648eb24686b30a03fd2babede56478c5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

648eb24686b30a03fd2babede56478c5_JaffaCakes118
Size

44KB
MD5

648eb24686b30a03fd2babede56478c5
SHA1

afb184548d40e37506c70cca5af176e417016627
SHA256

dd3d14bd278e40076aade0dc7dea6e58ffe2500bd2afa2b61ae1874870c87ebe
SHA512

1036025ff6ede60bf269b8cf9b72e3198932f9518d514e9dedae29d11708264eb5dfa17adaa00341376534c5271a1f181336987baca60de79e826b6dac3dc7fc
SSDEEP

768:6UCXGwsCR0B2F+zHDLNyrfV+94zKYG44PR+DzggZRtsGW4:6lsCR04F+zHDLNAAaz5twR+AiAGn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
648eb24686b30a03fd2babede56478c5_JaffaCakes118

Files

648eb24686b30a03fd2babede56478c5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

033c38c7dbabbd09e2ed29db6ac9ed8e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

query

?AbortWorkItems@CWorkManager@@QAEXXZ
?AddChild@CNodeRestriction@@QAEXPAVCRestriction@@AAI@Z
?WriteProperty@CPropStoreManager@@QAEJAAVCCompositePropRecordForWrites@@KABVCStorageVariant@@@Z
?Marshall@CRestriction@@QBEXAAVPSerStream@@@Z
??1CDbProp@@QAE@XZ
?GetLPWSTR@CAllocStorageVariant@@QBEPAGI@Z
?Value@CDbScalarValue@@QAEXAAVCStorageVariant@@@Z
??1CMemSerStream@@UAE@XZ
?Find@CEmptyPropertyList@@QAEPBVCPropEntry@@ABVCDbColId@@@Z
??1CMetaDataMgr@@QAE@XZ
?ChangeCurrentDepth@CCatState@@QAEXH@Z
??1CImpersonateSystem@@QAE@XZ
?WriteProperty@CPropStoreManager@@QAEJKKABVCStorageVariant@@@Z
?GetDiskSpace@CDriveInfo@@QAEXAA_J0@Z
?Commit@CRcovStrmAppendTrans@@QAEXXZ
??0CRcovStrmAppendTrans@@QAE@AAVPRcovStorageObj@@@Z
??0CRangeKeyRepository@@QAE@XZ
?AddArg@CEventItem@@QAEXPBG@Z
?ParseTree@CParseCommandTree@@QAEXPAVCDbCmdTreeNode@@@Z
?TunePerformance@CMachineAdmin@@QAEXHGG@Z
?GetString@CMemDeSerStream@@UAEPADXZ
?LookupSDID@CSdidLookupTable@@QAEKPAXK@Z

crypt32

CertDuplicateCertificateChain
CryptEnumOIDInfo
CertCompareCertificateName
CertEnumPhysicalStore
CryptDecryptAndVerifyMessageSignature
CryptQueryObject
CryptVerifyMessageSignature
CryptVerifyMessageSignatureWithKey
I_CryptCreateLruCache
CryptSIPCreateIndirectData
CryptMsgGetParam
I_CryptFindLruEntry
CertSerializeCertificateStoreElement
CertGetSubjectCertificateFromStore
I_CryptReleaseLruEntry
CryptAcquireContextU
CertOpenSystemStoreA
CertNameToStrW
CertFreeCRLContext
CertRDNValueToStrW
CryptSignHashU
CertFindCertificateInCRL
CertAddEncodedCertificateToSystemStoreW
CryptDecryptMessage
CertCompareIntegerBlob

msvcp60

?seekp@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@JW4seekdir@ios_base@2@@Z
??4_Locinfo@std@@QAEAAV01@ABV01@@Z
??4?$basic_ios@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
?_Isnan@?$_Ctr@N@std@@SA_NN@Z
??1?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAE@XZ
??Hstd@@YA?AV?$complex@N@0@ABNABV10@@Z
?max@?$numeric_limits@K@std@@SAKXZ
??1?$_Mpunct@G@std@@UAE@XZ
?do_tolower@?$ctype@G@std@@MBEPBGPAGPBG@Z
_Mbrtowc
?_Init@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IAEXABV_Locinfo@2@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
??_F?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PAG0PBG1@Z
??_F?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
??0?$_Complex_base@O@std@@QAE@ABO0@Z
??Hstd@@YA?AV?$complex@O@0@ABV10@@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
??_7out_of_range@std@@6B@
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG@Z

