38c40e7144ee473608ac2f3b714fda95_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

38c40e7144ee473608ac2f3b714fda95_JaffaCakes118
Size

865KB
MD5

38c40e7144ee473608ac2f3b714fda95
SHA1

703b96181553fd9756c50a24b9113a33a494abc4
SHA256

f71340d93b391e8a765609325b80901eed279a1538a2250419fb67883b3444aa
SHA512

2948da5cfcb3520901875b98a99aea4af451b3379287e268ec1c04e7bf86725b6c070a97ac61bbcc35434b552e31ab7db871a0f5f560f1fdd2f037e6645b6c76
SSDEEP

24576:zr5bReCyT51bRiRPZMRqqEEyDYWZGY8oIQ:zZReCyT51Vg+Rt0DYW8+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38c40e7144ee473608ac2f3b714fda95_JaffaCakes118

Files

38c40e7144ee473608ac2f3b714fda95_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ded352f48c41ed746e1defa3e6152c73

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

glu32

gluNewQuadric
gluPerspective
gluLoadSamplingMatrices
gluPartialDisk
gluEndPolygon
gluDeleteNurbsRenderer
gluQuadricNormals
gluBeginSurface
gluTessBeginContour
gluQuadricDrawStyle
gluNewTess
gluSphere
gluTessBeginPolygon
gluNurbsSurface
gluNextContour
gluDisk
gluPickMatrix
gluLookAt
gluEndSurface
gluEndCurve
gluBeginTrim
gluNurbsCurve
gluBeginPolygon
gluNurbsCallback
gluQuadricOrientation
gluTessEndContour
gluBuild2DMipmaps
gluBeginCurve
gluErrorUnicodeStringEXT
gluErrorString
gluScaleImage
gluNewNurbsRenderer
gluQuadricTexture
gluQuadricCallback
gluGetTessProperty
gluEndTrim
gluBuild1DMipmaps
gluTessVertex
gluOrtho2D
gluGetString
gluGetNurbsProperty

msvcrt

_ecvt
??_Fbad_cast@@QAEXXZ
_mbctombb
__p__commode
_fpreset
memset
_mbsdec
_rotr
_beep
_lseek
_read
_mbsstr
wcsstr
cosh
_ctime64
__p__wpgmptr
wcsspn
fgetws
vprintf
__p___mb_cur_max
_outpw
_Getmonths
exit
_getws
_strncoll
__set_app_type
_mbctoupper
_isnan
_wchdir
_chkesp
_ismbchira
_putw
_wcsicmp
__getmainargs
_time64
__crtGetStringTypeW
_CIatan2
_wcsnicoll
_fgetchar
memmove
tmpnam
_mbsicmp
___mb_cur_max_func

query

?Recognize@CDFA@@QAEEPBG@Z
?GetCY@CAllocStorageVariant@@QBE?ATtagCY@@I@Z
??0CRequestClient@@QAE@PBGPAUIDBProperties@@@Z
?Add@CDbSortSet@@QAEHABVCDbColId@@KI@Z
??0CAllocStorageVariant@@QAE@AAUtagPROPVARIANT@@AAVPMemoryAllocator@@@Z
?EnumerateValues@CRegAccess@@QAEXPAGAAVCRegCallBack@@@Z
??1SStorageObject@@QAE@XZ
?Empty@CPropStoreManager@@QAEXXZ
?Append@CEnumString@@QAEXPBG@Z
?GetTotalSizeInKB@CPropertyStore@@QAEKXZ
?GetString@CMemDeSerStream@@UAEPADXZ
?QueryVirtualScopeList@CiStorage@@QAEPAVPRcovStorageObj@@K@Z
?ReOpenStream@CPhysIndex@@EAEXXZ
?GetStackTrace@@YGXPADK@Z
?LokNewWorkId@CPropertyStore@@AAEKKHH@Z
?SetLPSTR@CStorageVariant@@QAEXPBDI@Z
??1CNatLanguageRestriction@@QAE@XZ
?SetCatalog@CCatState@@QAEXPBG@Z
?UnMarshall@CDbProperties@@QAEHAAVPDeSerStream@@@Z
SetupCacheEx
?Find@CStaticPropertyList@@UAEPBVCPropEntry@@PBG@Z
?Pause@CCatalogAdmin@@QAEHXZ
??0CDbContentRestriction@@QAE@PBGABVCDbColumnNode@@KK@Z
?RequiresFlush@CPhysStorage@@QAEHK@Z
?SetNumberOfColumns@CCatState@@QAEXI@Z
?CleanupDataValue@CDbCmdTreeNode@@IAEXXZ

