38ca870f7638d0e4bdd0e99ee06ef529_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

38ca870f7638d0e4bdd0e99ee06ef529_JaffaCakes118
Size

42KB
MD5

38ca870f7638d0e4bdd0e99ee06ef529
SHA1

c7af1e7e27d5a0328093f5de68bc329b7d7181c8
SHA256

c5dcaab35750a81734f3253cf1ded94c08d8c64b77fbfe37181086d6eefa6f95
SHA512

df1ffa86ab80fce2a1cd905fad089037a8d615c2d2b4d95167e3d84bc43358d78e4b2056660af7b2fd7bf2194dbb720e4a838182bdf4c7e913d44806fae24bfe
SSDEEP

768:eG+Om0GLtI+WrgSEmUAungPbKfbUwnxwVIyDd+YFwgb:eVtFWrgdngPuj1qVIyDgYFwgb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38ca870f7638d0e4bdd0e99ee06ef529_JaffaCakes118

Files

38ca870f7638d0e4bdd0e99ee06ef529_JaffaCakes118
.exe windows:5 windows x86 arch:x86

19424821044d3cb00113acb813de82d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileSectionNamesW
CallNamedPipeA
_lclose
LoadLibraryA
SetComputerNameW
GlobalUnlock
GetCurrentProcess
BeginUpdateResourceA
BackupWrite
Heap32Next
DeleteTimerQueueTimer
GetModuleHandleW
WaitForSingleObjectEx
AddRefActCtx
GetUserDefaultUILanguage
OpenEventW
LoadModule
FindResourceExA
LocalSize
SystemTimeToFileTime
FreeConsole
SetHandleInformation
PrepareTape
GetNumberFormatW
GetModuleHandleA
LocalShrink
VirtualFree
SetCriticalSectionSpinCount
GetVolumeNameForVolumeMountPointA
LCMapStringA
GetCommModemStatus
SetConsoleTextAttribute
SetConsoleWindowInfo
IsWow64Process
GetNumberFormatA
LocalLock
GetConsoleAliasA
OpenFile
AddAtomA
GetNumaProcessorNode
SetLastError
DisableThreadLibraryCalls
LockResource
ExitThread
InterlockedPushEntrySList
GetNumaAvailableMemoryNode
Module32First
VirtualAlloc

olecli32

MfEqual
OleSetColorScheme
LeObjectLong
LeRelease
PbCreateFromTemplate
DibQueryBounds
ErrCopyFromLink
OleSavedClientDoc
OleDelete
LeDraw
OleActivate
OleClone
OleQueryClientVersion
ConnectDlgProc
GenGetData
CheckNetDrive
OleExecute
MfDraw
GenSaveToStream
DefCreateFromClip
ErrActivate

query

?Next@CCatalogEnum@@QAEHXZ
?GetPropInfoFromName@CEmptyPropertyList@@UAGJPBGPAPAUtagDBID@@PAGPAI@Z
CITextToFullTree
LocateCatalogsA
?CIShutdown@@YGXXZ
?StrLen@CKey@@QBEIXZ
CIBuildQueryTree
?DeleteRegistryParamNoThrow@CCatalogAdmin@@QAEXPBG@Z
?FetchProperty@COLEPropManager@@QAEXABU_GUID@@ABUtagPROPSPEC@@PAUtagPROPVARIANT@@PAI@Z
BindIFilterFromStorage
?AddRef@CEnumWorkid@@UAGKXZ
??1CMemSerStream@@UAE@XZ
?Find@CEmptyPropertyList@@QAEPBVCPropEntry@@ABVCDbColId@@@Z
?IsWriteProtected@CDriveInfo@@QAEHXZ
?Next@CScopeEnum@@QAEHXZ
?My_wcstoui64@@YA_KPBGPAPAGH@Z
??1CCatalogEnum@@QAE@XZ
?MakeBackupCopy@CPhysStorage@@QAEXAAV1@AAVPSaveProgressTracker@@@Z
??0CDbNatLangRestriction@@QAE@PBGABUtagDBID@@K@Z
?ReadProperty@CPropStoreManager@@QAEHKKPAUtagPROPVARIANT@@PAI@Z
?SetLocale@CCatState@@QAEXPBG@Z
?UnMarshall@CDbColId@@QAEHAAVPDeSerStream@@@Z
?VerifyThreadHasAdminPrivilege@@YGXXZ

odbcbcp

SQLLinkedServers
bcp_exec
bcp_initW
bcp_writefmtA
SQLLinkedCatalogsA
bcp_colptr
bcp_setcolfmt
bcp_initA
bcp_bind
bcp_readfmtA
bcp_done
bcp_readfmtW
dbprtypeW
bcp_batch
bcp_columns
SQLGetNextEnumeration
bcp_collen
SQLCloseEnumServers
bcp_moretext
LibMain
SQLInitEnumServers
bcp_getcolfmt
SQLLinkedCatalogsW
bcp_sendrow
dbprtypeA

catsrvut

WinlogonHandlePendingInfOperations
??_7CComPlusMethod@@6B@
??0CComPlusObject@@QAE@ABV0@@Z
??4CComPlusInterface@@QAEAAV0@ABV0@@Z
??_7CComPlusInterface@@6B@
??0CComPlusComponent@@QAE@ABV0@@Z
??1CComPlusComponent@@UAE@XZ
SysprepComplus
??4CComPlusTypelib@@QAEAAV0@ABV0@@Z
??0CComPlusInterface@@QAE@ABV0@@Z
??4CComPlusComponent@@QAEAAV0@ABV0@@Z
StartMTSTOCOM
DllGetClassObject
RegDBRestore
QueryUserDllW
??_7CComPlusComponent@@6B@
??0CComPlusMethod@@QAE@ABV0@@Z
DllRegisterServer
RunMTSToCom
??4CComPlusObject@@QAEAAV0@ABV0@@Z
DllCanUnloadNow
DllUnregisterServer
RegDBBackup
??1CComPlusInterface@@UAE@XZ
SysprepComplus2
CGMIsAdministrator
FindAssemblyModulesW
ManagedRequestW

ntdll

RtlCharToInteger
RtlTimeFieldsToTime
RtlUpcaseUnicodeStringToCountedOemString
RtlDeleteElementGenericTable
_stricmp
RtlUnicodeStringToCountedOemString
RtlStartRXact
NtSetDefaultLocale
NtQueryTimer
NlsMbOemCodePageTag
NtMakePermanentObject
ZwRemoveIoCompletion
NtSaveKeyEx
RtlDowncaseUnicodeChar
RtlGetSecurityDescriptorRMControl
NtCancelIoFile
RtlConvertUlongToLargeInteger
NtCreateJobSet
ZwAdjustGroupsToken
ZwQueryVirtualMemory
RtlNewSecurityObject

Sections

.text
Size: 1024B - Virtual size: 742B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19424821044d3cb00113acb813de82d2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

olecli32

query

odbcbcp

catsrvut

ntdll

Sections

.text Size: 1024B - Virtual size: 742B

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 16KB - Virtual size: 54KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 512B - Virtual size: 68B

.text
Size: 1024B - Virtual size: 742B

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 16KB - Virtual size: 54KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 512B - Virtual size: 68B