rpcrt4

RpcNetworkIsProtseqValidA
RpcMgmtSetServerStackSize
DceErrorInqTextW
NdrInterfacePointerMemorySize
I_RpcBindingInqSecurityContext
RpcServerInqBindings
NdrConformantStructBufferSize
NdrServerContextNewUnmarshall
pfnSizeRoutines
I_RpcServerUseProtseqEp2A
RpcServerRegisterIf
NdrpVarVtOfTypeDesc
NdrClientInitializeNew
I_RpcBindingCopy
I_RpcTurnOnEEInfoPropagation
NdrServerCall
NdrAsyncServerCall
NdrConformantStringUnmarshall
I_RpcTransConnectionReallocPacket
float_array_from_ndr
MesDecodeIncrementalHandleCreate
NdrRpcSmSetClientToOsf
NdrConformantVaryingStructMarshall
NdrNonEncapsulatedUnionMarshall
UuidFromStringW
NdrConformantStringBufferSize
RpcMgmtSetAuthorizationFn

kernel32

WriteFile
SetCriticalSectionSpinCount
SetFileValidData
GetFileAttributesA
CreateMailslotW
PrivMoveFileIdentityW
GetDriveTypeW
ContinueDebugEvent
CreateWaitableTimerW
BackupSeek
LocalUnlock
GetModuleHandleA
BeginUpdateResourceW
GetFileAttributesExW
GetDevicePowerState
WriteConsoleOutputAttribute
DeleteCriticalSection
FoldStringA
GetConsoleWindow
GetLongPathNameW
FindFirstFileExA
Beep
GetThreadPriority
GetPrivateProfileStringA
GetWindowsDirectoryA
OpenJobObjectW
LoadLibraryA
SetConsoleOutputCP
FreeEnvironmentStringsW
FindActCtxSectionGuid
RegisterWaitForSingleObject
CreateActCtxA
GetVolumePathNameA
WriteConsoleOutputCharacterW
_lopen
IsDebuggerPresent
SetCommState
GetPrivateProfileSectionNamesW
VirtualAlloc
SetComputerNameExA
GetVersionExW
OpenFileMappingA
GetBinaryType
OpenFileMappingW
EndUpdateResourceW
GetComputerNameW
UTRegister
CreateJobObjectW
GetCurrentThread
CreateThread
CreateHardLinkW
MoveFileWithProgressW
SetConsoleFont
GetCurrentDirectoryW
GetStringTypeExW
GetSystemTimeAsFileTime
GlobalHandle

ntdll

NtSetHighWaitLowEventPair
RtlRemoteCall
RtlDeleteNoSplay
LdrUnlockLoaderLock
CsrAllocateCaptureBuffer
ZwEnumerateKey
RtlCopySid
NtDeviceIoControlFile
NtSetSystemPowerState
RtlAreAnyAccessesGranted
NtAddBootEntry
RtlTimeToSecondsSince1980
NtSetContextThread
RtlSplay
RtlLargeIntegerDivide
PfxInsertPrefix
RtlAddVectoredExceptionHandler
RtlExtendedIntegerMultiply
ZwDeleteAtom
NtLoadKey2
RtlLargeIntegerSubtract
RtlEnlargedIntegerMultiply
strncpy
RtlTraceDatabaseCreate
NtEnumerateKey
RtlReAllocateHeap
NtResetEvent
DbgUiIssueRemoteBreakin
RtlSetCurrentDirectory_U

Sections

.text
Size: 1024B - Virtual size: 658B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

033c38c7dbabbd09e2ed29db6ac9ed8e

Headers

DLL Characteristics

File Characteristics

Imports

query

crypt32

msvcp60

rpcrt4

kernel32

ntdll

Sections

.text Size: 1024B - Virtual size: 658B

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 16KB - Virtual size: 67KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 512B - Virtual size: 64B

.text
Size: 1024B - Virtual size: 658B

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 16KB - Virtual size: 67KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 512B - Virtual size: 64B