3a32543b42484cd38ec00a80d833b141_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3a32543b42484cd38ec00a80d833b141_JaffaCakes118
Size

865KB
MD5

3a32543b42484cd38ec00a80d833b141
SHA1

b41cf6dec859143552156131ed0fede386b9ca0c
SHA256

cec0a97b5c4dbe06792a6e7963ff31db5fb5836e7d2d00e560d1d8b17087c1c3
SHA512

40c2504154cd72765503cce1c724ceea33a9d10d8f99717098dfd2840e31fd5c49b34fab5340e7e10806b010864dcc4e693e2cd2d4695740e77bd78325b3007c
SSDEEP

24576:aMfifiTE9DQzaHmM+IBaUIuU52VqIbPIyY5o:ayiqDzhIBaU72EvIyYa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a32543b42484cd38ec00a80d833b141_JaffaCakes118

Files

3a32543b42484cd38ec00a80d833b141_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0489b9b91475d0e8da6d92702070f8ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetComputerNameExW
LocalLock
VirtualAlloc
RegisterWaitForSingleObject
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
HeapAlloc
RtlUnwind
GetComPlusPackageInstallStatus
CreateMailslotA
PeekConsoleInputA
GlobalFlags
QueryDosDeviceA
BuildCommDCBW
GetConsoleCommandHistoryA
CreateRemoteThread
UTUnRegister
LoadLibraryA
AddLocalAlternateComputerNameA
HeapCreate
EscapeCommFunction
GetCompressedFileSizeW
EnumSystemLanguageGroupsA
SetFilePointerEx
ExitProcess
FindActCtxSectionStringA
lstrcpynW
WriteFileGather
LZCreateFileW
OutputDebugStringA
GetVolumePathNamesForVolumeNameA
GetACP
GetCurrentProcessId
GetEnvironmentStringsW
EnumTimeFormatsA
GetOEMCP
EndUpdateResourceW
VirtualUnlock
GetExpandedNameA
GetExitCodeThread
CreateDirectoryExA
PrepareTape
GetProcessHeaps
GetLocaleInfoA
EnumCalendarInfoA
lstrlenA
SetFileAttributesW
GetSystemInfo
WriteTapemark

ole32

CoSetProxyBlanket
HBRUSH_UserMarshal
CoGetDefaultContext
CoRevertToSelf
CoMarshalHresult
CoGetClassVersion
ProgIDFromCLSID
CoRevokeMallocSpy
HWND_UserMarshal
OleLoad
HWND_UserSize
HBITMAP_UserMarshal
StgConvertPropertyToVariant
CoRegisterMallocSpy
OleCreateLinkToFileEx
UtConvertDvtd32toDvtd16
OleSave
CoUnloadingWOW
CoGetInstanceFromFile
CreateObjrefMoniker
CoCopyProxy
WriteClassStm
OleQueryLinkFromData
SNB_UserSize
STGMEDIUM_UserFree
HBITMAP_UserSize
HBRUSH_UserSize
CoFileTimeNow
MonikerCommonPrefixWith
WdtpInterfacePointer_UserUnmarshal
CoImpersonateClient
OleCreateEx
StringFromIID
CoGetProcessIdentifier

msvcrt

_spawnv
_jn
__getmainargs
_time64
_chdrive
_mbcjmstojis
__p___initenv
??1exception@@UAE@XZ
_winmajor
fgetpos
??8type_info@@QBEHABV0@@Z
_y0
??_Gbad_cast@@UAEPAXI@Z
_ftol
_getdcwd
acos
exit
_mbscspn
_getmaxstdio
ferror
?raw_name@type_info@@QBEPBDXZ
__p__commode
_ismbstrail
sscanf
__wgetmainargs
_adj_fprem1
_adj_fdivr_m32i
_wenviron
iswxdigit
fwprintf
_cputws
qsort
_global_unwind2
_wcsnicmp
_cwprintf
_fputchar
_mbctombb
fsetpos
__set_app_type
_mbsdup
_putwch
_ismbcupper
fgets
_scalb
_aligned_free
_fpreset
_dstbias
??4bad_cast@@QAEAAV0@ABV0@@Z

user32

SetDlgItemTextW
LoadRemoteFonts
TileChildWindows
RegisterDeviceNotificationA
ToAsciiEx
RegisterSystemThread
SendMessageA
IsWindow
DdeInitializeA
EnableScrollBar
SetMenuInfo
InitializeLpkHooks
RegisterShellHookWindow
IsZoomed
DrawIconEx
SendInput
GetKeyboardType
DlgDirListA
MessageBoxW
WinHelpA
LoadBitmapA
DrawFrameControl
UnregisterClassW
NotifyWinEvent
OpenInputDesktop
SetTaskmanWindow
CreateDesktopA
GetMenuItemCount
SetWindowPos
IsWindowInDestroy
GetQueueStatus
SystemParametersInfoA
GetUserObjectSecurity
SetScrollRange
GetAncestor

