61a0bef523ddb1158f244cf0502538c4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

61a0bef523ddb1158f244cf0502538c4_JaffaCakes118
Size

387KB
MD5

61a0bef523ddb1158f244cf0502538c4
SHA1

1896bae0199b9f87bb086e221452acd3a4a03643
SHA256

410c0b03eb36aeb64b6e0f03a106023a0c067efb22c533a9ee1afd19eec94b70
SHA512

2c6d8b37059aa2d3b624e8208acb80cb95ff8ebac9e25a8186f7b30d85ba94ae0855af9d2c95a70432f25b2cfd7735b72016525dc0e534217f2c94fd2cc389da
SSDEEP

12288:IsIdEEDTBVuW9hPtLPrItPRWaHrVkIFu6:ITRamlLPrItswZkn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61a0bef523ddb1158f244cf0502538c4_JaffaCakes118

Files

61a0bef523ddb1158f244cf0502538c4_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5dd2ac3a210d2ecc40d04c9d63778c60

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_cwprintf
_wfsopen
__CxxLongjmpUnwind
__p__commode
wcsspn
_global_unwind2
??4__non_rtti_object@@QAEAAV0@ABV0@@Z
_ismbcl1
__getmainargs
??0exception@@QAE@ABQBD@Z
_getsystime
_outp
_mbsnicmp
puts
isxdigit
_filbuf
atoi
_ismbcdigit
__crtCompareStringA
??1type_info@@UAE@XZ
_getmaxstdio
_ismbcgraph
___lc_handle_func
_strcmpi
__p__dstbias
__set_app_type
__CxxQueryExceptionSize
_atoldbl
??0__non_rtti_object@@QAE@PBD@Z
__pctype_func
_abnormal_termination
_futime

query

?EnumerateProperty@CPidLookupTable@@QAEHAAVCFullPropSpec@@AAI@Z
?DeleteRegistryParamNoThrow@CCatalogAdmin@@QAEXPBG@Z
??0CNatLanguageRestriction@@QAE@PBGABVCFullPropSpec@@K@Z
?Cleanup@CDbColId@@QAEXXZ
?ChangeCurrentScope@CCatState@@QAEXPBG@Z
?SetColumn@CCatState@@QAEXPBGI@Z
CIBuildQueryNode
??1CSizeSerStream@@UAE@XZ
?Pause@CCatalogAdmin@@QAEHXZ
?SetDefaultProperty@CCatState@@QAEXPBG@Z
?_ftFile@CGlobalPropFileRefresher@@0U_FILETIME@@A
?DoIt@CCopyRcovObject@@QAEJXZ
?AddKey@CSynRestriction@@QAEXABVCKeyBuf@@@Z
??1CPropStoreManager@@QAE@XZ
?ContainsDrive@CDriveInfo@@SGHPBG@Z
?MakeISearch@@YGJPAPAUISearchQueryHits@@PAVCDbRestriction@@PBG@Z
?Marshall@CDbColId@@QBEXAAVPSerStream@@@Z
??0CNodeRestriction@@QAE@KI@Z
?OpenRecord@CPropStoreManager@@QAEPAVCCompositePropRecord@@KPAE@Z
??0CInternalPropertyRestriction@@QAE@KKABVCStorageVariant@@PAVCRestriction@@@Z
?NumberOfColumns@CCatState@@QBEIXZ
?SetLPSTR@CStorageVariant@@QAEXPBDI@Z
?GetCGIVariable@CWebServer@@QAEHPBDAAV?$XArray@G@@AAK@Z
??0CTimeLimit@@QAE@KK@Z
?EnumerateFilesInDir@CiStorage@@SGXPBGAAVCEnumString@@@Z
??1SStorageObject@@QAE@XZ