rpcns4

RpcNsBindingLookupNext
RpcNsProfileEltAddA
RpcNsEntryExpandNameW
RpcNsGroupMbrRemoveW
RpcNsMgmtInqExpAge
RpcNsEntryObjectInqBeginA
RpcNsMgmtEntryInqIfIdsA
RpcNsMgmtHandleSetExpAge
RpcNsProfileEltRemoveA
RpcNsMgmtEntryCreateW
RpcNsGroupMbrInqBeginW
RpcNsProfileDeleteW
RpcNsMgmtEntryCreateA
RpcNsProfileEltRemoveW
RpcNsGroupDeleteA
RpcNsBindingLookupBeginW
RpcNsBindingUnexportA
RpcNsProfileEltInqBeginW
RpcNsGroupMbrRemoveA
RpcNsGroupMbrAddA
RpcNsBindingExportPnPA
RpcNsMgmtSetExpAge
RpcNsBindingExportW
RpcNsBindingUnexportPnPA
I_RpcNsNegotiateTransferSyntax
RpcNsEntryObjectInqBeginW
RpcNsEntryExpandNameA
RpcNsProfileDeleteA
RpcNsProfileEltAddW
RpcNsBindingExportA
I_RpcNsRaiseException
RpcNsMgmtEntryInqIfIdsW
RpcNsProfileEltInqDone
RpcNsEntryObjectInqDone
RpcNsBindingImportBeginW
RpcNsProfileEltInqBeginA
RpcNsGroupMbrInqNextW
RpcNsBindingLookupBeginA
I_RpcNsSendReceive
RpcNsBindingImportDone
RpcNsGroupMbrAddW
RpcNsProfileEltInqNextW
RpcNsProfileEltInqNextA
RpcNsGroupMbrInqDone
RpcNsMgmtEntryDeleteA

perfctrs

CloseTcpIpPerformanceData
CollectNWNBPerformanceData
CollectSPXPerformanceData
CloseDhcpPerformanceData
CollectTcpIpPerformanceData
OpenTcpIpPerformanceData
OpenNbfPerformanceData
CollectIPXPerformanceData
OpenNWNBPerformanceData
OpenSPXPerformanceData
OpenIPXPerformanceData
CollectDhcpPerformanceData
CloseNWNBPerformanceData
CloseNbfPerformanceData
CloseIPXPerformanceData
OpenDhcpPerformanceData
CloseSPXPerformanceData
CollectNbfPerformanceData

ntdll

RtlGetLengthWithoutTrailingPathSeperators
_aulldvrm
RtlOemStringToUnicodeString
RtlSetSaclSecurityDescriptor
RtlUnicodeToMultiByteSize
RtlQueryRegistryValues
RtlUnicodeStringToCountedOemString
RtlFindLongestRunClear
ZwCompleteConnectPort
RtlRealPredecessor
ZwQueryMutant
RtlSetTimeZoneInformation
NtQueryInformationPort
RtlInitializeGenericTableAvl
ZwAllocateLocallyUniqueId
NtSetSystemEnvironmentValueEx
ZwSuspendProcess
ZwQueryObject
NtCreateEvent
RtlRealSuccessor
RtlFirstFreeAce
RtlTraceDatabaseCreate
NtStopProfile
RtlCreateAndSetSD
RtlApplyRXactNoFlush
ZwResetEvent
RtlGetFullPathName_U
ZwQuerySemaphore
ZwQueryDebugFilterState
RtlUnicodeStringToOemSize
RtlAppendUnicodeStringToString

kernel32

Process32FirstW
WriteConsoleOutputCharacterA
AddAtomA
GetConsoleInputExeNameW
SetProcessWorkingSetSize
OpenThread
OpenProcess
GetLastError
GetStringTypeExW
GlobalGetAtomNameW
CreateConsoleScreenBuffer
GetThreadPriorityBoost
QueueUserAPC
GetWindowsDirectoryA
SetComputerNameExW
ReadConsoleOutputA
FatalExit
RtlZeroMemory
QueryDepthSList
ReadDirectoryChangesW
RemoveVectoredExceptionHandler
QueryPerformanceCounter
FindFirstVolumeA
CreateFileMappingA
GetExitCodeThread
EnumDateFormatsA
lstrcpynW
WaitNamedPipeA
GlobalAddAtomA
DebugSetProcessKillOnExit
GetOEMCP
VirtualAlloc
EnumSystemLanguageGroupsA
GetEnvironmentStringsW
GetConsoleCommandHistoryA
CreateDirectoryW
LoadLibraryA
UpdateResourceA
SetCurrentDirectoryW
GetPrivateProfileSectionW
GetShortPathNameW
Module32NextW
PostQueuedCompletionStatus
DeleteFileA
GlobalUnfix
GetVolumeInformationW
Toolhelp32ReadProcessMemory

user32

EndDialog

Sections

.text
Size: 376KB - Virtual size: 376KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 305KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ded352f48c41ed746e1defa3e6152c73

Headers

DLL Characteristics

File Characteristics

Imports

glu32

msvcrt

query

rpcns4

perfctrs

ntdll

kernel32

user32

Sections

.text Size: 376KB - Virtual size: 376KB

.rdata Size: 181KB - Virtual size: 181KB

.data Size: 305KB - Virtual size: 1.7MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 376KB - Virtual size: 376KB

.rdata
Size: 181KB - Virtual size: 181KB

.data
Size: 305KB - Virtual size: 1.7MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B