8567898e5215173246dcb0f75fd52e6b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8567898e5215173246dcb0f75fd52e6b_JaffaCakes118
Size

132KB
MD5

8567898e5215173246dcb0f75fd52e6b
SHA1

ae5c060b2d99f31465a5430fd2fcdd1c352ef248
SHA256

c212f24f5da7c5f5dd9b7457481ee5f8f877abbf70fc63255a9e0a0b593e0d4c
SHA512

a58988027969640e0f0796df3c46669dce7a49d57b3dc180bc4d5183b453bf8389bf6c9257ed9ae4f517ce24ba88ea822100ba01e59b218fc03409d2578c90d9
SSDEEP

3072:Yf5R69n5wQYAvEZDhsasRZzhbCtYfA8kDxpMVhi:eDy+QYAvENiasRZNbCtYotpMVhi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8567898e5215173246dcb0f75fd52e6b_JaffaCakes118

Files

8567898e5215173246dcb0f75fd52e6b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ec7f904bb80e2fe9a327706170e779e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

pdh

PdhExpandCounterPathA
PdhSelectDataSourceA
PdhParseCounterPathA
PdhRelogW
PdhVbGetDoubleCounterValue
PdhGetLogFileTypeA
PdhValidatePathA
PdhVbOpenQuery
PdhOpenLogW
PdhGetRawCounterValue
PdhTranslate009CounterW
PdhRelogA
PdhParseCounterPathW
PdhGetLogFileSize
PdhSetQueryTimeRange
PdhVbGetLogFileSize
PdhTranslateLocaleCounterW
PdhEnumMachinesA
PdhOpenQuery
PdhVerifySQLDBA
PdhEnumLogSetNamesW
PdhEnumMachinesHA
PdhUpdateLogFileCatalog
PdhGetDefaultPerfCounterW
PdhSelectDataSourceW
PdhSetCounterScaleFactor
PdhCloseQuery
PdhFormatFromRawValue
PdhIsRealTimeQuery
PdhCloseLog
PdhLookupPerfIndexByNameW
PdhGetFormattedCounterArrayW
PdhValidatePathW
PdhGetLogSetGUID
PdhRemoveCounter
PdhBrowseCountersHW
PdhLookupPerfNameByIndexA

kernel32

ReadConsoleW
LeaveCriticalSection
WriteFile
SetSystemTimeAdjustment
SetLocalTime
VirtualAlloc
VirtualProtect
EnterCriticalSection
GetCurrentDirectoryW
EnumSystemGeoID
OpenProcess
Module32Next
SetVDMCurrentDirectories
FindNextFileA
VirtualLock
DeleteCriticalSection
HeapQueryInformation
FindNextVolumeW
VirtualFree
GetConsoleHardwareState
GetCurrencyFormatW
LoadLibraryA
GetVersionExA
SignalObjectAndWait
RemoveLocalAlternateComputerNameW
SetSystemPowerState
UnregisterWaitEx
WriteProfileSectionW
GetSystemDefaultLCID
GetNumberFormatW
IsBadHugeReadPtr
GetCurrentThreadId
WriteFileGather
GetDefaultCommConfigA
CmdBatNotification

opengl32

glColor4f
glColor4b
glTexSubImage2D
wglShareLists
glTexCoord2fv
glTexSubImage1D
glTexGeniv
glGetLightiv
glRasterPos3fv
glRasterPos4sv
glVertex2iv
glGenLists
glDepthRange
wglCreateContext
glScalef
glFogi
glPushAttrib
glFogf
glLogicOp
glRectdv
glTexCoord1s
glListBase
glTexCoord1dv
glGetTexEnviv
glEndList
glEnableClientState
glVertex3s

