357c240e35ca52719c084bf4d3469ff7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

357c240e35ca52719c084bf4d3469ff7_JaffaCakes118
Size

52KB
MD5

357c240e35ca52719c084bf4d3469ff7
SHA1

afa6942f2fe6b3fc3ab33449bdca5bee1e7703a1
SHA256

7b978ffb78ff0b149a1f0fb454c6180025cd96d841bf2d658ac5868c5f28f418
SHA512

8ed0a17212af16de7533e077cd2a6b8779e524f2a95d40e563e3c9bbe49ce76913ca90fca2e40597d5c7a53c83eb1832f0dfb99a48b177b627b853f482f03b26
SSDEEP

1536:PO4ePS0LVfA69qcKVp7spiT1hWcVE62ZA:Wul2qVjAsRh3O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
357c240e35ca52719c084bf4d3469ff7_JaffaCakes118

Files

357c240e35ca52719c084bf4d3469ff7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ab341148c9d057367468f1952d5ab3d0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
FindVolumeMountPointClose
GetThreadPriority
TzSpecificLocalTimeToSystemTime
VirtualQueryEx
ReplaceFileA
lstrcpynW
LocalAlloc
LeaveCriticalSection
CreateTimerQueue
GetProcessShutdownParameters
LZSeek
GetDateFormatW
GlobalFindAtomA
IsValidCodePage
LoadLibraryA
LCMapStringW
OutputDebugStringA
SetLastError
GetDiskFreeSpaceExW
AddAtomW
GetNumaProcessorNode

msvcrt

iswprint
_getwch
_inpw
_adj_fdiv_r
??0bad_typeid@@QAE@ABV0@@Z
_strnicmp
_snwscanf
__wargv
memchr
_strupr
strlen
_winminor
_mbctombb
ftell
__unDNameEx
_mbsnextc
iswalnum
_beginthreadex
_mktemp
towupper
_get_sbh_threshold
_mbsncoll
_lock
iscntrl
??_G__non_rtti_object@@UAEPAXI@Z

ntdll

ZwCreateFile
NtQueryPortInformationProcess
RtlExtendedIntegerMultiply
NtWaitLowEventPair
_allrem
RtlUpcaseUnicodeToMultiByteN
NtLockRegistryKey
RtlUpcaseUnicodeStringToCountedOemString
RtlInitializeGenericTable
ZwWaitLowEventPair
toupper
ZwSetInformationProcess
_vsnprintf
RtlRandomEx
RtlDeregisterWaitEx
ZwLoadKey
isspace
NtWriteRequestData
ZwSaveMergedKeys
ZwImpersonateAnonymousToken
CsrCaptureTimeout
NtSetLowEventPair
ZwReadFileScatter

advapi32

CryptDuplicateKey
WmiReceiveNotificationsA
CloseTrace
WriteEncryptedFileRaw
SystemFunction024
RegLoadKeyW
SetFileSecurityA
AllocateAndInitializeSid
RegEnumValueA
RegisterServiceCtrlHandlerW
FileEncryptionStatusA
I_ScSetServiceBitsW
ElfRegisterEventSourceA
LsaQueryInfoTrustedDomain
CryptGenRandom
BuildSecurityDescriptorW
AccessCheckAndAuditAlarmA
AddAccessAllowedAce
BuildTrusteeWithObjectsAndSidW
CryptHashData
LsaEnumerateAccounts

sqlsrv32

SQLColumnPrivilegesW
SQLNativeSqlW
SQLFetch
SQLCloseCursor
BCP_colfmt
SQLNumParams
SQLGetInfoW
SQLMoreResults
BCP_exec
SQLRowCount
LibMain
SQLAllocHandle
SQLGetDescRecW
SQLFetchScroll
SQLBrowseConnectW
BCP_bind
WizLanguageDlgProc

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 17KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab341148c9d057367468f1952d5ab3d0

Headers

File Characteristics

Imports

kernel32

msvcrt

ntdll

advapi32

sqlsrv32

Sections

.text Size: 18KB - Virtual size: 17KB

Size: 14KB - Virtual size: 14KB

Size: 17KB - Virtual size: 70KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 18KB - Virtual size: 17KB

.rsrc
Size: 1KB - Virtual size: 1KB