kernel32

GetModuleFileNameW
GetCurrentThreadId
WTSGetActiveConsoleSessionId
SetInformationJobObject
Process32First
MapViewOfFileEx
GetStartupInfoW
SwitchToThread
GetDiskFreeSpaceW
OpenSemaphoreA
ShowConsoleCursor
CreateProcessInternalW
SetVolumeLabelW
WaitForDebugEvent
DeleteFileA
FindFirstFileW
DeleteFiber
OpenMutexA
GetProfileStringW
ScrollConsoleScreenBufferA
GetTimeZoneInformation
Process32NextW
GetLogicalDrives
LockResource
GetCPInfo
QueryPerformanceCounter
AreFileApisANSI
IsBadStringPtrW
LoadLibraryA
DebugActiveProcess
GetProcessWorkingSetSize
CreateFileA
TlsSetValue
UnlockFile
GetTickCount
GetBinaryTypeA
VirtualAlloc
GetTempPathA
WriteConsoleOutputAttribute
SetEnvironmentVariableW
RequestWakeupLatency
ReadConsoleInputW
MoveFileWithProgressW
GetLocaleInfoA
GetPrivateProfileStructA
lstrlenW
FreeUserPhysicalPages
lstrlenA
GetCurrentProcessId
ExitThread
EnumDateFormatsExA
GetFileSizeEx
SetProcessAffinityMask

ntdll

ZwTraceEvent
ZwCloseObjectAuditAlarm
RtlAnsiCharToUnicodeChar
RtlValidSid
RtlUpcaseUnicodeToCustomCPN
NtSaveKey
NtOpenThread
NtOpenSection
RtlFindClearBits
LdrQueryImageFileExecutionOptions
RtlQueueApcWow64Thread
RtlDestroyProcessParameters
ZwCancelTimer
ZwQueryEaFile
RtlpApplyLengthFunction
RtlxUnicodeStringToAnsiSize
RtlConvertSidToUnicodeString
_strcmpi
ZwCreateToken
cos
ZwOpenSymbolicLinkObject
NtQueryKey
ZwQuerySecurityObject
RtlDowncaseUnicodeChar
RtlCreateTagHeap
RtlEnterCriticalSection
NtCreateProcessEx
NtAccessCheckAndAuditAlarm
ZwSetSystemPowerState
RtlCreateActivationContext
ZwSetInformationObject
ZwOpenKey
ZwRemoveProcessDebug
NtSetIoCompletion
RtlReleaseResource
ZwDuplicateToken
RtlAnsiStringToUnicodeSize
_allrem
RtlAddActionToRXact
NtSetBootEntryOrder
DbgPrintReturnControlC
atol
RtlCreateQueryDebugBuffer
RtlDeleteAce
RtlEnlargedUnsignedMultiply
ZwAcceptConnectPort
ceil
RtlTraceDatabaseLock

wldap32

ldap_parse_page_control
ldap_dn2ufnA
ldap_connect
ldap_conn_from_msg
ber_scanf
ldap_add_ext_sA
ldap_delete_ext
ldap_dn2ufnW
ldap_parse_resultA
ldap_modify_extW
ldap_abandon
ldap_modrdn2_sA
ldap_msgfree
ldap_delete_sA
ldap_sslinitA
ldap_parse_extended_resultA
ldap_compare_sW
ldap_escape_filter_element
ldap_search_extA
ber_flatten
ldap_next_reference
ber_free
ldap_parse_reference
ldap_compare_s
ldap_init
ldap_rename_extW

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 296KB - Virtual size: 795KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5dd2ac3a210d2ecc40d04c9d63778c60

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

query

kernel32

ntdll

wldap32

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 46KB - Virtual size: 46KB

.data Size: 296KB - Virtual size: 795KB

.tls Size: 512B - Virtual size: 4B

.rsrc Size: 37KB - Virtual size: 37KB

.reloc Size: 512B - Virtual size: 260B

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 296KB - Virtual size: 795KB

.tls
Size: 512B - Virtual size: 4B

.rsrc
Size: 37KB - Virtual size: 37KB

.reloc
Size: 512B - Virtual size: 260B