36ac9e0f61eaeb2e2d9ca8da63465c4f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

36ac9e0f61eaeb2e2d9ca8da63465c4f_JaffaCakes118
Size

812KB
MD5

36ac9e0f61eaeb2e2d9ca8da63465c4f
SHA1

abe59fd4116ba7f082e569f0fc8807be45313fa1
SHA256

40256ff5ac30484cc994f5c033e8a6344a6422f6ae2c1456c5cd9c620196c353
SHA512

e0fe2f2fdc5feb2c9c5f0bd55b3535f674c509f722ffff1353a6530cad5053e06dcc617d0d5a5efbc6787190cf637812cf13b4924aff0245be39a81759c8dd60
SSDEEP

12288:0pRtrogE2YjB1kR2iyMo/k2v5nwuFdwsvg1psZ+TqHh+v5rlO+/IQ:0pRigE2G1kABM2hnwuvwsI1psxHwrYC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36ac9e0f61eaeb2e2d9ca8da63465c4f_JaffaCakes118

Files

36ac9e0f61eaeb2e2d9ca8da63465c4f_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

efc74c8315b7b6e4dc3220f9eea14daf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

sqloledb.pdb

Imports

msvcrt

iswdigit
wcsstr
wcschr
iswspace
_wcsnicmp
_vsnwprintf
towlower
memset
memcpy
_wcsicmp
_except_handler4_common
?terminate@@YAXXZ
_adjust_fdiv
_amsg_exit
_initterm
free
malloc
_XcptFilter
time
localtime
towupper
iswxdigit
isdigit
_ultow
_itow
qsort
_ltow
_wfullpath
wcstol
wcsrchr
_ultoa
_vsnprintf
modf
_ftol2_sse
floor
swscanf_s
_wtoi
atoi
wcsncmp
memmove
_purecall
_wtol
__CxxFrameHandler3

kernel32

TerminateProcess
InterlockedCompareExchange
QueryPerformanceCounter
VirtualAlloc
IsDBCSLeadByte
OpenFileMappingA
GetCurrentThreadId
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetCurrentProcess
SetUnhandledExceptionFilter
ExpandEnvironmentStringsA
DeviceIoControl
CreateFileA
GetVersionExW
GetDiskFreeSpaceA
GlobalMemoryStatus
GetComputerNameA
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetSystemTimeAsFileTime
LeaveCriticalSection
GetLastError
InterlockedIncrement
InterlockedDecrement
SetEvent
Sleep
GetTickCount
CloseHandle
CreateEventA
WaitForSingleObject
GetOEMCP
GetACP
MultiByteToWideChar
GetCPInfo
SetLastError
WideCharToMultiByte
GetLocalTime
GetCurrentProcessId
GetSystemTime
GetTimeZoneInformation
GetProcAddress
LoadLibraryExW
SetErrorMode
InterlockedExchange
FreeResource
LockResource
LoadResource
FindResourceW
IsValidLocale
CreateFileW
GetPrivateProfileStringW
GetUserDefaultLCID
FreeLibrary
GetSystemDefaultLCID
GetModuleFileNameW
LoadLibraryExA
GetModuleHandleA
WritePrivateProfileStringW
GetLocaleInfoA
VirtualQuery
GetVersion
LoadLibraryA
GetComputerNameW
DisableThreadLibraryCalls
GetModuleFileNameA
VirtualFree
LocalFree
LocalAlloc
UnhandledExceptionFilter

user32

CharToOemBuffA
OemToCharBuffA
SetFocus
SendMessageW
SetDlgItemTextW
CheckDlgButton
EnableWindow
SendDlgItemMessageW
ShowWindow
GetDlgItem
GetWindowLongW
EndDialog
IsWindowEnabled
PostMessageW
SetWindowLongW
GetDlgItemTextW
IsDlgButtonChecked
DialogBoxParamW
LoadStringW
MessageBoxW
LoadCursorW
SetCapture
SetCursor
ReleaseCapture
GetParent
GetWindowRect
IsWindowVisible
GetSystemMetrics
MoveWindow
CharLowerW

