3864c44e88c58a55ddf6575293c2339b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3864c44e88c58a55ddf6575293c2339b_JaffaCakes118
Size

471KB
MD5

3864c44e88c58a55ddf6575293c2339b
SHA1

e07c178d0a387abec1175c87ec021eb9e7578c33
SHA256

c28f65a5d41595bfd228fe66eeb0861df6cf6855c0b7b03d1c4e47555d42e8bd
SHA512

ccaf404999d918d2cbe2cc93df4c4578bc30bfbabf212ce55643d294fb5920c953c1814923f5d8f7a2cfafbe82e6fd3302e83743be482726282df8f333405f7b
SSDEEP

12288:YAn2ENHWkuplkoGgeadb/1/Awv3FLaZNscU7Zg5:YA2ENHLu4HaJxAwP0m7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3864c44e88c58a55ddf6575293c2339b_JaffaCakes118

Files

3864c44e88c58a55ddf6575293c2339b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d627a1ec2113281df8a88c071e2656cc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

query

?DoIt@CCopyRcovObject@@QAEJXZ
?RefreshParams@CWorkQueue@@QAEXKK@Z
??0SStorageObject@@QAE@PAVPStorageObject@@@Z
?NewWordBreaker@CCiOle@@SGPAUIWordBreaker@@ABU_GUID@@@Z
?SetPriority@CGenericCiProxy@@QAEXKK@Z
?GetDATE@CAllocStorageVariant@@QBENI@Z
CollectCIPerformanceData
?Find@CPropertyList@@UAEPBVCPropEntry@@ABVCDbColId@@@Z
?GetVPathSSLAccess@CMetaDataMgr@@QAEKPBG@Z
?HTMLEscapeW@@YGXPBGAAVCVirtualString@@K@Z
?DataWriteRead@CRequestClient@@QAEXPAXK0KAAK@Z
?Remove@CDbSortSet@@QAEXI@Z
?Add@CWorkQueue@@QAEXPAVPWorkItem@@@Z
?GetR4@CAllocStorageVariant@@QBEMI@Z
??0CRcovStrmMDTrans@@QAE@AAVPRcovStorageObj@@W4MDOp@0@K@Z
??1CPhysStorage@@UAE@XZ
?Init@CRcovStorageHdr@@QAEXK@Z
?SetUI8@CStorageVariant@@QAEXT_ULARGE_INTEGER@@I@Z
?GetFileSystem@CDriveInfo@@QAE?AW4eFileSystem@1@H@Z
??0CRcovStrmAppendTrans@@QAE@AAVPRcovStorageObj@@@Z
??1CRangeRestriction@@QAE@XZ
??0CNodeRestriction@@QAE@KI@Z
LoadBinaryFilter
??1CMetaDataMgr@@QAE@XZ
?SetSortProp@CCatState@@QAEXPBGW4SORTDIR@@I@Z
CIRestrictionToFullTree
?AcqRst@CRangeKeyRepository@@QAEPAVCRangeRestriction@@XZ
?AppendListElement@CDbListAnchor@@IAEHPAVCDbCmdTreeNode@@@Z
?GetLPWSTR@CAllocStorageVariant@@QBEPAGI@Z
?InitializeForRead@CDynStream@@QAEXXZ
?GetVPathAuthorization@CMetaDataMgr@@QAEKPBG@Z
?GetVPathAccess@CMetaDataMgr@@QAEKPBG@Z
??1CSizeSerStream@@UAE@XZ
DoneFILTERPerformanceData
??1CSort@@QAE@XZ

atl

AtlModuleUnregisterServerEx
AtlModuleRegisterClassObjects
AtlAxCreateDialogA
AtlModuleAddTermFunc
AtlGetVersion
DllGetClassObject
AtlModuleRegisterTypeLib
AtlDevModeW2A
AtlModuleRegisterServer
AtlModuleExtractCreateWndData
AtlModuleInit
AtlComPtrAssign
AtlAxGetHost
AtlGetObjectSourceInterface
AtlMarshalPtrInProc
AtlModuleRevokeClassObjects
AtlModuleRegisterWndClassInfoW
AtlModuleUnRegisterTypeLib
AtlModuleGetClassObject
AtlPixelToHiMetric
AtlAxDialogBoxW
AtlAxCreateControl
AtlIPersistPropertyBag_Load
AtlComQIPtrAssign
AtlHiMetricToPixel
AtlModuleAddCreateWndData
AtlFreeMarshalStream
AtlCreateTargetDC
AtlModuleUnregisterServer
AtlWaitWithMessageLoop
AtlRegisterClassCategoriesHelper
AtlModuleUpdateRegistryFromResourceD
AtlAxWinInit
AtlInternalQueryInterface
AtlAxCreateControlEx
AtlModuleTerm
AtlSetErrorInfo
AtlAxAttachControl

