88123a2099463cf57e0b15894b91bbc0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

88123a2099463cf57e0b15894b91bbc0_JaffaCakes118
Size

46KB
MD5

88123a2099463cf57e0b15894b91bbc0
SHA1

2898e54fede2d07ea27f4c3d623322d4f709ff01
SHA256

059e24b8e171ce6c6ec12fdb6529b867c74c7bb14809ddf7feae1ec46ec3e78d
SHA512

31b01f5715c0ae1a8fdad821bdb81aa85c9a711fb1757c2d56ce5d2c07449cd3472964b5a12c27b128e60864bb222463cca34f8e8b070c66915e05023334ed76
SSDEEP

768:A13uTnP4l0xekpGfJO3lmlnufuLlJHDKpLZzMtjyIm4pes/BAWtrPpyZO:A136P4lNkpgJOOnufgTHWptzMtLmsesl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
88123a2099463cf57e0b15894b91bbc0_JaffaCakes118

Files

88123a2099463cf57e0b15894b91bbc0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

935bde3f746c6d0d98aa55e4f52158af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt40

_CIsin
_ismbcalpha
_snwprintf
_ctype
?setp@streambuf@@IAEXPAD0@Z
_cprintf
??0exception@@QAE@ABV0@@Z
?str@istrstream@@QAEPADXZ
??0iostream@@IAE@ABV0@@Z
?_query_new_handler@@YAP6AHI@ZXZ
??_Gfilebuf@@UAEPAXI@Z
_fgetwchar
??6ostream@@QAEAAV0@PBD@Z
fgetwc
_execlpe
fputc
ldiv
_CIpow
??4iostream@@IAEAAV0@AAV0@@Z
_mbsupr
_wcsncoll
??6ostream@@QAEAAV0@PBX@Z
??6ostream@@QAEAAV0@F@Z
sin
?ipfx@istream@@QAEHH@Z
_strcmpi
_commit
?sync_with_stdio@ios@@SAXXZ
_wfindnexti64
_wfsopen
_strerror
_mbslen
fwprintf
_mbccpy
??5istream@@QAEAAV0@AAJ@Z
_nextafter
??4ofstream@@QAEAAV0@ABV0@@Z
_mbsnbicoll
strstr
?writepad@ostream@@AAEAAV1@PBD0@Z
_wfindnext
_searchenv
??_Estrstreambuf@@UAEPAXI@Z
??_8stdiostream@@7Bostream@@@
??_7ios@@6B@

msdart

?IsWriteUnlocked@CSpinLock@@QBE_NXZ
?IsValid@CLKRLinearHashTable@@QBE_NXZ
?_PredTrue@CLKRLinearHashTable@@CG?AW4LK_PREDICATE@@PBXPAX@Z
?IsWin95@CMdVersionInfo@@SAHXZ
?TryWriteLock@CReaderWriterLock3@@QAE_NXZ
?NumSubTables@CLKRLinearHashTable@@QBEHXZ
?_TryReadLock@CReaderWriterLock3@@AAE_NXZ
?IsReadUnlocked@CSpinLock@@QBE_NXZ
?_InsertThisIntoGlobalList@CLKRLinearHashTable@@AAEXXZ
mpFree
?ReleaseVersionInfo@CMdVersionInfo@@SAXXZ
?ReadUnlock@CLKRLinearHashTable@@QBEXXZ
?Apply@CLKRLinearHashTable@@QAEKP6G?AW4LK_ACTION@@PBXPAX@Z1W4LK_LOCKTYPE@@@Z
?sm_dblDfltSpinAdjFctr@CSmallSpinLock@@1NA
MPDeleteCriticalSection
?ReadOrWriteLock@CReaderWriterLock3@@QAE_NXZ
?IsLocked@CLockedSingleList@@QBE_NXZ
?InsertHead@CDoubleList@@QAEXQAVCListEntry@@@Z
?SetDefaultSpinAdjustmentFactor@CCritSec@@SGXN@Z
?TryWriteLock@CReaderWriterLock@@QAE_NXZ
?IsValid@CLKRHashTable@@QBE_NXZ
?TryWriteLock@CSpinLock@@QAE_NXZ
?Unlock@CLockedSingleList@@QAEXXZ
?CheckTable@CLKRHashTable@@QBEHXZ
?GetDefaultSpinAdjustmentFactor@CFakeLock@@SGNXZ
_DllMain@12
?IsWriteUnlocked@CReaderWriterLock3@@QBE_NXZ
?WriteLock@CReaderWriterLock@@QAEXXZ
?HeadNode@CLockedDoubleList@@QBEQBVCListEntry@@XZ
?ConvertSharedToExclusive@CFakeLock@@QAEXXZ
?ConvertExclusiveToShared@CLKRHashTable@@QBEXXZ
?_ReadLockSpin@CReaderWriterLock2@@AAEXXZ
?_InsertThisIntoGlobalList@CLKRHashTable@@AAEXXZ
?_DeleteKey@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@KK@Z
?ReadUnlock@CReaderWriterLock2@@QAEXXZ
?RemoveEntry@CLockedDoubleList@@QAEXQAVCListEntry@@@Z
?_IsLocked@CSpinLock@@ABE_NXZ
?_ReadLockSpin@CReaderWriterLock3@@AAEXW4SPIN_TYPE@1@@Z
MpHeapCreate
?_ExtractKey@CLKRHashTable@@ABE?BKPBX@Z

