9489fca1e83b2e23efc5cf87948dc710_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

9489fca1e83b2e23efc5cf87948dc710_JaffaCakes118
Size

173KB
MD5

9489fca1e83b2e23efc5cf87948dc710
SHA1

7a95ece0648c48454a9cd999515756421bc6d72c
SHA256

7801cbc98e888fe1d562b47ebf44595f02dbdde1c2a42a40f5d0d223e8653038
SHA512

caf70ede2087fd2d29f9364e95ff42aaf96c4f0adc0d71f7f84026579def35d3326595ae5e8b3ceb8a5b3ff8d75d2f05c02a6b4fe8e659fbd22ea72436db644b
SSDEEP

3072:P7BghzIYd+cVmdJegIXtjtS6PPbLDRuuNTak6mBCY2n9yG2ODy/YCcis2JGCj:PmzH+cmAgGjtS6xeQG2Qdi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9489fca1e83b2e23efc5cf87948dc710_JaffaCakes118

Files

9489fca1e83b2e23efc5cf87948dc710_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e1257f1ba32a8743b32c7c5bd39744c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessAffinityMask
Heap32Next
SetLocaleInfoW
Thread32First
EnumCalendarInfoExW
RtlMoveMemory
AddAtomA
IsProcessInJob
SetConsoleCP
BuildCommDCBA
ConvertFiberToThread
GetUserDefaultLCID
SetConsoleOutputCP
LockFile
ReleaseSemaphore
BaseUpdateAppcompatCache
GetOverlappedResult
ReplaceFile
MoveFileWithProgressW
GetModuleHandleA
ExitVDM
CreateActCtxW
FatalAppExitW
VirtualLock
FindNextVolumeA
SetLocalPrimaryComputerNameA
GetCompressedFileSizeW
LockFileEx
lstrcmpA
GetDateFormatA
FindNextFileA
CopyLZFile
GetCurrentThread
_hwrite
GetGeoInfoW
CreateEventA
SystemTimeToTzSpecificLocalTime
GetThreadPriorityBoost
SetConsoleKeyShortcuts
TerminateThread
ReadConsoleInputExA
ConnectNamedPipe
SetConsoleInputExeNameA
GlobalAlloc
SetEndOfFile
RegisterConsoleIME
SetConsoleIcon
CreatePipe
SetThreadUILanguage
EndUpdateResourceW
SetCommState
GetConsoleCursorInfo
VirtualAlloc
FreeConsole
LZSeek
IsValidLocale
WriteFile
GetSystemTimeAdjustment
SetCriticalSectionSpinCount
GetProcessHeap
SetDefaultCommConfigA
BaseInitAppcompatCacheSupport
SetMailslotInfo
GetPrivateProfileSectionW
LoadLibraryA
GetConsoleOutputCP
VDMConsoleOperation
QueryActCtxW
CancelWaitableTimer
DebugActiveProcessStop
GetStringTypeExA
GetStringTypeA
CreateWaitableTimerA

msasn1

ASN1BEREncMultibyteString
ASN1BEREoid_free
ASN1BERDecBitString2
ASN1ztcharstring_free
ASN1CEREncEndBlk
ASN1BEREoid2DotVal
ASN1_CloseModule
ASN1BEREncLength
ASN1CEREncCharString
ASN1intx_setuint32
ASN1BERDecNotEndOfContents
ASN1intx_free
ASN1_GetEncoderOption
ASN1utf8string_free
ASN1BERDecGeneralizedTime
ASN1CEREncChar32String
ASN1BEREncChar32String
ASN1BEREncOpenType
ASN1CEREncNewBlkElement
ASN1BERDecObjectIdentifier2
ASN1BERDecS32Val
ASN1DecRealloc
ASN1BEREncNull
ASN1_CreateDecoderEx
ASN1uint32_uoctets
ASN1char32string_free
ASN1BEREncChar16String
ASN1BERDecOctetString
ASN1intxisuint32
ASN1bitstring_cmp
ASN1BEREncBool
ASN1BEREncObjectIdentifier
ASN1CEREncChar16String
ASN1CEREncOctetString
ASN1BERDecBitString
ASN1BEREncEoid
ASN1ztchar32string_free
ASN1BERDecEoid
ASN1BEREncTag
ASN1_CloseEncoder
ASN1_CloseEncoder2

