5a5aa53ab3e489628feab909eb7f5e76_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5a5aa53ab3e489628feab909eb7f5e76_JaffaCakes118
Size

30KB
MD5

5a5aa53ab3e489628feab909eb7f5e76
SHA1

177d50d27a9bd349c26670016f083b70370cc8d3
SHA256

c00ea8947f3d6c25f98eb0f22fdb6061043a8d61083a1d1993b00450121080c3
SHA512

0529ee1ffe5d2695ddfa080a96237cf5d4ea7a2b83837dc76339cffa7f9330639cc4ad21e50c9ae90adb7d11c22c1fe4a3bdc06c9ea7cd94394e40e1fbb2e6f1
SSDEEP

384:5GucuqwxH8U4eNm+GrW87drztdYftORPbpDhq7LCs2IEy4NLS2wxbu7mziB:5Gucuqw4emC4dIftcPLq7WRjLnwxi7mw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5a5aa53ab3e489628feab909eb7f5e76_JaffaCakes118

Files

5a5aa53ab3e489628feab909eb7f5e76_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e12db881b7b37dc256d34f00e9970ea5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

odbctrac

TraceSQLDataSourcesW
TraceSQLAllocHandle
TraceSQLColumnPrivilegesW
TraceSQLGetConnectAttr
TraceSQLGetConnectOptionW
TraceSQLGetDiagRecW
TraceSQLGetInfoW
TraceVSControl
TraceSQLExecute
TraceSQLAllocStmt
TraceReturn
TraceSQLFetch
TraceSQLSetConnectOption
TraceSQLColAttribute
TraceSQLStatisticsW
TraceSQLProcedureColumns
TraceSQLFreeHandle
TraceSQLMoreResults
TraceSQLColumns
FireVSDebugEvent
TraceSQLCopyDesc
TraceSQLSetDescRec
TraceSQLErrorW

glmf32

glsUCS4toUTF8z
glsIsUTF8String
glsNumb
glsError
glsGetStreamCRC32
__glsParser_create
glsUTF8toUCS4z
glsGetAllContexts
glsHeaderGLRCi
glsContext
glsHeaderLayerf
glsNullCommandFunc
glsNumulv
glsHeaderfv
glsReadFunc
glsChannel
glsDisplayMapfv
glsGLRC
glsRequireExtension
glsGetContextFunc
glsPixelSetup
glsGenContext
glsGetContexti
glsLongLow
glsGetOpcodeCount
glsGLRCLayer
glsUCS2toUTF8z
glsNumbv
glsHeaderf
glsCallArray
glsGetLayeri
glsDeleteContext
glsGetCommandFunc

icaapi

IcaChannelOpen
IcaCdIoControl
IcaCdCreateThread
IcaOpen
IcaIoControl
IcaStackCallback
IcaMemoryAllocate
IcaStackQueryState
IcaStackConnectionWait
IcaSystemTrace
IcaMemoryFree
IcaStackOpen
IcaStackConnectionRequest
IcaStackIoControl
IcaStackDisconnect
IcaCdWaitForSingleObject
IcaStackConnectionAccept
IcaCdWaitForMultipleObjects
IcaChannelTrace
IcaStackReconnect
IcaStackTerminate
IcaStackTrace
IcaClose
IcaStackClose
IcaChannelClose
IcaTrace
IcaStackUnlock
IcaPushConsoleStack
_IcaStackIoControl
IcaChannelIoControl
IcaStackConnectionClose
IcaStackCreateShadowEndpoint