kernel32

SetNamedPipeHandleState
_lread
GetTempFileNameA
ReleaseSemaphore
SetConsoleActiveScreenBuffer
GetStringTypeExW
SetConsoleNlsMode
BaseFlushAppcompatCache
SetConsoleMode
DeleteFileA
GetSystemPowerStatus
FreeEnvironmentStringsA
BaseInitAppcompatCacheSupport
Process32Next
GetStringTypeExA
DnsHostnameToComputerNameW
lstrlenA
SetThreadPriorityBoost
TransmitCommChar
GetProcessShutdownParameters
GetOEMCP
EnumUILanguagesW
GlobalAlloc
FindFirstVolumeMountPointW
ConvertFiberToThread
RemoveDirectoryA
TryEnterCriticalSection
ReplaceFileA
VirtualAlloc
GetCompressedFileSizeW
SetComputerNameExA
TermsrvAppInstallMode
GetConsoleAliasesW
GetPrivateProfileStringW
GetLocaleInfoW
GetFileAttributesExW
CancelWaitableTimer
LoadLibraryA
InitializeCriticalSection
GetACP
ReadConsoleOutputW
HeapFree
UnregisterConsoleIME

oledlg

OleUIChangeSourceA
OleUIConvertA
OleUIEditLinksA
OleUICanConvertOrActivateAs
OleUIObjectPropertiesA
OleUIAddVerbMenuW
OleUIPromptUserA
OleUIPasteSpecialA
OleUIEditLinksW
OleUIBusyA
OleUIUpdateLinksA
OleUIInsertObjectA
OleUIBusyW
OleUIInsertObjectW
OleUIAddVerbMenuA
OleUIPasteSpecialW
OleUIUpdateLinksW
OleUIConvertW
OleUIChangeIconW
OleUIObjectPropertiesW
OleUIChangeIconA
OleUIPromptUserW
OleUIChangeSourceW

atmlib

ATMBBoxBaseXYShowText
ATMFontAvailableA
ATMAddFontEx
ATMMakePSSA
ATMFontStatus
ATMAddFontExW
ATMGetMenuNameW
ATMFontAvailableW
ATMGetFontPathsW
ATMGetPostScriptNameW
ATMGetBuildStrW
ATMGetFontPathsA
ATMBBoxBaseXYShowTextW
ATMMakePSSW
ATMRemoveFontA
ATMXYShowTextA
ATMMakePFM
ATMXYShowTextW
ATMGetOutlineA
ATMEnumFontsA
ATMGetFontInfoW
ATMAddFontExA
ATMFontAvailable
ATMRemoveFontW
ATMGetPostScriptNameA
ATMEnumMMFonts
ATMGetFontBBox
ATMGetFontInfo
ATMGetGlyphList
ATMBBoxBaseXYShowTextA
ATMGetGlyphListA
ATMAddFontW
ATMGetMenuName
ATMFontStatusA

query

?Read@CRcovStrmTrans@@QAEKPAXK@Z
?SkipFloat@CMemDeSerStream@@UAEXXZ
?AppendChild@CDbCmdTreeNode@@IAEXPAV1@@Z
?Add@CDbColumns@@QAEHABVCDbColId@@I@Z
?Reset@CRegChangeEvent@@QAEXXZ
?Cleanup@CDbProp@@QAEXXZ
?Start@CCatalogAdmin@@QAEHXZ
??0CScopeRestriction@@QAE@PBGHH@Z
?GetLCIDFromString@@YGKPAG@Z
?IsCIStarted@CMachineAdmin@@QAEHXZ
?AddDir@CCatState@@QAEXAAV?$XPtrST@G@@@Z
?SetStartKey@CRangeRestriction@@QAEXABVCKeyBuf@@@Z
?Close@CPhysStorage@@QAEXXZ
??1CPidLookupTable@@QAE@XZ
??0CDbPropIDSet@@QAE@XZ
??0CColumns@@QAE@ABV0@@Z
?LookupSDID@CSdidLookupTable@@QAEKPAXK@Z
?GetLong@CMemDeSerStream@@UAEJXZ
LocateCatalogsW
?ValidateScopeRestriction@@YGHPAVCRestriction@@@Z
?IsLeaf@CRestriction@@QBEHXZ
??0CWorkQueue@@QAE@IW4WorkQueueType@0@@Z
?GetDWORDParam@CCatalogAdmin@@QAEHPBGAAK@Z
??0CiStorage@@QAE@PBGAAUICiCAdviseStatus@@KKH@Z
?SetMappedCacheSize@CPropStoreManager@@QAEXKK@Z
?EnumerateProperty@CPidLookupTable@@QAEHAAVCFullPropSpec@@AAI@Z
??1CDFA@@QAE@XZ
?ciDelete@@YGXPAX@Z

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

935bde3f746c6d0d98aa55e4f52158af

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt40

msdart

kernel32

oledlg

atmlib

query

Sections

.text Size: 32KB - Virtual size: 32KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 55KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 32KB - Virtual size: 32KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 55KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB