88aa80198cf9dd7b0d431c0090be0df2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

88aa80198cf9dd7b0d431c0090be0df2_JaffaCakes118
Size

230KB
MD5

88aa80198cf9dd7b0d431c0090be0df2
SHA1

c6806ec1260d04ff11c14b6295168e6f7f0ac63e
SHA256

f235bd1932c823fa00c10d23431469812a9dbb6456d3a1b5735348d1669dadc2
SHA512

b9cae1de5c56b1024c33b54aa9b8c64ec52d6a3463945d63c3326418073ba9ac7e699bae612cdb662e09713454a1682c9ac34907046c91340660466e000e862c
SSDEEP

3072:jQOhw/MFWrJjKOMxRSepuBaqn/NlnBh2Lx0JVzx1wWobn1ek8F7HncO5hK9YSHlT:+DFB47UhXBh2yJ5HcOSSSHiIx+y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
88aa80198cf9dd7b0d431c0090be0df2_JaffaCakes118

Files

88aa80198cf9dd7b0d431c0090be0df2_JaffaCakes118
.dll windows:6 windows x86 arch:x86

26865b7171db1d5c65acde04238656b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

sqmapi.pdb

Imports

msvcrt

_onexit
_lock
__dllonexit
_unlock
??1type_info@@UAE@XZ
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
_callnewh
malloc
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
_CxxThrowException
_purecall
ceil
realloc
free
memmove
towupper
memset
_vsnprintf
wcschr
_vsnwprintf
__CxxFrameHandler
memcpy

advapi32

RegOpenKeyExA
RegQueryValueExA
ImpersonateLoggedOnUser
RevertToSelf
GetSecurityDescriptorDacl
GetSecurityDescriptorOwner
SetNamedSecurityInfoW
OpenProcessToken
ConvertSidToStringSidW
GetTokenInformation
RegQueryInfoKeyW
RegEnumValueW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
TraceEvent

user32

PeekMessageW
GetSystemMetrics
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjects

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
RtlUnwind
InterlockedExchange
OpenMutexW
CreateMutexW
ReleaseMutex
GetThreadPriority
SetThreadPriority
FileTimeToSystemTime
GetSystemTimeAsFileTime
FileTimeToDosDateTime
GetTempFileNameW
Sleep
GlobalFree
WaitForMultipleObjects
GetTempPathW
GetLongPathNameW
GetVersionExW
WideCharToMultiByte
CreateDirectoryW
GetFileAttributesW
GetFileSizeEx
SetFilePointerEx
lstrlenW
GetThreadLocale
GetModuleHandleA
OpenEventA
GetVersionExA
SetErrorMode
DelayLoadFailureHook
GetCurrentThread
WaitForSingleObject
InterlockedDecrement
OpenFileMappingW
VirtualFree
WriteFile
InterlockedIncrement
ResetEvent
CreateThread
FreeLibraryAndExitThread
CreateEventW
GetFileSize
ReadFile
DuplicateHandle
SetEvent
RaiseException
GetFileAttributesExW
CompareFileTime
DeleteFileW
FindFirstFileW
FindNextFileW
FindClose
GetCurrentProcess
GetTickCount
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
LocalFree
LocalAlloc
FreeLibrary
GetProcAddress
LoadLibraryW
DisableThreadLibraryCalls
InterlockedCompareExchange
LoadLibraryA
CompareStringW
VirtualAlloc
SetLastError
GetLastError
LeaveCriticalSection
EnterCriticalSection
CloseHandle
UnmapViewOfFile
SystemTimeToFileTime
GetSystemTime
MapViewOfFile
CreateFileMappingW
CreateFileW
DeleteCriticalSection

Exports

Exports

SqmAddToAverage
SqmAddToStream
SqmAddToStreamDWord
SqmAddToStreamString
SqmAddToStreamV
SqmCleanup
SqmClearFlags
SqmCreateNewId
SqmEndSession
SqmFlushSession
SqmGetEnabled
SqmGetFlags
SqmGetMachineId
SqmGetSession
SqmGetSessionStartTime
SqmGetUserId
SqmIncrement
SqmIsWindowsOptedIn
SqmReadSharedMachineId
SqmReadSharedUserId
SqmSet
SqmSetAppId
SqmSetAppVersion
SqmSetBits
SqmSetBool
SqmSetCurrentTimeAsUploadTime
SqmSetEnabled
SqmSetFlags
SqmSetIfMax
SqmSetIfMin
SqmSetMachineId
SqmSetString
SqmSetUserId
SqmStartSession
SqmStartUpload
SqmSysprepGeneralize
SqmSysprepSpecialize
SqmTimerAccumulate
SqmTimerAddToAverage
SqmTimerRecord
SqmTimerStart
SqmUnattendedSetup
SqmWaitForUploadComplete
SqmWriteSharedMachineId
SqmWriteSharedUserId

Sections

.text
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

26865b7171db1d5c65acde04238656b5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

user32

kernel32

Exports

Exports

Sections

.text Size: 121KB - Virtual size: 120KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 100KB - Virtual size: 99KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 121KB - Virtual size: 120KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 100KB - Virtual size: 99KB

.reloc
Size: 6KB - Virtual size: 6KB