winmm

NotifyCallbackData
waveInMessage
mmDrvInstall
SendDriverMessage
midiStreamPause
waveOutSetPlaybackRate
midiOutCachePatches
timeGetDevCaps
midiOutGetID
mmioSeek
waveOutGetDevCapsW
midiConnect
midiOutLongMsg
WOWAppExit
waveInUnprepareHeader
mmioCreateChunk
timeBeginPeriod
mmioAdvance
midiDisconnect
auxOutMessage
auxGetNumDevs
mixerGetLineInfoA
mixerGetDevCapsA
waveOutClose
joyGetNumDevs
midiStreamRestart
WOW32ResolveMultiMediaHandle
waveOutPrepareHeader
mciDriverNotify
joyGetDevCapsW
mixerGetControlDetailsW
mmioOpenA
mci32Message
midiInGetErrorTextA

clusapi

OfflineClusterGroup
ClusterGroupCloseEnum
GetClusterNodeState
ClusterNetworkControl
OpenClusterGroup
GetClusterGroupState
OpenClusterResource
GetClusterNetInterfaceState
GetClusterNetworkState
OpenClusterNetwork
ClusterRegCreateKey
ClusterResourceTypeOpenEnum
GetClusterNodeId
GetClusterNodeKey
OfflineClusterResource
ClusterNetInterfaceControl
ClusterGroupControl
ClusterResourceTypeGetEnumCount
ClusterControl
ClusterNodeOpenEnum
DeleteClusterGroup
ChangeClusterResourceGroup
RemoveClusterResourceDependency
GetClusterNetworkKey
ClusterResourceOpenEnum
GetClusterResourceNetworkName
ClusterNetworkCloseEnum
RestoreClusterDatabase
ClusterRegDeleteKey
GetClusterFromGroup
CreateClusterNotifyPort
GetClusterFromResource
SetClusterName
ClusterNetworkGetEnumCount
ClusterNodeCloseEnum
OpenCluster
CloseCluster
CloseClusterNetInterface
GetClusterResourceTypeKey
ClusterGroupEnum

ntdll

NtAccessCheckAndAuditAlarm
RtlIsTextUnicode
RtlDeleteElementGenericTableAvl
memchr
NtQueryInstallUILanguage
ZwUnloadKey
RtlSizeHeap
RtlUpperString
RtlCharToInteger
ZwFlushKey
wcsncmp
_wtoi64
NtCompressKey
NtWaitLowEventPair
_lfind
RtlSetHeapInformation
NtWaitForDebugEvent
ZwEnumerateSystemEnvironmentValuesEx
NtUnlockFile
NtSetHighEventPair
RtlpNtOpenKey
RtlInterlockedPushListSList
LdrFindEntryForAddress
LdrLockLoaderLock
CsrCaptureMessageString
RtlValidSid
NtImpersonateAnonymousToken

msvcp60

?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PAG0PBGI@Z
?pow@std@@YA?AV?$complex@O@1@ABV21@0@Z
?do_pos_format@?$_Mpunct@G@std@@MBE?AUpattern@money_base@2@XZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
??1?$numpunct@D@std@@UAE@XZ
?id@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@2V0locale@2@A
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IGABV?$allocator@G@1@@Z
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGPAG0@Z
?tellg@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE?AV?$fpos@H@2@XZ
?seekoff@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE?AV?$fpos@H@2@JW4seekdir@ios_base@2@H@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?quiet_NaN@?$numeric_limits@F@std@@SAFXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXF@Z
??0bad_exception@std@@QAE@ABV01@@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@II@Z
?_Getcat@?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIXZ
??0?$_Complex_base@O@std@@QAE@ABO0@Z
?find_first_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
?_Getcat@?$_Mpunct@G@std@@SAIXZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I_N@Z
??4?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
?unget@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?quiet_NaN@?$numeric_limits@I@std@@SAIXZ
?rdstate@ios_base@std@@QBEHXZ
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?neg_format@?$_Mpunct@D@std@@QBE?AUpattern@money_base@2@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??_7ctype_base@std@@6B@
?_Initcvt@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?unget@?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIABV12@II@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@PBDH@Z
?widen@?$ctype@D@std@@QBEPBDPBD0PAD@Z
?tellp@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE?AV?$fpos@H@2@XZ
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z
?min@?$numeric_limits@C@std@@SACXZ
?open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXPBDF@Z
??Hstd@@YA?AV?$complex@N@0@ABV10@ABN@Z
_LXbig
wctrans
?do_encoding@?$codecvt@GDH@std@@MBEHXZ

