962d1cd5dc87aff19cc4530cf22d6da1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

962d1cd5dc87aff19cc4530cf22d6da1_JaffaCakes118
Size

86KB
MD5

962d1cd5dc87aff19cc4530cf22d6da1
SHA1

bc05e55269c94fba0c5592589c57d7296eecaca2
SHA256

0728acd791389523e21f96aafaaadaf8c5a27565c04564faa6ad9bcbab381a2e
SHA512

c076f1fea0f81f8b2d7d25a80102d7597e65cad71a9ec0cf16b62ea4650e26c325a043ee38e04cfd91543c6e379c3f58d667cfa5589ad5eea00311711967ed20
SSDEEP

1536:o/PMlPPh1rJ3rUrRxGtGmRvP++v5wEsgRjclmj0IBpwbHSDcGc5Y:o3gP/rlqYGmRvP+s5eYjcyubygd5Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
962d1cd5dc87aff19cc4530cf22d6da1_JaffaCakes118

Files

962d1cd5dc87aff19cc4530cf22d6da1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

bd0fbf364a209d256a32db52acabc591

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
EnumSystemCodePagesA
OpenMutexA
DeleteTimerQueueEx
OpenEventW
DosPathToSessionPathW
HeapCreate
SleepEx
CallNamedPipeA
WriteConsoleOutputAttribute
SetLocalPrimaryComputerNameA
ReadConsoleOutputAttribute
GetCurrentProcessId
GetStartupInfoA
Process32Next
VirtualAlloc
OpenEventA
GetCurrentThreadId
GetSystemTimeAsFileTime
LoadLibraryA
lstrcpynW
CancelTimerQueueTimer
GetTickCount
QueryPerformanceCounter
GetLastError
lstrcpyW

msdart

SetMemHook
?ReadUnlock@CReaderWriterLock3@@QAEXXZ
?TryReadLock@CCritSec@@QAE_NXZ
??1CReaderWriterLock3@@QAE@XZ
?_Clear@CLKRLinearHashTable@@AAEX_N@Z
?ConvertSharedToExclusive@CReaderWriterLock2@@QAEXXZ
?IsWriteLocked@CReaderWriterLock3@@QBE_NXZ
?sm_dblDfltSpinAdjFctr@CSpinLock@@1NA
??4CLockedDoubleList@@QAEAAV0@ABV0@@Z
?TryReadLock@CReaderWriterLock2@@QAE_NXZ
?Pop@CSingleList@@QAEQAVCSingleListEntry@@XZ
?Clear@CLKRLinearHashTable@@QAEXXZ
?sm_lpOSVERSIONINFO@CMdVersionInfo@@0PAU_OSVERSIONINFOW@@A
?IsWriteUnlocked@CReaderWriterLock3@@QBE_NXZ
?TryWriteLock@CReaderWriterLock2@@QAE_NXZ
?ReadOrWriteLock@CCritSec@@QAE_NXZ
?_ReadOrWriteUnlock@CLKRLinearHashTable@@ABEX_N@Z
?SetDefaultSpinCount@CReaderWriterLock2@@SGXG@Z
?TryReadLock@CSmallSpinLock@@QAE_NXZ
?_TryWriteLock@CReaderWriterLock@@AAE_NXZ
?_TryLock@CSmallSpinLock@@AAE_NXZ
?InsertHead@CDoubleList@@QAEXQAVCListEntry@@@Z
mpFree
?SetSpinCount@CSpinLock@@QAE_NG@Z
?sm_llGlobalList@CLKRHashTable@@0VCLockedDoubleList@@A

odbctrac

TraceSQLProcedureColumnsW
TraceSQLError
TraceSQLDrivers
TraceSQLDescribeParam
TraceSQLAllocHandle
TraceSQLAllocEnv
TraceSQLGetConnectAttr
TraceSQLFreeEnv
TraceSQLNumParams
TraceSQLBulkOperations
TraceSQLGetDiagRec
TraceSQLErrorW
TraceSQLParamData
TraceSQLBindParameter
TraceSQLGetTypeInfo

msvcp60

?clear@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXF@Z
??_7?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@6B@
??_Ftime_base@std@@QAEXXZ
??0_Winit@std@@QAE@XZ
??Bid@locale@std@@QAEIXZ
?sinh@std@@YA?AV?$complex@N@1@ABV21@@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?do_scan_not@?$ctype@G@std@@MBEPBGFPBG0@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Nanv@?$_Ctr@O@std@@SAOO@Z
??1?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAE@XZ
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
?_Init@?$messages@D@std@@IAEXABV_Locinfo@2@@Z
??Pstd@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?quiet_NaN@?$numeric_limits@O@std@@SAOXZ
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAG@Z
?width@ios_base@std@@QAEHH@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGXZ
??_0std@@YAAAV?$complex@N@0@AAV10@ABV10@@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?do_tolower@?$ctype@G@std@@MBEPBGPAGPBG@Z
?copy@?$char_traits@G@std@@SAPAGPAGPBGI@Z
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_istream@GU?$char_traits@G@std@@@1@@
?classic@locale@std@@SAABV12@XZ
??_F?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ

crtdll

_getdcwd
_ismbckata
_timezone_dll
_strdec
_unlink
_flushall
remove
_ismbcl1
fwprintf
asctime
_mbslwr
wprintf
_logb
atof
vprintf
_ismbbprint
_aexit_rtn_dll
_heapmin
_toupper
_open_osfhandle
_c_exit

nddeapi

NDdeSetShareSecurityW
NDdeShareEnumW
NDdeShareGetInfoW
NDdeSetTrustedShareA
NDdeIsValidShareNameA
NDdeSetTrustedShareW
NDdeTrustedShareEnumA
NDdeGetErrorStringA
NDdeShareSetInfoW
NDdeShareGetInfoA
NDdeShareEnumA

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bd0fbf364a209d256a32db52acabc591

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msdart

odbctrac

msvcp60

crtdll

nddeapi

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 20KB - Virtual size: 25KB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 276B

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 20KB - Virtual size: 25KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 276B