
?AreComponentsSelected@CVssWriter@@IBG_NXZ
?Subscribe@CVssWriter@@QAGJK@Z
?GetCurrentSnapshotSetId@CVssWriter@@IBG?AU_GUID@@XZ
?OnFreezeEnd@CVssJetWriter@@UAG_N_N@Z
?CreateVssSnapshotSetDescription@@YGJU_GUID@@JPAPAVIVssSnapshotSetDescription@@@Z
?OnPrepareSnapshotBegin@CVssJetWriter@@UAG_NXZ
?OnVSSShutdown@CVssWriter@@UAG_NXZ
??1CVssJetWriter@@UAE@XZ
?OnPostSnapshot@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?SetWriterFailure@CVssWriter@@IAGJJ@Z
?OnPostRestoreEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
?OnIdentify@CVssWriter@@UAG_NPAVIVssCreateWriterMetadata@@@Z
?OnBackupComplete@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPrepareBackupBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d19e95aa01d6c1260438d79ffec7ac57

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

sqlsrv32

shlwapi

odbc32

msasn1

vssapi

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 2KB - Virtual size: 30KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 2KB - Virtual size: 30KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B