639b24ff93168f207fcd9f70bf5da790_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

639b24ff93168f207fcd9f70bf5da790_JaffaCakes118
Size

94KB
MD5

639b24ff93168f207fcd9f70bf5da790
SHA1

b7104dbdc4d4110e672611f8e89272786276d71c
SHA256

b60140d8a9c8a683590ae1b76fdde0748710b446cead47a853adb700039dc5b6
SHA512

b8d6bcbf49b7fc500b120fd8f02f70a5aebe1a3a3dc0d8ba6bbd0273f216f360efccb048070869f64a4e088cf28fc9912b6fee0f2972f2c3989b17c70a7a70fb
SSDEEP

1536:z6Q3Mma3RQ/VO7j1SqBJqyps5ZX3OElaudRQYS33JKl6AVGHP:zRZ5O3Q4rQX+VsSJi5VGHP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
639b24ff93168f207fcd9f70bf5da790_JaffaCakes118

Files

639b24ff93168f207fcd9f70bf5da790_JaffaCakes118
.exe windows:1 windows x86 arch:x86

9e3d7e63b795f9460ae44d2182f79770

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LZStart
OpenMutexW
HeapSetInformation
VirtualAlloc
GetCompressedFileSizeW
FindAtomA
InitializeCriticalSection
EnumCalendarInfoW
GetLocalTime
IsValidLocale
PrivCopyFileExW
SetFileApisToOEM
CreatePipe
CreateActCtxW
GetShortPathNameA
LoadLibraryA
SetConsoleCursor
WritePrivateProfileStructA
WaitForMultipleObjects
GlobalFindAtomA
FindFirstVolumeA
GetUserGeoID
FindResourceExA
SetCalendarInfoA
SetThreadPriorityBoost
FindNextFileW
GetLongPathNameA
_lwrite
DebugSetProcessKillOnExit
GetProfileStringW
CreateConsoleScreenBuffer
GetConsoleCommandHistoryA
WriteTapemark
GetThreadPriority
CreateTapePartition
GetVolumePathNameA
GetLastError
IsBadStringPtrA

oleaut32

VarR8FromR4
VarR4FromUI4
CreateDispTypeInfo
VarUI4FromUI2
VarDecFromDate
VarI2FromCy
VarI4FromI8
VarR8FromDec
SystemTimeToVariantTime
DispGetIDsOfNames
VarCyFromDate
VarUI2FromUI1
GetActiveObject
VarUI1FromDisp
VarUI4FromI8
LPSAFEARRAY_UserUnmarshal
VarUI1FromUI2
VarBoolFromDisp
VarR4FromUI8
VarDecFromCy
DispCallFunc
VarBoolFromDate
OleTranslateColor
VarFormatNumber
VarI1FromUI8
VarDateFromStr
VarDecInt
LPSAFEARRAY_UserFree
VarI8FromDec
VarFormatDateTime
VarUI4FromI2
VarR4FromDec
VarImp
VarCyInt
VarUI4FromUI1
VarCyMulI4
VarI4FromDisp
DispInvoke
VariantTimeToDosDateTime
VarUI2FromDate
VarDecSub
LPSAFEARRAY_Marshal
VarUI2FromDisp
VarR8Round
VarUI8FromI1
VarI2FromDisp
VarDecFromBool
VarUI2FromR8
RegisterTypeLib
VarDecFromR4
VarBoolFromStr
VarI4FromDec
VarDecFromUI4
VarUI8FromDisp
VarEqv
VariantCopyInd
VarR8FromUI4
VariantChangeType
VarDecFix
VarFormat
VarI8FromBool
VarDateFromUdateEx
VarCat
SafeArrayDestroyDescriptor
VarI1FromR8
VarUI1FromStr
VarI4FromCy
SafeArrayAllocData
VarR4FromI8

crtdll

wcstombs
_finite
_mbspbrk
_CIsin
strrchr
_ltow
wprintf
getenv
is_wctype
fgetc
__argc_dll
_wcsicoll
_XcptFilter
_chdrive
_ismbcsymbol
_timezone_dll
_environ_dll
div
_heapset
_jn
_flsbuf
malloc
fputc
localeconv
ferror
iswcntrl
asctime
_ismbcl1
_strspnp
_cpumode_dll
_mbscpy
strcspn
_chmod
_strnextc
_swab
_getdllprocaddr
vsprintf
_purecall
_mbslen

