8994f6c3ecc0342f5a4eca099e4913e9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8994f6c3ecc0342f5a4eca099e4913e9_JaffaCakes118
Size

336KB
MD5

8994f6c3ecc0342f5a4eca099e4913e9
SHA1

585ec80e506cdcdf2e8ee4723d1ae04c2056419c
SHA256

80592444e7c2535634ba2b33ca3193a47622097b4377548b93602c4966c74758
SHA512

717eef36a181ee2b6877c0f82f276dd67404188a31364f92996acf9ae4df93aafbfabfb464eb32e7538dea3b9327759da4cd92ce6abaf286ab89fdfe54f84b22
SSDEEP

6144:XdwnXbqnZNax29jb4n6CwfpxPowBgFScBUiGAbBWaqWc8jDJvbkIpt:2WZNaotcnrwfpxPRgniL6BW6cE9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8994f6c3ecc0342f5a4eca099e4913e9_JaffaCakes118

Files

8994f6c3ecc0342f5a4eca099e4913e9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

063d382d9c939622856cc778becb287b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

winmm

mmDrvInstall
mixerGetNumDevs
SendDriverMessage
mmioOpenW
waveOutOpen
mciSendStringA
midiOutCacheDrumPatches
mciGetDriverData
midiInOpen
waveOutGetVolume
waveInStart
waveOutBreakLoop
midiInStop
midiOutShortMsg
midiInGetErrorTextW
waveInGetErrorTextA
mciSendCommandW
mmioStringToFOURCCW
mixerGetDevCapsW
waveOutUnprepareHeader
midiInGetID
waveOutReset
aux32Message
waveOutClose
mciGetErrorStringW
mmioAscend

dmdlgs

DllCanUnloadNow
?GetOcxFrameCWndPtr@CTaskData@@QAEPAVCWnd@@XZ
?GetServerName@CDataCache@@QAE?AVCString@@XZ
?GetRegionColorStructPtr@CTaskData@@QAEXPAPAU_REGION_COLORS@@AAH@Z
DllRegisterServer
?GetNumMembers@CDMNodeObj@@QAEKXZ
DllGetClassObject
?GetLdmObjectId@CDMNodeObj@@QAE_JXZ

msvcp60

?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?_Sync@ios_base@std@@0_NA
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
??0bad_exception@std@@QAE@PBD@Z
?seekoff@?$basic_filebuf@GU?$char_traits@G@std@@@std@@MAE?AV?$fpos@H@2@JW4seekdir@ios_base@2@H@Z
??_F?$complex@O@std@@QAEXXZ
?_Ifmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@KAPADPADDH@Z
_FExp
?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDF@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??1?$_Mpunct@G@std@@UAE@XZ
??Gstd@@YA?AV?$complex@O@0@ABV10@@Z
??_Fbad_cast@std@@QAEXXZ
?do_neg_format@?$_Mpunct@D@std@@MBE?AUpattern@money_base@2@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@N@Z
??Hstd@@YA?AV?$complex@M@0@ABV10@0@Z
??Gstd@@YA?AV?$complex@N@0@ABNABV10@@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PBDH@Z
??7ios_base@std@@QBE_NXZ
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z

kernel32

QueryPerformanceCounter
VirtualQueryEx
VirtualAlloc
GetCurrentProcessId
GetProcessWorkingSetSize
ConsoleMenuControl
CmdBatNotification
FlushFileBuffers
ExitThread
GetConsoleAliasA
OpenFileMappingA
GetWindowsDirectoryA
WriteConsoleA
BaseUpdateAppcompatCache
SetConsoleActiveScreenBuffer
DefineDosDeviceA
RemoveDirectoryW
ConvertThreadToFiber
TlsAlloc
_lcreat
GetVolumeNameForVolumeMountPointW
GetComPlusPackageInstallStatus
GetTickCount
GetConsoleAliasExesW
SetFilePointer
GetCompressedFileSizeA
GetCurrentThreadId
SetComputerNameExA
TlsFree
GetCalendarInfoW
GetProcessShutdownParameters
GetModuleHandleW
LoadLibraryA
GetStartupInfoW
RegisterWaitForInputIdle
LoadLibraryExW
GetConsoleTitleA
SetSystemTime

odbccp32

SQLWriteFileDSN
SQLGetInstalledDriversW
SQLInstallTranslatorEx
SQLRemoveDriverManager
SQLRemoveDriver
SQLLoadDataSourcesListBox
SQLGetAvailableDrivers
SQLWritePrivateProfileString
SQLInstallTranslator
SQLInstallTranslatorW
SQLConfigDriver
SQLWriteFileDSNW
SQLRemoveDSNFromIniW
SQLGetPrivateProfileStringW
SQLPostInstallerErrorW
SQLValidDSN
SQLRemoveTranslator
SQLInstallTranslatorExW
SQLRemoveDefaultDataSource
SQLConfigDataSource
SQLPostInstallerError
SQLReadFileDSN
SQLInstallDriver
SQLSetConfigMode
SQLManageDataSources

mprdim

ServiceMain

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 253KB - Virtual size: 668KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

063d382d9c939622856cc778becb287b

Headers

File Characteristics

Imports

winmm

dmdlgs

msvcp60

kernel32

odbccp32

mprdim

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 42KB - Virtual size: 42KB

.data Size: 253KB - Virtual size: 668KB

.tls Size: 512B - Virtual size: 4B

.rsrc Size: 33KB - Virtual size: 33KB

.reloc Size: 512B - Virtual size: 232B

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 42KB - Virtual size: 42KB

.data
Size: 253KB - Virtual size: 668KB

.tls
Size: 512B - Virtual size: 4B

.rsrc
Size: 33KB - Virtual size: 33KB

.reloc
Size: 512B - Virtual size: 232B