advapi32

RegQueryValueExW
RegCloseKey
AllocateLocallyUniqueId
RegOpenKeyExA
RegQueryValueExA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
AddAccessDeniedAce
InitializeAcl
RegEnumValueW
RegOpenKeyExW
GetLengthSid
AllocateAndInitializeSid

ole32

CoMarshalInterface
CreateStreamOnHGlobal
CoCreateInstance
CoReleaseMarshalData
CoGetClassObject
CLSIDFromProgID
CreatePointerMoniker
CoGetMalloc
CoUnmarshalInterface

oleaut32

GetErrorInfo
SafeArrayGetDim
VarCyFromR8
VarDateFromCy
VarDecFromR8
VarBstrFromDate
VarDateFromDec
VarI2FromR8
VarI1FromR8
VariantCopy
SafeArrayLock
SafeArrayUnlock
VarBstrFromDec
SysStringByteLen
SysAllocStringLen
SysFreeString
VariantInit
VariantClear
SysAllocString
SetErrorInfo
SysStringLen

rpcrt4

UuidCreate

msdart

mpFree
UMSEnterCSWraper
MpHeapAlloc
MPDeleteCriticalSection
MPInitializeCriticalSectionAndSpinCount
mpRealloc
?RestoreFile@CEXAutoBackupFile@@QAEJXZ
?fHaveBackup@CEXAutoBackupFile@@QAEHXZ
?UndoBackup@CEXAutoBackupFile@@QAEJXZ
?BackupFile@CEXAutoBackupFile@@QAEJPBG@Z
??1CEXAutoBackupFile@@QAE@XZ
??0CEXAutoBackupFile@@QAE@XZ
FXMemDetach
MPCSUninitialize
MPCSInitialize
FXMemAttach
MpGetHeapHandle
mpCalloc
mpMalloc

