41e7ce01e327a2f79de27ee004c9284a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

41e7ce01e327a2f79de27ee004c9284a_JaffaCakes118
Size

21KB
MD5

41e7ce01e327a2f79de27ee004c9284a
SHA1

5bff173ec7b32f34fa1d2935ed14e496ef544514
SHA256

673fef05932f7a6b9bf6180fd447d36087ee76b101081210f239550dc4787d6e
SHA512

2b48237ffd75a8008b768517faad5401f2386f15dcd735f8a115f50e5c42a50f487eeada297ce0ac58334e34196ae8c6bb8318a4e17aa1cbc9b1291d1923711f
SSDEEP

384:F3oA8eyViI2dSbtc/GELmrBSAt3oOboGHer20KiwQeSK:F3z8xiI3ELmrBSAZoOzHeC0DS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41e7ce01e327a2f79de27ee004c9284a_JaffaCakes118

Files

41e7ce01e327a2f79de27ee004c9284a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2f04979fb7e7fe409b8eb651e9baaace

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsnmp32

_SnmpConveyAgentAddress@4
SnmpGetLastError
SnmpSetRetry
SnmpGetVendorInfo
SnmpSetTranslateMode
SnmpOidCompare
SnmpEncodeMsg
SnmpFreePdu
SnmpGetVb
SnmpDecodeMsg
SnmpCreateVbl
SnmpCreateSession
SnmpClose

query

??1CEventItem@@QAE@XZ
?AllocHeapAndGetWString@@YGPAGAAVPDeSerStream@@@Z
?Copy@CDbPropSet@@QAEHABUtagDBPROPSET@@@Z
?AllocHeapAndCopy@@YGPAGPBGAAK@Z
?GetEntryBuffer@CGenericCiProxy@@QAEPAEAAK@Z
?GetCGIVariable@CWebServer@@QAEHPBDAAV?$XArray@G@@AAK@Z
??1CRangeRestriction@@QAE@XZ
?Read@CRcovStrmTrans@@QAEKPAXK@Z
??0CImpersonateRemoteAccess@@QAE@PAVCImpersonationTokenCache@@@Z
?SetExclude@CScopeAdmin@@QAEXH@Z
?Shrink@CDynStream@@QAEXAAVPStorage@@K@Z
?LokUpdate@CCatStateInfo@@QAEHXZ
??1CRegNotify@@MAE@XZ

crtdll

scanf
_getdrives
_mbsstr
_filbuf
memset
_isnan
_dup
fread
setlocale
strpbrk
_sys_nerr_dll
fseek
_ismbchira
strtok

kernel32

Heap32Next
OpenEventA
WritePrivateProfileStructW
DeleteTimerQueueTimer
OpenProfileUserMapping
SetVolumeMountPointW
GetCPInfoExA
VirtualAlloc
CreateActCtxA
GetCurrentThreadId
GetCurrentProcessId
CloseHandle
GetComPlusPackageInstallStatus
DnsHostnameToComputerNameW
GetSystemPowerStatus
QueryPerformanceCounter
GetPrivateProfileIntW
GetTickCount
GetCurrentThread
VirtualFreeEx

opengl32

glNormalPointer
GlmfBeginGlsBlock
wglUseFontOutlinesA
glRasterPos2i
glColor3us
GlmfEndGlsBlock
GlmfCloseMetaFile
glTexEnviv
glEvalCoord1f
glInitNames
glBitmap
glLightModeliv
glClearIndex

expsrv

__vbaStrCopy
__vbaLineInputVar
__vbaDateStr
__vbaVarVargNofree
EbSetContextWorkerThread
rtcRightCharBstr
EVENT_SINK_AddRef
__vbaCyAdd
__vbaStrI2
__vbaStrI4
__vbaUI1I4
__vbaVargUnkAddref

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 642B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f04979fb7e7fe409b8eb651e9baaace

Headers

DLL Characteristics

File Characteristics

Imports

wsnmp32

query

crtdll

kernel32

opengl32

expsrv

Sections

.text Size: 15KB - Virtual size: 15KB

.rdata Size: 1024B - Virtual size: 642B

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 15KB - Virtual size: 15KB

.rdata
Size: 1024B - Virtual size: 642B

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 3KB