76431871bbbcbf9c2b5f319a0d206e5a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

76431871bbbcbf9c2b5f319a0d206e5a_JaffaCakes118
Size

870KB
MD5

76431871bbbcbf9c2b5f319a0d206e5a
SHA1

d044404ffa4ae7c52b4b22d9a71e8dd065ed3fd3
SHA256

f5613c6137484b90027d1a9384a4a8065dd465129a17ce79f4bec5bd53ff1284
SHA512

7a9114057941d9d84443661caee365b13e3bb1dd34098cf9ed0d7d145b2c1eda472413541f01441d67379306f454ed907d089bedce6a6450837c975d508448f6
SSDEEP

12288:HYmiHHdBLtjUjweAxP54f+4r0RUKzKQfiINLAemYyBs02fUYQ2Vm88W7IOcCfQd2:HK5BUuP5A+447fdNESAs0Gn8WRfYd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
76431871bbbcbf9c2b5f319a0d206e5a_JaffaCakes118

Files

76431871bbbcbf9c2b5f319a0d206e5a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2d2718bc833321571ce0cfab319c7f27

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
ConsoleMenuControl
GetNextVDMCommand
DeleteCriticalSection
WritePrivateProfileSectionW
LZCreateFileW
GetDateFormatA
GetEnvironmentStringsA
EnumCalendarInfoA
FindNextFileW
QueueUserWorkItem
EnumCalendarInfoExW
LoadLibraryA
CreateEventW
HeapCompact
ShowConsoleCursor
CreateMailslotA
lstrlenA
CreateMutexW
GlobalAlloc
GetVolumeNameForVolumeMountPointW
GetCurrentDirectoryA
GetCommMask
GetWriteWatch
OpenProcess
IsDBCSLeadByteEx
GlobalLock
TerminateThread
GetVersion
WriteConsoleW
GetCPInfo
GetModuleHandleW
SetFileAttributesA
GetFirmwareEnvironmentVariableA
VirtualAlloc
PurgeComm
OpenMutexA
CreateRemoteThread
GetWindowsDirectoryA
GetCurrencyFormatA
FillConsoleOutputAttribute
PeekConsoleInputW
OpenEventA
WritePrivateProfileStructW
GetCurrentProcess
DuplicateHandle
OutputDebugStringW
HeapSummary
HeapWalk
FileTimeToLocalFileTime
IsDBCSLeadByte
MapViewOfFileEx
ReadConsoleInputA
SetLastError
CreateProcessInternalA
GetTempPathA
GetModuleHandleA
WriteProfileSectionA
ContinueDebugEvent
OpenJobObjectA
QueryDosDeviceA
GetStartupInfoA
OpenWaitableTimerW
CreateJobSet
SleepEx
GetFileSizeEx
RtlCaptureStackBackTrace
GetSystemWow64DirectoryW
DeleteFileA
QueueUserAPC
EnumLanguageGroupLocalesA
SetVolumeLabelA
SetConsoleCursorMode
InterlockedFlushSList
GetConsoleKeyboardLayoutNameA
LocalFlags
FileTimeToDosDateTime

sqlsrv32

BCP_control
SQLDebug
SQLParamOptions
LibMain
WizIntSecurityDlgProc
BCP_exec
SQLCopyDesc
SQLGetData
BCP_readfmt
SQLGetFunctions
SQLNumParams
WizDatabaseDlgProc
SQLBrowseConnectW
SQLProceduresW
WizDSNDlgProc
SQLAllocHandle
SQLBindCol
SQLExecDirectW
SQLGetInfoW
SQLSetScrollOptions
SQLGetDescFieldW
SQLGetTypeInfoW
SQLProcedureColumnsW
SQLPrepareW
SQLDescribeColW
SQLFreeHandle
SQLBulkOperations
SQLStatisticsW
SQLConnectW
SQLColumnPrivilegesW
SQLSetStmtAttrW
SQLSetDescFieldW
BCP_columns
SQLSetDescRec

ntdll

ZwAreMappedFilesTheSame
RtlDllShutdownInProgress
ZwAccessCheck
RtlAdjustPrivilege
DbgUiConnectToDbg
ZwReleaseSemaphore
CsrIdentifyAlertableThread
ZwOpenJobObject
_wtol
ZwCreateDirectoryObject
RtlAreAnyAccessesGranted
RtlRunEncodeUnicodeString
NtCreateTimer
ZwReadRequestData
RtlLengthRequiredSid
RtlTraceDatabaseDestroy
NtCreateSection
ZwAllocateUserPhysicalPages
RtlEnumProcessHeaps
NtAllocateLocallyUniqueId
RtlCreateUserThread
NtSetLdtEntries
RtlNumberOfSetBits
ZwCreateProfile
_ui64tow
_aullshr
NtOpenThread
RtlConvertUlongToLargeInteger
NtResumeThread
PfxFindPrefix
strspn
RtlSetInformationAcl
RtlExtendedMagicDivide
_wcslwr
NtOpenSemaphore
_CIsin
ZwSetVolumeInformationFile
RtlPcToFileHeader

