4635845610e23e541b4a40d3e2122610_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4635845610e23e541b4a40d3e2122610_JaffaCakes118
Size

856KB
MD5

4635845610e23e541b4a40d3e2122610
SHA1

63262e9d1da9cde29e76aaa61d7178c2893bceb5
SHA256

a72975dc40213d356afa1d0eda9ad6e644c03448f8844e5d2c082408f16b0c63
SHA512

0347e50595ee72fe3c6bb33f66223920733ea478367cdfec4538bb6ff170462e48243a460ade93caa011f8bfb8060cf44c6c399b07dda2b3e4a026b1a053c8ba
SSDEEP

12288:1diC6/RNErKYNHwhKP+CKPHCRWNkXsEiVdl7Eac1jb/20yCHivTmTcbqgCy1JHTu:B6vYtwhKuHCR7XsNVd0j7yXSTQLbdD3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4635845610e23e541b4a40d3e2122610_JaffaCakes118

Files

4635845610e23e541b4a40d3e2122610_JaffaCakes118
.exe windows:5 windows x86 arch:x86

532673938f93a94ea032d2328e6d71d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

setsockopt
dn_expand
GetServiceA
GetAcceptExSockaddrs
WEP
sendto
inet_ntoa
AcceptEx
SetServiceW
WSAAsyncGetProtoByNumber
WSAGetLastError
shutdown
GetTypeByNameW
gethostbyname
s_perror
listen
getservbyname
TransmitFile
select
htonl
WSARecvEx
NPLoadNameSpaces
getsockopt
EnumProtocolsA
ioctlsocket
GetAddressByNameA
gethostname
WSAAsyncGetServByPort
MigrateWinsockConfiguration
WSACleanup
GetServiceW
getsockname
WSAAsyncSelect

query

?IsStopped@CCatalogAdmin@@QAEHXZ
??0CDriveInfo@@QAE@PBGK@Z
??1CSort@@QAE@XZ
?Find@CPropertyList@@UAEPBVCPropEntry@@ABVCDbColId@@@Z
?Remove@CColumns@@QAEXI@Z
?GetStackTrace@@YGXPADK@Z
?SetNumberOfSortProps@CCatState@@QAEXI@Z
??1CEventItem@@QAE@XZ
?ReBuild@CPidRemapper@@QAEXABVCPidMapper@@@Z
?GetDiskSpace@CDriveInfo@@QAEXAA_J0@Z
?PutValue@CValueNormalizer@@QAEXKAAKABVCStorageVariant@@@Z
??0CEventLog@@QAE@PBG0@Z
??1CDbQueryResults@@QAE@XZ
?Next@CPropertyList@@UAEPBVCPropEntry@@XZ
?GrowBuffer@CVirtualString@@AAEXK@Z
?SetValue@CPropertyRestriction@@QAEXPAG@Z
??8CDbColId@@QBEHABV0@@Z
??0CAllocStorageVariant@@QAE@PBGAAVPMemoryAllocator@@@Z
?SetStartKey@CRangeRestriction@@QAEXABVCKeyBuf@@@Z
?Empty@CRcovStrmWriteTrans@@QAEXXZ
?SetDWORDParam@CCatalogAdmin@@QAEXPBGK@Z
?GetFloat@CMemDeSerStream@@UAEMXZ
??1CRegChangeEvent@@QAE@XZ
?DisableVPathNotify@CMetaDataMgr@@QAEXXZ
?SetPhrase@CNatLanguageRestriction@@QAEXPBG@Z
??1SStorageObject@@QAE@XZ
??0CPidLookupTable@@QAE@XZ
?OpenFileFromPath@@YGPAU_iobuf@@PBG@Z
??0CColumns@@QAE@I@Z
?Seek@CRcovStrmTrans@@QAEHK@Z
?RemoveScope@CCatalogAdmin@@QAEXPBG@Z
?GetDATE@CAllocStorageVariant@@QBENI@Z
??1CKeyArray@@QAE@XZ
?AppendListElement@CDbListAnchor@@IAEHPAVCDbCmdTreeNode@@@Z
??0CDefColumnRegEntry@@QAE@XZ
?GetNumber@CQueryScanner@@QAEHAA_KAAH@Z
?Marshall@CFullPropSpec@@QBEXAAVPSerStream@@@Z
?ReleaseRead@CPropertyStore@@AAEXAAVCReadWriteLockRecord@@@Z
?AddRef@CEnumWorkid@@UAGKXZ
?SetProperty@CFullPropSpec@@QAEHPBG@Z
??0CLocalGlobalPropertyList@@QAE@PAVCEmptyPropertyList@@HPBGK@Z