query

?CiNtOpen@@YGPAXPBGKKK@Z
?Next@CCatalogEnum@@QAEHXZ
?Marshall@CDbProp@@QBEXAAVPSerStream@@@Z
InitializeCIISAPIPerformanceData
?ShrinkFromFront@CPhysStorage@@QAEKKK@Z
?ReturnBuffer@CPhysStorage@@QAEXKHH@Z
?PauseCI@CMachineAdmin@@QAEHXZ
??1CWordRestriction@@QAE@XZ
??1CContentRestriction@@QAE@XZ
??1?$XPtr@VCDbColumnNode@@@@QAE@XZ
??0CiStorage@@QAE@PBGAAUICiCAdviseStatus@@KKH@Z
?FormQueryTree@@YGPAVCDbCmdTreeNode@@AAV1@AAVCCatState@@PAUIColumnMapper@@HH@Z
?OpenRecord@CPropStoreManager@@QAEPAVCCompositePropRecord@@KPAE@Z
?Marshall@CRestriction@@QBEXAAVPSerStream@@@Z
??1CScopeEnum@@QAE@XZ
?FindPropid@CPidLookupTable@@QAEHABVCFullPropSpec@@AAKH@Z
??0CUnfilteredRestriction@@QAE@XZ
?Reopen@CPhysStorage@@QAEXH@Z
??1CDbSortSet@@QAE@XZ
?NextWorkId@CPropertyStoreWids@@QAEKXZ
??1?$XPtr@VCDbProjectListAnchor@@@@QAE@XZ
?WritePropertyInNewRecord@CPropStoreManager@@QAEKKABVCStorageVariant@@@Z
?TunePerformance@CMachineAdmin@@QAEXHGG@Z
?ClearList@CPropertyList@@QAEXXZ
??1CFilterDaemon@@QAE@XZ
?VT_VARIANT_LE@@YGHABUtagPROPVARIANT@@0@Z
CIGetGlobalPropertyList
??1CRangeRestriction@@QAE@XZ
??0CRegAccess@@QAE@KPBG@Z
??0CVirtualString@@QAE@I@Z
?GetLocation@CCatalogAdmin@@QAEPBGXZ
?GetR4@CAllocStorageVariant@@QBEMI@Z
??8CDbColId@@QBEHABV0@@Z
?SetPath@CScopeAdmin@@QAEXPBG@Z
?GrowBuffer@CVirtualString@@AAEXK@Z
?ShrinkToFit@CPhysStorage@@QAEXXZ
??3CDbCmdTreeNode@@SGXPAX@Z
?WriteProperty@CPropStoreManager@@QAEJAAVCCompositePropRecordForWrites@@KABVCStorageVariant@@@Z
?Init@CRcovStorageHdr@@QAEXK@Z
?IsWriteProtected@CDriveInfo@@QAEHXZ
??0CAllocStorageVariant@@QAE@W4VARENUM@@KAAVPMemoryAllocator@@@Z
?InitIterator@CPropertyList@@UAEXXZ

dnsapi

Dns_InitializeWinsock
DnsGetDnsServerList
DnsRecordSetCompare
DnsAsyncRegisterTerm
DnsApiFree
DnsCreateReverseNameStringForIpAddress
DnsApiRealloc
DnsIsStatusRcode
DnsGetPrimaryDomainName_A
DnsStringCopyAllocateEx
CombineRecordsInBlob
DnsNameCompare_A
DnsFlushResolverCacheEntry_UTF8
DnsRecordStringForType
DnsFlushResolverCache
DnsNameCopyAllocate
Dns_RecvTcp
Dns_SkipPacketName
DnsDhcpSrvRegisterInitialize
DnsGlobals
Dns_WriteQuestionToMessage
DnsFlushResolverCacheEntry_W
DnsQueryConfig
Dns_CloseSocket
DnsNotifyResolverEx
Dns_SendAndRecvUdp
DnsQueryConfigDword
DnsWriteReverseNameStringForIpAddress
Dns_ReadRecordStructureFromPacket
Dns_SetRecordDatalength
DnsCreateStringCopy
DnsRecordCompare
DnsValidateName_W
DnsReplaceRecordSetW
DnsReleaseContextHandle
DnsQuery_W
BreakRecordsIntoBlob
DnsApiAlloc
Query_Main
DnsUpdateTest_A
DnsRecordStringForWritableType

Sections

.text
Size: 342KB - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 338KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0489b9b91475d0e8da6d92702070f8ed

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

msvcrt

user32

query

dnsapi

Sections

.text Size: 342KB - Virtual size: 342KB

.rdata Size: 180KB - Virtual size: 180KB

.data Size: 338KB - Virtual size: 1.8MB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 342KB - Virtual size: 342KB

.rdata
Size: 180KB - Virtual size: 180KB

.data
Size: 338KB - Virtual size: 1.8MB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 1024B