msdatl3

?SaveInternalStatus@CUtlProps2@@QAEXKK@Z
?RestoreInternalFlags@CUtlProps2@@QAEXKK@Z
?RestoreInternalStatus@CUtlProps2@@QAEXKK@Z
?RemoveInternalFlags@CUtlProps2@@QAEXKKK@Z
?SetPropRequired@CUtlProps2@@QAEXKKF@Z
?SetPropOption@CUtlProps2@@QAEXKKK@Z
?SetPropertyStatus@CUtlProps2@@QAEXKQBUtagDBPROPSET@@@Z
?GetPropOption@CUtlProps2@@QAEKKK@Z
?GetInternalStatus@CUtlProps2@@QAEKKK@Z
??1CClassFactory@@QAE@XZ
?SetValLong@CUtlProps2@@QAEXKKJ@Z
?CreateVLHeap@@YAJPAPAUIVLHeap@@@Z
?GetValShort@CUtlProps2@@QBEFKK@Z
?GetExpectedVarType@CUtlProps2@@QAEGKK@Z
?GetIndexofPropIdinPropSet@CUtlProps2@@UAEJKKPAK@Z
?GetVariant@CUtlProps2@@QAEPAUtagVARIANT@@KK@Z
?FillDefaultValues@CUtlProps2@@QAEJK@Z
?SetUPropSetCount@CUtlProps2@@QAEXK@Z
?ConflictsWithCurrent@CUtlProps2@@UAEHKKABUtagVARIANT@@@Z
?SetCombinedPassThrough@CUtlProps2@@UAEJPBUtagDBPROPSET@@K@Z
??0CUtlProps2@@QAE@K@Z
?LoadResourceDLL@@YAJPAG0PAXPAPAX@Z
?GetPropertyInfo@CUtlPropInfo@@QAEJKQBUtagDBPROPIDSET@@PAKPAPAUtagDBPROPINFOSET@@PAPAG@Z
?SetUPropSetCount@CUtlPropInfo@@IAEXK@Z
??0CUtlPropInfo@@QAE@XZ
?SaveInternalFlags@CUtlProps2@@QAEXKK@Z
?DoRcNotify@CRowsetConnectionPointContainer@@QAEJKW4DBREASONENUM@@W4DBEVENTPHASEENUM@@PAUIRowset@@KQAK@Z
?DoRscNotify@CRowsetConnectionPointContainer@@QAEJKW4DBREASONENUM@@W4DBEVENTPHASEENUM@@PAUIRowset@@@Z
??1CRowsetConnectionPointContainer@@QAE@XZ
??0CSlotListShort@@QAE@XZ
?FInit@CSlotListShort@@UAEHKPAPAVISlotList@@PAPAVIHashTbl@@K@Z
?GetNextSlots@CSlotListShort@@UAGJKKPAK@Z
?ReleaseSlots@CSlotListShort@@UAGKKK@Z
?NoBusySlots@CSlotListShort@@UAGJXZ
?GetRowBuff@CSlotListShort@@UAIPAUtagRowBuff@@K@Z
?IsValidSlot@CSlotListShort@@UAGJK@Z
?RecordInternalUse@CSlotListShort@@UAGXXZ
?ResetBusySlotIteration@CSlotListShort@@UAGXXZ
?NextBusySlot@CSlotListShort@@UAGJPAK@Z
?CountOfBusySlots@CSlotListShort@@UAGKXZ
?SLSlotCapacity@CSlotListShort@@UAGKXZ
??1CSlotListShort@@UAE@XZ
?Init@CRowsetConnectionPointContainer@@QAEJXZ
??0CRowsetConnectionPointContainer@@QAE@PAUIUnknown@@@Z
?FInit@CHashTbl@@QAEHGPAVCSlotListShort@@PAVIBookmarkObj@@@Z
??0CHashTbl@@QAE@XZ
?IsEmpty@CUtlProps2@@QAEHKK@Z
?GetUPropSetCount@CUtlProps2@@QAEKXZ
?FInit@CUtlPropInfo@@QAEJXZ
??1CUtlPropInfo@@UAE@XZ
?GetValLong@CUtlProps2@@QBEJKK@Z
??0CBaseObj@@IAE@W4EBaseObjectType@@PAUIUnknown@@PAJ_N@Z
??1CBaseObj@@UAE@XZ
?Transfer@CExtBuffer@@QAEXPAV1@@Z
?Free@CExtBuffer@@QAEXXZ
?FInit@CBaseObj@@IAEJXZ
?FInit@CUtlProps2@@UAEJPAV1@@Z
?GetUPropValIndex@CUtlProps2@@MAEKKK@Z
??1CUtlProps2@@UAE@XZ
?FInit@CExtBuffer@@QAEHPAV1@@Z
?GetNameFromOffset@CExtBuffer@@QAEPAGK@Z
?CompareDBIDs@@YAJPBUtagDBID@@0@Z
?ClearPropertyInError@CUtlProps2@@QAEXXZ
?IsTrue@CUtlProps2@@QAEHKK@Z
?IsRequiredTrue@CUtlProps2@@QAEHKK@Z
?SetPropertyInError@CUtlProps2@@QAEXKK@Z
?AddInternalFlags@CUtlProps2@@QAEXKKK@Z
?SetInternalStatus@CUtlProps2@@QAEXKKK@Z
?CopyPropsInError@CUtlProps2@@QAEXPAV1@@Z
?GetValString@CUtlProps2@@QAEPBGKK@Z
?SetPropertiesArgChk@CUtlProps2@@SAJKQBUtagDBPROPSET@@@Z
