4c3b2ee1f4d54ea648566fe3b8eadbc1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4c3b2ee1f4d54ea648566fe3b8eadbc1_JaffaCakes118
Size

134KB
MD5

4c3b2ee1f4d54ea648566fe3b8eadbc1
SHA1

a8141aca973d553598d976a463538cff070bd0d1
SHA256

4c18d52d9da319510cfbcfb01e9cf4ef838822fe3ce2c43e0c1978350b27632f
SHA512

3ff34d45297fc1f08136971ef866f5343fa47224c346213e14d4493966bc55328d1a532bd8d290bca4a7244c45adb0bc06cbbdc8086bcfadddff55d1334c16e2
SSDEEP

3072:o4wd0LU9zvZGdXjpP5EBhyJ/WP17x8I72WCcvnEYv:oyUVc51PmBhyJet7x8ICWpn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c3b2ee1f4d54ea648566fe3b8eadbc1_JaffaCakes118

Files

4c3b2ee1f4d54ea648566fe3b8eadbc1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0131877e20407bf35f091eced34574e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

odbccp32

SQLGetTranslatorW
SQLValidDSNW
SQLRemoveDSNFromIniW
SQLInstallDriverManager
SQLGetAvailableDrivers
SQLRemoveDriverW
SQLLoadDataSourcesListBox
SQLConfigDataSourceW
SQLRemoveTranslator
SQLGetAvailableDriversW
SQLCreateDataSourceExW
SQLInstallTranslatorW
SQLReadFileDSNW
SQLInstallerError
SQLCreateDataSourceW
SQLInstallDriverW
SQLCreateDataSource
SQLReadFileDSN
SQLInstallerErrorW
SQLWritePrivateProfileString
SQLConfigDriver
SelectTransDlg
SQLInstallDriverEx
SQLWritePrivateProfileStringW
SQLGetConfigMode
SQLInstallODBCW
SQLWriteDSNToIniW
SQLSetConfigMode
SQLLoadDriverListBox
SQLWriteFileDSNW
SQLConfigDataSource
SQLInstallTranslatorExW
SQLGetInstalledDrivers
SQLCreateDataSourceEx
SQLRemoveDriver
SQLPostInstallerErrorW
SQLPostInstallerError
SQLValidDSN
SQLInstallODBC

odbccr32

SQLGetStmtAttr
SQLCloseCursor
SQLNativeSql
SQLRowCount
SQLParamData
SQLFetch
SQLBulkOperations
SQLBindParameter
SQLSetPos
SQLSetDescField
SQLExtendedFetch
SQLSetConnectOption
SQLSetDescRec
SQLGetStmtOption
SQLFetchScroll
SQLSetScrollOptions
SQLNumParams
SQLSetStmtAttr
SQLFreeStmt
SQLEndTran
SQLExecute
SQLCancel
SQLTransact
SQLGetDescField
ReleaseCLStmtResources
SQLParamOptions

hlink

HlinkGetSpecialReference
HlinkSetSpecialReference
HlinkResolveStringForData
HlinkIsShortcut
HlinkResolveMonikerForData
OleSaveToStreamEx
DllCanUnloadNow
HlinkTranslateURL
HlinkCreateShortcut
HlinkParseDisplayName
HlinkCreateFromData
HlinkNavigateToStringReference
HlinkCreateBrowseContext
HlinkResolveShortcut
HlinkOnNavigate
HlinkPreprocessMoniker
DllUnregisterServer
DllRegisterServer
HlinkUpdateStackItem
HlinkOnRenameDocument
HlinkGetValueFromParams
HlinkClone
HlinkNavigate
DllGetClassObject
HlinkResolveShortcutToMoniker