user32

MoveWindow
IsIconic
SetScrollPos

wininet

InternetConnectW
InternetCreateUrlW
PrivacyGetZonePreferenceW
InternetGetPerSiteCookieDecisionW
FtpRenameFileW
InternetReadFileExW
FindFirstUrlCacheEntryExW
DeleteUrlCacheGroup
FtpPutFileEx
FindFirstUrlCacheEntryA
InternetSetCookieExW
LoadUrlCacheContent
FindNextUrlCacheEntryExW
SetUrlCacheGroupAttributeA
IsUrlCacheEntryExpiredA
FtpSetCurrentDirectoryA
SetUrlCacheHeaderData
SetUrlCacheConfigInfoW
InternetTimeToSystemTimeW
ShowX509EncodedCertificate
CreateUrlCacheEntryW
InternetCloseHandle
PrivacySetZonePreferenceW
InternetOpenUrlA
DeleteUrlCacheEntry
InternetGetCertByURLA
DeleteUrlCacheContainerW
RunOnceUrlCache
InternetSetFilePointer
InternetReadFileExA
InternetErrorDlg
InternetAutodialCallback
FtpDeleteFileA
InternetWriteFile
InternetSetOptionExA

msvcrt40

_getch
__p__commode
system
__p__wcmdln
_cwait
??5istream@@QAEAAV0@AAE@Z
_wcsnicmp
_ctype
_wpopen
strftime
ctime
_copysign
_ismbbkalnum
??_Dofstream@@QAEXXZ
?eback@streambuf@@IBEPADXZ
_mbsicoll
?sync@strstreambuf@@UAEHXZ
?rdbuf@ostrstream@@QBEPAVstrstreambuf@@XZ
?putback@istream@@QAEAAV1@D@Z
sinh
??_Giostream@@UAEPAXI@Z
??1ios@@UAE@XZ
??1strstreambuf@@UAE@XZ
?unlock@ios@@QAAXXZ
??0ios@@IAE@XZ
?pptr@streambuf@@IBEPADXZ
difftime
swprintf
_unlink
_mbsncmp
??4fstream@@QAEAAV0@AAV0@@Z
fmod
__fpecode
_ftime
__p__tzname
??0bad_cast@@QAE@ABV0@@Z
?ipfx@istream@@QAEHH@Z
?fd@ifstream@@QBEHXZ
rename
gets
_vsnwprintf
?doallocate@streambuf@@MAEHXZ
??1bad_typeid@@UAE@XZ
_spawnv
?lockptr@streambuf@@IAEPAU_CRT_CRITICAL_SECTION@@XZ
_strcmpi
?gbump@streambuf@@IAEXH@Z
fclose
??0strstream@@QAE@ABV0@@Z
wcsxfrm
??_8ifstream@@7B@
strerror
?lockptr@ios@@IAEPAU_CRT_CRITICAL_SECTION@@XZ