msports

ComDBClose
ComDBGetCurrentPortUsage
PortsClassInstaller
ComDBClaimPort
ParallelPortPropPageProvider
ComDBOpen
SerialDisplayAdvancedSettings
ComDBReleasePort
ComDBResizeDatabase
ComDBClaimNextFreePort
SerialPortPropPageProvider

ufat

Format
Recover
Chkdsk
?Index12@FAT@@ABEKK@Z
?FreeChain@FAT@@QAEXK@Z
?QueryNthCluster@FAT@@QBEKKK@Z
?Initialize@EA_HEADER@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z
??0REAL_FAT_SA@@QAE@XZ
?IsValidCreationTime@FAT_DIRENT@@QBEEXZ
?Read@EA_SET@@UAEEXZ
?Write@CLUSTER_CHAIN@@UAEEXZ
?QueryEaSetClusterNumber@EA_HEADER@@QBEGG@Z
?Initialize@REAL_FAT_SA@@UAEEPAVLOG_IO_DP_DRIVE@@PAVMESSAGE@@E@Z
?QueryName@FAT_DIRENT@@QBEEPAVWSTRING@@@Z
??1EA_SET@@UAE@XZ
?Initialize@FAT_DIRENT@@QAEEPAXE@Z
?QueryFileStartingCluster@FAT_SA@@QAEKPBVWSTRING@@PAVHMEM@@PAPAVFATDIR@@PAEPAVFAT_DIRENT@@@Z
??1REAL_FAT_SA@@UAE@XZ
??1FAT_DIRENT@@UAE@XZ
?QueryLastWriteTime@FAT_DIRENT@@QBEEPAT_LARGE_INTEGER@@@Z
?QueryLengthOfChain@FAT@@QBEKKPAK@Z
??0EA_HEADER@@QAE@XZ
ChkdskEx
?Read@REAL_FAT_SA@@UAEEPAVMESSAGE@@@Z
??1FILEDIR@@UAE@XZ
?Initialize@FILEDIR@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@K@Z
?Read@CLUSTER_CHAIN@@UAEEXZ
?GetEa@EA_SET@@QAEPAU_EA@@KPAJPAE@Z
?Initialize@FAT_DIRENT@@QAEEPAX@Z
?Set12@FAT@@AAEXKK@Z
?Initialize@ROOTDIR@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@KJ@Z
?InitFATChkDirty@REAL_FAT_SA@@QAEEPAVLOG_IO_DP_DRIVE@@PAVMESSAGE@@@Z
??0CLUSTER_CHAIN@@QAE@XZ
??0FAT_DIRENT@@QAE@XZ
?AllocChain@FAT@@QAEKKPAK@Z
??0FILEDIR@@QAE@XZ

odbccp32

SQLWriteFileDSNW
SQLInstallerError
SQLGetPrivateProfileString
SQLLoadDataSourcesListBox
SQLGetTranslator
SQLInstallTranslator
SQLInstallODBC
SQLRemoveDriverManager
SQLWritePrivateProfileString
SQLCreateDataSourceW
SQLInstallDriverManager
SQLRemoveTranslator
SQLInstallTranslatorEx
SQLInstallDriverW
SelectTransDlg
SQLWriteDSNToIni
SQLValidDSNW
SQLManageDataSources
SQLConfigDriverW
SQLRemoveTranslatorW
SQLGetInstalledDriversW
SQLConfigDriver
SQLGetInstalledDrivers
SQLGetAvailableDrivers
SQLSetConfigMode
ODBCCPlApplet
SQLConfigDataSourceW
SQLInstallTranslatorW
SQLGetAvailableDriversW
SQLGetTranslatorW
SQLLoadDriverListBox
SQLInstallDriverExW
SQLInstallDriverEx
SQLWriteFileDSN
SQLPostInstallerError
SQLRemoveDriverW

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e3d7e63b795f9460ae44d2182f79770

Headers

File Characteristics

Imports

kernel32

oleaut32

crtdll

msports

ufat

odbccp32

Sections

.text Size: 50KB - Virtual size: 50KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 14KB - Virtual size: 157KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 50KB - Virtual size: 50KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 14KB - Virtual size: 157KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 1024B