expsrv

rtcUpperCaseVar
__vbaFreeObjList
__vbaGet3
__vbaR8FixI4
__vbaLenVarB
rtcStrConvVar2
__vbaFreeVarg
__vbaVarLateMemStAd
__vbaVarSetObj
rtcFV
__vbaSetSystemError
rtcBeep
__vbaFixstrConstruct
__vbaForEachAry
TipUnloadProject
GetMemObj
GetMem4
TipSetOption
__vbaBoolVarNull
__vbaLsetFixstrFree
__vbaR8ErrVar
rtcInStr
__vbaHresultCheckNonvirt
__vbaInStr
__vbaLenVar
__vbaErase
rtcErrObj
rtcCreateObject
__vbaVarTextTstLt
__vbaVarIndexStoreObj
__vbaCyFix
__vbaFPFix
__vbaCyStr
__vbaFileCloseAll
rtcCurrentDirBstr
PutMem1
BASIC_CLASS_Invoke
rtcAtn
__vbaNameFile
rtDecFromVar
__vbaGetFxStr3
__vbaUI1Var
rtcUpperCaseBstr
__vbaVarNot

esent

JetSeek
JetGetTableColumnInfo
JetSetCurrentIndex4
JetGetCursorInfo
JetOpenTempTable2
JetGetAttachInfo
JetOpenTempTable
JetRetrieveKey
JetDeleteColumn
JetCreateDatabase2
JetGetObjectInfo
JetSetCurrentIndex
JetRetrieveColumn@32
JetBeginExternalBackup
JetInit2
JetRestore2
JetEndExternalBackupInstance2
JetEndSession
JetMakeKey@20
JetPrepareUpdate@12
JetDetachDatabase2
JetBeginExternalBackupInstance
JetCreateDatabaseWithStreaming
JetSetSystemParameter
JetDeleteIndex
JetDupCursor
JetEscrowUpdate
JetCreateIndex
JetDupSession
JetAttachDatabaseWithStreaming
JetSetIndexRange
JetGotoSecondaryIndexBookmark
JetBackupInstance
JetTerm
JetDefragment

msvcrt40

?setbuf@strstreambuf@@UAEPAVstreambuf@@PADH@Z
?seekoff@streambuf@@UAEJJW4seek_dir@ios@@H@Z
fwprintf
?rdbuf@ostrstream@@QBEPAVstrstreambuf@@XZ
_ismbbkalnum
wcscmp
??6ostream@@QAEAAV0@C@Z
?seekg@istream@@QAEAAV1@J@Z
_safe_fprem1
_mbscmp
ceil
?tellg@istream@@QAEJXZ
strpbrk
_ismbcalnum
_wcmdln
_inpd
_heapset
__p__wpgmptr
_spawnlp
_adj_fptan
strtod
??0logic_error@@QAE@ABV0@@Z
remove
localeconv
?sputc@streambuf@@QAEHH@Z
_getch
isleadbyte
_wcsupr
?seekg@istream@@QAEAAV1@JW4seek_dir@ios@@@Z
??_Eistrstream@@UAEPAXI@Z
_ultoa

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec7f904bb80e2fe9a327706170e779e5

Headers

DLL Characteristics

File Characteristics

Imports

pdh

kernel32

opengl32

winmm

clusapi

ntdll

msvcp60

expsrv

esent

msvcrt40

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 87KB - Virtual size: 235KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 1012B

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 87KB - Virtual size: 235KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 1012B