kernel32

VirtualAlloc
SetWaitableTimer
GetUserDefaultLangID
DeleteAtom
FlushInstructionCache
GetNumaProcessorNode
GetConsoleWindow
lstrlenA
GetConsoleScreenBufferInfo
GetCPInfoExW
lstrcpyn
GetPrivateProfileStringA
GetConsoleAliasExesLengthA
UpdateResourceW
GetSystemDirectoryW
GetPrivateProfileStructA
GetCurrentProcess
GetTimeZoneInformation
VerifyVersionInfoW
GetVolumePathNameW
Process32NextW
GetProfileStringA
ReadFile
Heap32Next
FindFirstVolumeW
EnumCalendarInfoW
Process32Next
LeaveCriticalSection
CreateProcessInternalA
EnterCriticalSection
SwitchToFiber
LZOpenFileA
SetConsoleOutputCP
FillConsoleOutputAttribute
DeleteCriticalSection
ExpandEnvironmentStringsW
SetLastError
IsBadStringPtrW
LoadLibraryA
GetCompressedFileSizeW
LZStart
GetExpandedNameA
OpenWaitableTimerA
LZCloseFile
GetConsoleInputExeNameW

cmutil

?SetSection@CIniW@@QAEXPBG@Z
?GetSection@CIniW@@QBEPBGXZ
CmIsDigitW
?GetSection@CIniA@@QBEPBDXZ
CmWinHelp
??1CmLogFile@@QAE@XZ
?OpenFile@CmLogFile@@AAEJXZ
?Start@CmLogFile@@QAEJH@Z
?IsEnabled@CmLogFile@@QAEHXZ
?SetSection@CIniA@@QAEXPBD@Z
?GetRegPath@CIniA@@QBEPBDXZ
?SetRegPath@CIniW@@QAEXPBG@Z
CmStrrchrA
?SetEntryFromIdx@CIniA@@QAEXK@Z
?GetPrimaryRegPath@CIniW@@QBEPBGXZ
?SetHInst@CIniW@@QAEXPAUHINSTANCE__@@@Z
IsLogonAsSystem
??_FCIniW@@QAEXXZ
?SetReadICSData@CIniW@@QAEXH@Z
?SetICSDataPath@CIniW@@QAEXPBG@Z
CmBuildFullPathFromRelativeA
?SetPrimaryFile@CIniA@@QAEXPBD@Z
CmStrrchrW
?GPPS@CIniA@@QBEPADPBD00@Z
CmStrStrA
GetOSMajorVersion

crypt32

I_CryptUninstallOssGlobal
CryptHashMessage
CertGetCRLContextProperty
CertEnumCTLContextProperties
CertEnumSubjectInSortedCTL
CertAddEncodedCertificateToSystemStoreA
CryptFindCertificateKeyProvInfo
PFXExportCertStore
CryptHashToBeSigned
CertResyncCertificateChainEngine
CertFreeCRLContext
CertFreeCertificateContext
CryptEnumProvidersU
CryptGetMessageCertificates
CertOIDToAlgId
CertDuplicateStore
CryptSIPGetSignedDataMsg
CertFreeCTLContext
CryptUnregisterOIDInfo
CryptMsgControl
I_CryptInsertLruEntry
I_CryptRegisterSmartCardStore
I_CertSrvProtectFunction
CryptDecodeMessage
CryptEncryptMessage
CryptAcquireCertificatePrivateKey
CertVerifyValidityNesting
CertCompareCertificateName
CertAddCertificateLinkToStore
CertStrToNameW
CertCreateCTLContext
CryptInitOIDFunctionSet
I_CryptFreeTls
CertRemoveEnhancedKeyUsageIdentifier
CertDeleteCRLFromStore
RegOpenHKCUKeyExU
I_CertUpdateStore
CryptLoadSip
RegDeleteValueU
PFXVerifyPassword