user32

SetWindowRgn
BlockInput
CreateWindowExW
EnumPropsExW
ReasonCodeNeedsBugID
GetLastInputInfo
AdjustWindowRect
FlashWindowEx
CreateSystemThreads
SetLastErrorEx
DeviceEventWorker
DestroyReasons
SwitchDesktop
IsWindow
GetProgmanWindow
DdeUninitialize
LoadAcceleratorsW
TrackPopupMenuEx
DlgDirSelectComboBoxExW
GetMessageExtraInfo
SetDlgItemTextW
GetKeyboardLayout
ToAscii
InitializeLpkHooks
AppendMenuW
GetKeyNameTextW
InternalGetWindowText
SetClipboardViewer
CopyAcceleratorTableA

kernel32

SetConsoleCursor
GetConsoleAliasExesA
CreateToolhelp32Snapshot
CallNamedPipeW
GetOEMCP
EnumDateFormatsExA
CreateJobSet
GetComputerNameW
GetCPInfoExW
DeleteFileA
CreateJobObjectA
GetConsoleInputExeNameA
GetFileSizeEx
FreeUserPhysicalPages
SetConsoleOutputCP
SetComputerNameExA
CreateMutexA
DebugActiveProcessStop
FreeEnvironmentStringsW
ExitProcess
SetCommState
RemoveLocalAlternateComputerNameA
SetCriticalSectionSpinCount
GetConsoleAliasesLengthW
Module32FirstW
SetErrorMode
CompareStringW
LoadLibraryA
GetStartupInfoA
UTUnRegister
GetStringTypeExW
RemoveDirectoryA
CancelTimerQueueTimer
CreateDirectoryA
GlobalSize
GlobalAlloc
LocalAlloc
GetStdHandle
FindActCtxSectionStringA
GetNumaHighestNodeNumber
Process32NextW
SetConsoleTitleW
SetConsoleOS2OemFormat
LocalReAlloc
GetLocaleInfoW
SetMailslotInfo
IsBadHugeReadPtr
EnumTimeFormatsW
VirtualAlloc
LockResource
CloseConsoleHandle
GetOverlappedResult

msvcrt40

?fd@ofstream@@QBEHXZ
??6ostream@@QAEAAV0@J@Z
??8type_info@@QBEHABV0@@Z
??5istream@@QAEAAV0@PAD@Z
_getdrives
??_G__non_rtti_object@@UAEPAXI@Z
_kbhit
??0fstream@@QAE@HPADH@Z
_gcvt
mblen
realloc
?width@ios@@QAEHH@Z
??6ostream@@QAEAAV0@E@Z
_scalb
?oct@@YAAAVios@@AAV1@@Z
??0istrstream@@QAE@PAD@Z
?rdbuf@ostrstream@@QBEPAVstrstreambuf@@XZ
??_7strstreambuf@@6B@
_ismbbkpunct
wcspbrk
??6ostream@@QAEAAV0@PBX@Z
_nextafter
??_Eistream@@UAEPAXI@Z
?init@ios@@IAEXPAVstreambuf@@@Z
_CIsin
_mbsninc
strncmp
_rotr
?seekg@istream@@QAEAAV1@JW4seek_dir@ios@@@Z
getwc
?basefield@ios@@2JB
??0ostream@@IAE@ABV0@@Z
?fd@fstream@@QBEHXZ
??_Eofstream@@UAEPAXI@Z
_snprintf
??0istrstream@@QAE@PADH@Z
_mbsbtype
vprintf
?eatwhite@istream@@QAEXXZ
_adj_fdivr_m32
_rmtmp
??4logic_error@@QAEAAV0@ABV0@@Z
ldiv
??0ostream_withassign@@QAE@XZ

crtdll

_execv
_XcptFilter
_fpclass
_filelength
wcsxfrm
putc
_umask
wcsftime
bsearch
strtoul
iswctype
strcpy
_strdate
_strrev
_nextafter
sinh
_getw
_ismbslead
wcsstr
gets
strncpy
_ismbbkalnum
_ultoa
_fmode_dll
iswdigit
__iscsymf
system
_dup2
_strninc
sin

shgina

DllGetClassObject

Sections

.text
Size: 343KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 338KB - Virtual size: 338KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 172KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

532673938f93a94ea032d2328e6d71d2

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

query

user32

kernel32

msvcrt40

crtdll

shgina

Sections

.text Size: 343KB - Virtual size: 343KB

.rdata Size: 338KB - Virtual size: 338KB

.data Size: 172KB - Virtual size: 1.6MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 343KB - Virtual size: 343KB

.rdata
Size: 338KB - Virtual size: 338KB

.data
Size: 172KB - Virtual size: 1.6MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B