msvcirt

?eback@streambuf@@IBEPADXZ
??_Eistream@@UAEPAXI@Z
??_Gstrstream@@UAEPAXI@Z
?close@ofstream@@QAEXXZ
??_Diostream@@QAEXXZ
?unlock@streambuf@@QAEXXZ
??_Gfstream@@UAEPAXI@Z
?eof@ios@@QBEHXZ
?sgetn@streambuf@@QAEHPADH@Z
??5istream@@QAEAAV0@PAD@Z
?close@fstream@@QAEXXZ
?sunk_with_stdio@ios@@0HA
??6ostream@@QAEAAV0@E@Z
?str@ostrstream@@QAEPADXZ
?str@strstream@@QAEPADXZ
??Bios@@QBEPAXXZ
?pword@ios@@QBEAAPAXH@Z
??0istrstream@@QAE@ABV0@@Z
?overflow@strstreambuf@@UAEHH@Z
??_8istream@@7B@
?setbuf@ifstream@@QAEPAVstreambuf@@PADH@Z
??4stdiobuf@@QAEAAV0@ABV0@@Z
?get@istream@@QAEAAV1@PAEHD@Z
??4streambuf@@QAEAAV0@ABV0@@Z
??0ios@@IAE@ABV0@@Z
?delbuf@ios@@QBEHXZ
??1ostream@@UAE@XZ
?sbumpc@streambuf@@QAEHXZ
??0fstream@@QAE@PBDHH@Z
??0exception@@QAE@ABV0@@Z
??5istream@@QAEAAV0@AAO@Z
??0filebuf@@QAE@XZ
??5istream@@QAEAAV0@PAE@Z

olecli32

OleRevertClientDoc
LeReconnect
BmQueryBounds
ErrObjectConvert
SrvrWndProc
ErrObjectLong
GenSetData
CheckNetDrive
LeSetTargetDevice
DibGetData
OleDraw
DibQueryBounds
DefCreateLinkFromClip
DibCopy
DefCreate
OleQueryReleaseMethod
ErrActivate
DefCreateLinkFromFile
ErrSetTargetDevice
DibSaveToStream
LeQueryProtocol
GetTaskVisibleWindow
ErrSetBounds
ObjQueryName
LeObjectLong
GenEqual
OleQueryReleaseError
BmClone
DocWndProc
PbDraw
OleReconnect
LeClose
DibRelease
MfRelease
LeDraw

odbcjt32

SelectIndexDlgProc
ConfigDSNW
SQLGetInfoW
SQLExtendedFetch
LoadByOrdinal
SQLGetCursorNameW
SelectUIdxDlgProc
SQLCancel
SQLFreeEnv
SQLAllocConnect
LoginDialogProc
SQLFreeHandle
SQLGetConnectAttrW
SQLEndTran
SQLSetScrollOptions
SQLPrepareW
ConfigDSN
ConfigDriverW
SQLGetDiagFieldW
SQLAllocEnv
SQLBindCol
SQLDescribeColW
SQLSetEnvAttr
SQLColumnsW
SQLNativeSqlW
SQLConnectW
SQLGetDescRecW
SQLSetPos
RepairCompactProc
SQLAllocHandle
ConfigDialogProc
SQLBindParameter
SQLGetStmtAttrW
SQLGetDiagRecW
SQLSetDescFieldW

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1257f1ba32a8743b32c7c5bd39744c3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msasn1

msvcirt

olecli32

odbcjt32

Sections

.text Size: 54KB - Virtual size: 54KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 84KB - Virtual size: 275KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 888B

.text
Size: 54KB - Virtual size: 54KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 84KB - Virtual size: 275KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 888B