msvcrt40

__argc
_mbstrlen
?openprot@filebuf@@2HB
_except_handler3
_heapset
??5istream@@QAEAAV0@AAD@Z
?setbuf@streambuf@@UAEPAV1@PADH@Z
??6ostream@@QAEAAV0@J@Z
?dec@@YAAAVios@@AAV1@@Z
?close@fstream@@QAEXXZ
_wspawnl
??0strstreambuf@@QAE@P6APAXJ@ZP6AXPAX@Z@Z
_ismbcupper
_stati64
strcpy
??4istream@@IAEAAV0@PAVstreambuf@@@Z
__p__winmajor
_access
?eof@ios@@QBEHXZ
wscanf
??5istream@@QAEAAV0@PAD@Z
?overflow@stdiobuf@@UAEHH@Z
_ismbcdigit
iswpunct
fputws
_wcsrev
?fd@fstream@@QBEHXZ
isgraph
_mbspbrk
__p__dstbias
realloc
_wexecv
??1strstream@@UAE@XZ
gets
_j0
??0iostream@@IAE@ABV0@@Z
??_Gofstream@@UAEPAXI@Z
_wstati64
_CIatan
_ismbbprint
_isnan
_wfindfirsti64

oleaut32

OleLoadPictureEx
VarI8FromDec
VarUI2FromUI4
RegisterActiveObject
VarI1FromDisp
VarR8FromDate
VarUI4FromI1
VarRound
BSTR_UserFree
VarCyFromUI1
VariantCopyInd
VarBstrFromDate
VarR8FromI1
VARIANT_UserMarshal
SysStringLen
VarUI4FromCy
OaBuildVersion
GetVarConversionLocaleSetting
VarUI2FromUI1
VarI1FromDec
VarI1FromUI1
VarUI8FromDec
LPSAFEARRAY_UserMarshal
VarI8FromStr
VarBstrFromUI8
VarI2FromUI4
VarAdd
VarBoolFromCy
VarBoolFromI1
VarI8FromR4
VarBstrFromUI1
VarUI1FromCy
VarCyFromUI4
VarXor
OleCreatePropertyFrame
VarUI2FromI8

opengl32

glClearIndex
glTexCoord1f
glRectsv
glMaterialiv
glTexEnvf
glTexGeni
glCallList
glTexCoord4fv
glEdgeFlag
glVertex2iv
glVertex2dv
glIndexiv
glTexCoord2dv
glTranslatef
glAlphaFunc
glIndexsv
glAccum
glColor4uiv
glGetMaterialfv
glGetString
glTexCoord3sv
GlmfInitPlayback
glGetMapfv
glTexCoord2d
glArrayElement
glRasterPos2i
glTexCoord2f
wglSwapLayerBuffers
glDeleteLists
glRasterPos3dv
glDepthMask
glNewList
glScalef

rpcrt4

NdrSendReceive
NdrRpcSsDefaultAllocate
RpcServerUseProtseqEpExW
NdrConformantVaryingStructFree
NdrServerInitialize
I_RpcNsBindingSetEntryNameW
SimpleTypeAlignment
UuidFromStringW
RpcErrorClearInformation
I_RpcBindingCopy
I_RpcLogEvent
RpcGetAuthorizationContextForClient
float_array_from_ndr
I_RpcTransConnectionReallocPacket
RpcMgmtSetComTimeout
RpcServerUseProtseqIfExW
NdrContextHandleInitialize
I_RpcSendReceive
NdrConvert2
I_RpcTransGetThreadEvent
CStdStubBuffer_AddRef
I_RpcGetExtendedError
NdrInterfacePointerUnmarshall
NdrXmitOrRepAsBufferSize
I_RpcSsDontSerializeContext
tree_peek_ndr
RpcBindingSetObject
RpcErrorGetNumberOfRecords
RpcServerUseAllProtseqsIf
NdrNonConformantStringUnmarshall

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0131877e20407bf35f091eced34574e1

Headers

DLL Characteristics

File Characteristics

Imports

odbccp32

odbccr32

hlink

kernel32

cmutil

crypt32

msvcrt40

oleaut32

opengl32

rpcrt4

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 87KB - Virtual size: 252KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 968B

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 87KB - Virtual size: 252KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 968B