5ba25ab1117c384a30f3c2f365d210a7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5ba25ab1117c384a30f3c2f365d210a7_JaffaCakes118
Size

84KB
MD5

5ba25ab1117c384a30f3c2f365d210a7
SHA1

b32a55ac2bfc7272ab7b7754b1f5b1dcbc9689d9
SHA256

9b7ed3e7185b7cb93c5a4037c204fc262e2b59a7396a55cbd763a53f88d57f02
SHA512

bd332a0ac9719f4f2d12aee7b9cc8a3244df258213d9c0f1769099625fcee70562dd6adb459ea223344bc452596925ba565f8a08ec367ad8073ed006aae97580
SSDEEP

1536:0LehMtzvK0Z+Gf3palqAjySplPyfFfwW0LMHCsgbxlP8r1ozh2LSj+BG5Y:0kMZK0NajVMdwVQAGr1oz0a+BMY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ba25ab1117c384a30f3c2f365d210a7_JaffaCakes118

Files

5ba25ab1117c384a30f3c2f365d210a7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

49a5f2d17142ac88a638c1aed10156e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

query

?GetCGIVariable@CWebServer@@QAEHPBDAAV?$XArray@G@@AAK@Z
??1CLangList@@QAE@XZ
?GetPhysicalPath@CWebServer@@QAEKPBGPAGKK@Z
?GetFILETIME@CAllocStorageVariant@@QBE?AU_FILETIME@@I@Z
?Clone@CNodeRestriction@@QBEPAV1@XZ
??8CDbColId@@QBEHABV0@@Z
?Add@CDbColumns@@QAEHABVCDbColId@@I@Z
?DoUpdates@CFilterDaemon@@QAEJXZ
?GetSectorSize@CDriveInfo@@QAEKXZ
?Write@CRcovStrmTrans@@IAEXPBXK@Z
?Commit@CRcovStrmMDTrans@@QAEXXZ
?SetDWORDParam@CMachineAdmin@@QAEXPBGK@Z
?SetRunningAsSystem@CImpersonateSystem@@SGXXZ
CITextToSelectTree
?CloseRecord@CPropStoreManager@@QAEXPAVCCompositePropRecord@@@Z
?RemoveFirstChild@CDbCmdTreeNode@@IAEPAV1@XZ

mtxoci

oerhms
odefin
MTxOciGetVersion
DllUnregisterServer
odescr
oopen
oexec
MTxolog
oexn
oopt
DllRegisterServer
obreak
oclose
GetXaSwitch
ofen
oflng
ocon
obndrv
obndrn
olog
ocof
ofetch
Enlist
ogetpi

kernel32

CreateMemoryResourceNotification
GetSystemInfo
SetFileApisToANSI
SetConsoleInputExeNameA
LZSeek
BaseFlushAppcompatCache
SetCriticalSectionSpinCount
IsProcessorFeaturePresent
LoadLibraryA
VerLanguageNameW
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileAttributesExA
Heap32First
GetExitCodeProcess
RequestWakeupLatency
GetExpandedNameW
GetDriveTypeA
GetCurrentThreadId
OutputDebugStringW
UpdateResourceA
GetCurrentProcessId
GetLastError
EnumSystemGeoID
HeapCreate
GlobalDeleteAtom
VirtualAlloc
GetStartupInfoA

ole32

OleIsCurrentClipboard
OleUninitialize
UtGetDvtd32Info
OleNoteObjectVisible
CoAddRefServerProcess
CoGetInstanceFromFile
StgCreateStorageEx
OleCreateEmbeddingHelper
CoIsOle1Class
OleIsRunning
CoGetPSClsid
OleRegEnumVerbs
OleCreate

mprddm

IfObjectNotifyOfReachabilityChange
IfObjectInitiatePersistentConnections
DDMAdminConnectionGetInfo
DDMSendUserMessage
DDMAdminPortEnum
DDMGetIdentityAttributes
DDMServicePostListens
DDMServiceInitialize
DDMAdminServerGetInfo
RasAcctProviderInitialize
RasAcctProviderFreeAttributes
IfObjectLoadPhonebookInfo

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

49a5f2d17142ac88a638c1aed10156e5

Headers

DLL Characteristics

File Characteristics

Imports

query

mtxoci

kernel32

ole32

mprddm

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 18KB - Virtual size: 85KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 300B

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 18KB - Virtual size: 85KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 300B