winmm

PlaySound
mixerGetLineInfoA
waveOutMessage
mciGetYieldProc
timeGetDevCaps
auxGetNumDevs
CloseDriver
mmTaskBlock
mmsystemGetVersion
mciGetDriverData
midiOutGetVolume
joy32Message
midiInGetDevCapsW
midiOutReset
midiInStart
auxGetVolume
joyGetPos
mmioSendMessage
mmioStringToFOURCCA
midiOutCacheDrumPatches
midiStreamPosition
auxOutMessage
midiInMessage
GetDriverModuleHandle
mciGetCreatorTask
waveOutGetDevCapsW
midiInGetErrorTextA
mciSendStringW
midiOutGetDevCapsA
midiOutClose
midiOutMessage
waveInUnprepareHeader
midiOutGetErrorTextA

odbccr32

SQLSetDescRec
SQLSetConnectAttr
SQLNativeSql
SQLBindParameter
SQLGetDescRec
SQLNumParams
SQLExtendedFetch
SQLFreeStmt
SQLGetInfo
SQLPutData
SQLSetConnectOption
SQLMoreResults
SQLSetScrollOptions
SQLParamData
SQLBindCol
SQLSetStmtAttr
SQLGetDescField
ReleaseCLStmtResources
SQLGetStmtOption
SQLSetPos
SQLCancel
SQLExecute
SQLGetStmtAttr
SQLEndTran
SQLRowCount
SQLParamOptions
SQLPrepare
SQLSetDescField
SQLBulkOperations
SQLGetData
SQLTransact
SQLSetStmtOption
SQLFreeHandle
SQLFetch

kernel32

GetVolumePathNamesForVolumeNameW
WaitForMultipleObjects
ReadFileScatter
SearchPathA
lstrlenA
GetConsoleFontSize
Toolhelp32ReadProcessMemory
IsSystemResumeAutomatic
RtlMoveMemory
LoadModule
SetDefaultCommConfigA
ProcessIdToSessionId
QueryPerformanceCounter
ConvertDefaultLocale
GetProfileSectionW
CreateWaitableTimerA
VirtualQuery
LocalAlloc
WriteProfileStringW
GetEnvironmentStringsW
Thread32First
CancelIo
FlushFileBuffers
SignalObjectAndWait
GetCurrentThread
SetConsoleLocalEUDC
LoadLibraryA
GetConsoleCommandHistoryW
VirtualAlloc
GetShortPathNameW
RegisterWowBaseHandlers

cmutil

?SetHInst@CIniA@@QAEXPAUHINSTANCE__@@@Z
CmStrTrimW
GetOSBuildNumber
CmStrStrW
?GetHInst@CIniW@@QBEPAUHINSTANCE__@@XZ
?GetRegPath@CIniW@@QBEPBGXZ
?SetFile@CIniA@@QAEXPBD@Z
CmBuildFullPathFromRelativeA
CmRealloc
CmEndOfStrW
?DeInit@CmLogFile@@QAEJXZ
??_FCIniW@@QAEXXZ
ReleaseBold
?GPPS@CIniW@@QBEPAGPBG00@Z
??0CIniA@@QAE@PAUHINSTANCE__@@PBD111@Z
?OpenFile@CmLogFile@@AAEJXZ
CmStrCatAllocW
?GetHInst@CIniA@@QBEPAUHINSTANCE__@@XZ
SzToWz
CmStrCpyAllocA
?GetPrimaryFile@CIniW@@QBEPBGXZ
?Stop@CmLogFile@@QAEJXZ
CmParsePathW
?Init@CmLogFile@@QAEJPAUHINSTANCE__@@HPBG@Z
IsFarEastNonOSR2Win95
?GetLogFilePath@CmLogFile@@QAEPBGXZ
?Clear@CmLogFile@@QAEXH@Z
?SetICSDataPath@CIniW@@QAEXPBG@Z
??4CmLogFile@@QAEAAV0@ABV0@@Z
CmIsSpaceW
CmStrchrA
?CIniW_DeleteEntryFromReg@CIniW@@IBEHPAUHKEY__@@PBG1@Z
?SetPrimaryRegPath@CIniW@@QAEXPBG@Z
?GetFile@CIniW@@QBEPBGXZ
?IsEnabled@CmLogFile@@QAEHXZ
?SetEntry@CIniA@@QAEXPBD@Z
?WPPB@CIniA@@QAEXPBD0H@Z

Sections

.text
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 507KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d627a1ec2113281df8a88c071e2656cc

Headers

File Characteristics

Imports

query

atl

winmm

odbccr32

kernel32

cmutil

Sections

.text Size: 174KB - Virtual size: 174KB

.rdata Size: 143KB - Virtual size: 143KB

.data Size: 1024B - Virtual size: 507KB

.rsrc Size: 151KB - Virtual size: 151KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 174KB - Virtual size: 174KB

.rdata
Size: 143KB - Virtual size: 143KB

.data
Size: 1024B - Virtual size: 507KB

.rsrc
Size: 151KB - Virtual size: 151KB

.reloc
Size: 1024B - Virtual size: 1024B