msdart

?DeleteIf@CLKRLinearHashTable@@QAEKP6G?AW4LK_PREDICATE@@PBXPAX@Z1@Z
?IsWriteUnlocked@CSpinLock@@QBE_NXZ
?IsWriteLocked@CSpinLock@@QBE_NXZ
?sm_lpOSVERSIONINFO@CMdVersionInfo@@0PAU_OSVERSIONINFOW@@A
?Apply@CLKRLinearHashTable@@QAEKP6G?AW4LK_ACTION@@PBXPAX@Z1W4LK_LOCKTYPE@@@Z
mpRealloc
?WriteUnlock@CSpinLock@@QAEXXZ
?Pop@CLockedSingleList@@QAEQAVCSingleListEntry@@XZ
?sm_dblDfltSpinAdjFctr@CReaderWriterLock2@@1NA
?IsWriteUnlocked@CReaderWriterLock@@QBE_NXZ
?GetSpinCount@CFakeLock@@QBEGXZ
??0CLKRHashTableStats@@QAE@XZ
MpHeapDestroy
?ReadUnlock@CReaderWriterLock@@QAEXXZ
?sm_dblDfltSpinAdjFctr@CFakeLock@@1NA
?IsReadUnlocked@CLKRLinearHashTable@@QBE_NXZ
?ConvertExclusiveToShared@CLKRHashTable@@QBEXXZ
?IsReadUnlocked@CLKRHashTable@@QBE_NXZ
?IsLocked@CLockedSingleList@@QBE_NXZ
?WriteLock@CSmallSpinLock@@QAEXXZ
??0CSpinLock@@QAE@XZ
?ReadLock@CFakeLock@@QAEXXZ
?Clear@CLKRLinearHashTable@@QAEXXZ
?Lock@CLockedDoubleList@@QAEXXZ
?Push@CSingleList@@QAEXQAVCSingleListEntry@@@Z
?_CurrentThreadId@CReaderWriterLock3@@CGJXZ
??4CLockedDoubleList@@QAEAAV0@ABV0@@Z
?SetSpinCount@CCritSec@@SGKPAPAVCCriticalSection@@K@Z
?SetDefaultSpinAdjustmentFactor@CSmallSpinLock@@SGXN@Z
?_Initialize@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@P6G?BKPBX@ZP6GKK@ZP6G_NKK@ZP6GX0H@ZPBDNK@Z
?SetDefaultSpinCount@CReaderWriterLock2@@SGXG@Z
?HeadNode@CLockedDoubleList@@QBEQBVCListEntry@@XZ
?ConvertExclusiveToShared@CReaderWriterLock2@@QAEXXZ
?sm_llGlobalList@CLKRLinearHashTable@@0VCLockedDoubleList@@A
?_CurrentThreadId@CSpinLock@@CGJXZ
?WriteLock@CFakeLock@@QAEXXZ
?_Unlock@CSpinLock@@AAEXXZ
??1CDoubleList@@QAE@XZ
?_ExtractKey@CLKRLinearHashTable@@ABE?BKPBX@Z
?IsWriteLocked@CReaderWriterLock3@@QBE_NXZ
?_WriteLockSpin@CReaderWriterLock@@AAEXXZ
?ConvertSharedToExclusive@CSmallSpinLock@@QAEXXZ
?IsReadUnlocked@CReaderWriterLock@@QBE_NXZ
?SetDefaultSpinAdjustmentFactor@CFakeLock@@SGXN@Z

msvcrt

_acmdln
bsearch
_mbsnbcnt
vfprintf
strcpy
_mbctolower
_Getdays
fputwc
_fstat
_mbsncpy
_mbctokata
_getdrive
__getmainargs
_aligned_offset_malloc
getwc
_y0
_pwctype
__setusermatherr
clock
??0bad_cast@@QAE@ABV0@@Z
_execlp
__fpecode
_spawnle
_mbsncmp
sprintf
_except_handler3
___mb_cur_max_func
_wstrtime
strchr
_getsystime

gdi32

HT_Get8BPPMaskPalette
DdEntry34
GdiInitializeLanguagePack
GetAspectRatioFilterEx
DdEntry35
SetBoundsRect
EngMarkBandingSurface
GdiGetBatchLimit
GdiGetLocalBrush
GetBkColor
EngUnicodeToMultiByteN
GetDCPenColor
EnumICMProfilesW
EngPlgBlt
FillRgn
FONTOBJ_vGetInfo
GdiConvertToDevmodeW
GetTextExtentPointA
GetEnhMetaFileDescriptionA
GdiEntry9
CreateFontIndirectW
STROBJ_bEnum
ExtCreateRegion
CreatePatternBrush
GetTextExtentExPointA
ExtTextOutW
UpdateColors
GdiEntry14
PolyBezierTo
CreateEllipticRgnIndirect
CancelDC
GdiEntry2
CreateICW
GdiSetAttrs
GetCharWidthFloatA
TranslateCharsetInfo
DdEntry27

Sections

.text
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 386KB - Virtual size: 386KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 273KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d2718bc833321571ce0cfab319c7f27

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

sqlsrv32

ntdll

msdart

msvcrt

gdi32

Sections

.text Size: 208KB - Virtual size: 208KB

.rdata Size: 386KB - Virtual size: 386KB

.data Size: 512B - Virtual size: 1.7MB

.rsrc Size: 273KB - Virtual size: 272KB

.reloc Size: 1024B - Virtual size: 964B

.text
Size: 208KB - Virtual size: 208KB

.rdata
Size: 386KB - Virtual size: 386KB

.data
Size: 512B - Virtual size: 1.7MB

.rsrc
Size: 273KB - Virtual size: 272KB

.reloc
Size: 1024B - Virtual size: 964B