msvcp60

?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?insert@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIG@Z
?log@std@@YA?AV?$complex@O@1@ABV21@@Z
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ
?close@?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAEXXZ
?underflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGXZ
?round_error@?$numeric_limits@J@std@@SAJXZ
?epsilon@?$numeric_limits@_N@std@@SA_NXZ
?quiet_NaN@?$numeric_limits@K@std@@SAKXZ
?sin@std@@YA?AV?$complex@O@1@ABV21@@Z
?norm@std@@YANABV?$complex@N@1@@Z
??4?$numeric_limits@H@std@@QAEAAV01@ABV01@@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?sungetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
??4overflow_error@std@@QAEAAV01@ABV01@@Z
_LDscale
?_Init@?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@IAEXPBGIH@Z
?_Getcat@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIXZ
?pow@std@@YA?AV?$complex@M@1@ABV21@H@Z
?_Doraise@overflow_error@std@@MBEXXZ
??4?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBD@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??1?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@UAE@XZ
??_7?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??1?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAE@XZ
??4?$numeric_limits@F@std@@QAEAAV01@ABV01@@Z
?open@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXPBDF@Z
?sin@?$_Ctr@M@std@@SAMM@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
??4length_error@std@@QAEAAV01@ABV01@@Z
?_Doraise@bad_alloc@std@@MBEXXZ
??_7bad_typeid@std@@6B@
??Gstd@@YA?AV?$complex@O@0@ABV10@@Z
??_F?$moneypunct@D$00@std@@QAEXXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?do_hash@?$collate@D@std@@MBEJPBD0@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??4?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?_Getcat@?$moneypunct@D$0A@@std@@SAIXZ
??Hstd@@YA?AV?$complex@M@0@ABV10@ABM@Z
?thousands_sep@?$numpunct@D@std@@QBEDXZ
?_Init@?$numpunct@G@std@@IAEXABV_Locinfo@2@@Z
??_7time_base@std@@6B@
?compare@?$char_traits@D@std@@SAHPBD0I@Z
_Strcoll
??_0?$_Complex_base@M@std@@QAEAAV01@ABM@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
?decimal_point@?$_Mpunct@D@std@@QBEDXZ
?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
?polar@std@@YA?AV?$complex@O@1@ABO0@Z
?infinity@?$numeric_limits@H@std@@SAHXZ
?do_falsename@?$numpunct@G@std@@MBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ
?_Isinf@?$_Ctr@O@std@@SA_NO@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?close@?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAEXXZ
??0bad_alloc@std@@QAE@ABV01@@Z
?_Split@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?seekpos@?$basic_filebuf@GU?$char_traits@G@std@@@std@@MAE?AV?$fpos@H@2@V32@H@Z
?epsilon@?$numeric_limits@G@std@@SAGXZ
??_7?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
??_7?$moneypunct@G$00@std@@6B@
??0logic_error@std@@QAE@ABV01@@Z
__Wcrtomb_lk
?signaling_NaN@?$numeric_limits@G@std@@SAGXZ
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?infinity@?$numeric_limits@O@std@@SAOXZ
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?get@?$messages@G@std@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@HHHABV32@@Z
??Ostd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
??0?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??_8?$basic_istream@GU?$char_traits@G@std@@@std@@7B@
?clear@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?setstate@ios_base@std@@QAEXH_N@Z
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
?seekoff@strstreambuf@std@@MAE?AV?$fpos@H@2@JW4seekdir@ios_base@2@H@Z
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_istream@DU?$char_traits@D@std@@@1@@
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??8std@@YA_NABMABV?$complex@M@0@@Z
??_F?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ
??Hstd@@YA?AV?$complex@O@0@ABV10@0@Z
?do_truename@?$numpunct@G@std@@MBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ
??0_Winit@std@@QAE@XZ
?copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPADII@Z
?to_int_type@?$char_traits@D@std@@SAHABD@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??9std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?underflow@?$basic_filebuf@DU?$char_traits@D@std@@@std@@MAEHXZ

kernel32

ReadConsoleW
GlobalFix
GetConsoleInputExeNameA
SystemTimeToFileTime
SetConsoleOutputCP
GlobalMemoryStatusEx
lstrcat
ReadConsoleOutputCharacterW
GetACP
GetThreadPriorityBoost
ReadConsoleInputExA
ZombifyActCtx
CreateJobObjectW
GetConsoleScreenBufferInfo
SetHandleContext
GetProcessWorkingSetSize
GetEnvironmentVariableA
SetConsoleCursorInfo
Heap32ListFirst
VirtualAlloc
GlobalFlags
GetStartupInfoW
WaitForSingleObject
OpenSemaphoreA
GetNumaHighestNodeNumber
CmdBatNotification
CreateMutexW
SetComputerNameExW
SearchPathW
_lwrite
GetPrivateProfileSectionNamesW
SetConsoleKeyShortcuts
WriteConsoleInputW

opengl32

glPopClientAttrib
glIndexs
glColor3ub
glTexCoord4s
glDrawPixels
glTexCoord2sv
glGenLists
glRectiv
glEvalCoord2d
glMap2d
glVertex2iv
glVertex2fv
glCopyPixels
glRectf
glRasterPos4d
glTexCoord3iv
glPixelTransferf
glTexCoord2f
glLightfv
glEdgeFlagPointer
wglGetDefaultProcAddress
glIndexPointer
glIndexiv
wglGetCurrentDC
glTexCoord1sv
glLineWidth
glIndexsv
glTexCoord3fv

gdi32

RectVisible

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e12db881b7b37dc256d34f00e9970ea5

Headers

DLL Characteristics

File Characteristics

Imports

odbctrac

glmf32

icaapi

user32

wininet

msvcrt40

msvcp60

kernel32

opengl32

gdi32

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 884B

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 884B