?SetProperties@CUtlProps2@@QAEJKQBUtagDBPROPSET@@H@Z
?GetInternalFlags@CUtlProps2@@QAEKKK@Z
?SetValBool@CUtlProps2@@QAEXKKF@Z
?GetPropertiesArgChk@CUtlProps2@@QAEJKQBUtagDBPROPIDSET@@PAKPAPAUtagDBPROPSET@@@Z
?GetProperties@CUtlProps2@@QAEJKQBUtagDBPROPIDSET@@PAKPAPAUtagDBPROPSET@@PBU_GUID@@@Z
?GetPtrOfExtBuffer@CExtBuffer@@QAGPAXK@Z
?SetItemCount@CExtBuffer@@QAGXK@Z
?FIsValidColId@CUtlProps2@@UAEHPAUtagDBPROP@@@Z
?SetPassThrough@CUtlProps2@@UAEJPBUtagDBPROPSET@@@Z
?InsertFindBmk@CHashTbl@@UAGJHKKPAEPAK@Z
?DeleteBmk@CHashTbl@@UAGJK@Z
??1CHashTbl@@UAE@XZ
?fReasonNeeded@CRowsetConnectionPointContainer@@QAEHKW4DBREASONENUM@@W4DBEVENTPHASEENUM@@@Z
?DoFcNotify@CRowsetConnectionPointContainer@@QAEJKW4DBREASONENUM@@W4DBEVENTPHASEENUM@@PAUIRowset@@KKQAK@Z
?CompactExtBuffer@CExtBuffer@@QAGXXZ
?DWORDIntoExtBuffer@CExtBuffer@@QAGJK@Z
?DeleteWithCompactFromExtBuffer@CExtBuffer@@QAGXK@Z
??0CClassFactory@@QAE@PAJ0@Z
?QueryInterface@CClassFactory@@UAGJABU_GUID@@PAPAX@Z
?AddRef@CClassFactory@@UAGKXZ
?Release@CClassFactory@@UAGKXZ
?LockServer@CClassFactory@@UAGJH@Z
?AllocItems@CExtBuffer@@QAGPAEK@Z
?FInit@CExtBuffer@@QAEHKK@Z
?ClearPropSupported@CUtlProps2@@QAEXKK@Z
??1IBookmarkObj@@UAE@XZ
?GetIndexofPropSet@CUtlProps2@@UAEJPBU_GUID@@PAK@Z
?SetValString@CUtlProps2@@QAEJKKPBG@Z
?GetOuterUnknown@CBaseObj@@QAEPAUIUnknown@@XZ
?GetValBool@CUtlProps2@@QBEFKK@Z
??1CExtBuffer@@QAE@XZ
??1CBitArray@@QAE@XZ
?GetDWORDOfExtBuffer@CExtBuffer@@QAGKK@Z
?GetBaseObjectType@CBaseObj@@QAE?AW4EBaseObjectType@@XZ
?GetLastItemHandle@CExtBuffer@@QAGXAAK@Z
?GetItemOfExtBuffer@CExtBuffer@@QAGXKPAX@Z
?InsertIntoExtBuffer@CExtBuffer@@QAGJPAXAAK@Z
?SetSlot@CBitArray@@QAGJK@Z
?IsSlotSet@CBitArray@@QAGJK@Z
?ResetAllSlots@CBitArray@@QAGXXZ
?FInit@CExtBuffer@@QAEHKPAXKK@Z
?DeleteFromExtBuffer@CExtBuffer@@QAGXK@Z
?GetPtrOfExtBuffer@CExtBuffer@@QAGPAXXZ
?FInit@CBitArray@@QAGJK@Z
??0CBitArray@@QAE@XZ
??0CExtBuffer@@QAE@XZ
?GetCriticalSection@CBaseObj@@QAEPAPAVCCriticalSection@@XZ
?WriteIntoExtBuffer@CExtBuffer@@QAGJPBXK@Z
?ReplaceInExtBuffer@CExtBuffer@@QAGJKKPBXK@Z
?WriteWCharToExtBuffer@CExtBuffer@@QAGJGK@Z
?GetItemCount@CExtBuffer@@QBGKXZ

netapi32

Netbios

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
SQLDebug

Sections

.text
Size: 600KB - Virtual size: 598KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdbid
Size: 168KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

efc74c8315b7b6e4dc3220f9eea14daf

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

rpcrt4

msdart

msdatl3

netapi32

Exports

Exports

Sections

.text Size: 600KB - Virtual size: 598KB

.data Size: 8KB - Virtual size: 7KB

.sdbid Size: 168KB - Virtual size: 165KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 25KB

.text
Size: 600KB - Virtual size: 598KB

.data
Size: 8KB - Virtual size: 7KB

.sdbid
Size: 168KB - Virtual size: 165KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 25KB