974dd43781a9a89444e33ad4f32508da_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

974dd43781a9a89444e33ad4f32508da_JaffaCakes118
Size

60KB
MD5

974dd43781a9a89444e33ad4f32508da
SHA1

74e19b73df06c9ed1b348fd99524e417693d497f
SHA256

53e8b53e1d1d1b2f49e38e198f4d947e2ff54cac0e00cd8559d6830c072bc6cb
SHA512

7b55b1a01101bb71063a6cb1501a8e803d0e48346cd3ddf546ef73e8c5b729f28a366419a466c59b8d3f14cc1e86491e625cc6de575a68151de6efc34ae96e71
SSDEEP

1536:uAALMXlmMGrYTg781kVAgLoIU/L2qBNGFsQnRY:6MPGr2g7akVcIU/ayMa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
974dd43781a9a89444e33ad4f32508da_JaffaCakes118

Files

974dd43781a9a89444e33ad4f32508da_JaffaCakes118
.exe windows:5 windows x86 arch:x86

47bff10a95fdf6e2415a80db9d3b1eca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

BindIoCompletionCallback
FindCloseChangeNotification
GetModuleHandleA
LoadLibraryW
GetShortPathNameW
GetTickCount
IsProcessInJob
AddConsoleAliasA
GetProcessAffinityMask
FileTimeToDosDateTime
GetModuleHandleW
QueryPerformanceCounter
DeleteTimerQueue
GetCommProperties
GetConsoleAliasExesA
GetCurrentConsoleFont
GetStartupInfoW
GlobalDeleteAtom
FindAtomA
GetCurrentThread
GetProcAddress
LockFile
SetVolumeMountPointA
TransmitCommChar
GetPriorityClass
GetSystemTimeAsFileTime
LoadLibraryExW
BeginUpdateResourceW
WinExec
LoadLibraryA
CreateDirectoryA
GetCurrentProcessId
VirtualAlloc
WriteFile
GetCurrentThreadId

glmf32

glsGetStreamReadName
glsCaptureFunc
glsWriteFunc
glsNumbv
glsEndCapture
glsNumd
glsULongHigh
glsNumdv
glsUTF8toUCS2z
glsGetStreamCRC32
glsCommandFunc
glsBeginObj
glsCopyStream
glsNuml
glsGetCommandAlignment
glsCommandString
glsGetCurrentContext
glsPad
glsGetConstubz
glsNumsv
glsPixelSetup
glsDeleteContext
glsHeaderLayerf
glsUCS4toUTF8
glsGLRCLayer

gdi32

GetFontResourceInfoW
SetWorldTransform
ResetDCW
SetArcDirection
DdEntry16
EngPlgBlt
DdEntry8
EnumEnhMetaFile
DdEntry33
DdEntry15
GdiEntry7
PolyPolyline
GetPath
CreateColorSpaceW
CreateDIBPatternBrushPt
GetROP2
DdEntry39
GetLogColorSpaceW
RectVisible
GdiProcessSetup
SetBkMode
GetEnhMetaFilePaletteEntries
PlayEnhMetaFile

msvcrt

_wspawnl
fgetws
_strnset
_copysign
_exit
??0bad_cast@@QAE@ABV0@@Z
_ismbcalpha
_wperror
_umask
_lrotl
__set_app_type
_beep
wcsrchr
system
_fpclass
__p__commode
??0__non_rtti_object@@QAE@ABV0@@Z
_aligned_realloc
_flsbuf
log
isupper
__threadhandle
_getsystime
__getmainargs
_wsetlocale
__unDNameEx
sqrt
_wstrdate
_CIasin
iswlower
__pioinfo

ole32

OleConvertOLESTREAMToIStorageEx
CreateStreamOnHGlobal
CoCreateFreeThreadedMarshaler
PropVariantClear
ReleaseStgMedium
HBITMAP_UserSize
OleInitializeWOW
StgIsStorageFile
CoGetCurrentLogicalThreadId
CoMarshalInterface
CoGetApartmentID
StgCreateDocfileOnILockBytes
CoSetProxyBlanket
PropVariantCopy
WdtpInterfacePointer_UserSize
OleMetafilePictFromIconAndLabel
DoDragDrop
HGLOBAL_UserFree
WdtpInterfacePointer_UserFree
CoDeactivateObject
HGLOBAL_UserMarshal
CLIPFORMAT_UserUnmarshal
CreateOleAdviseHolder
CoGetClassVersion
SNB_UserMarshal
CreateErrorInfo
HWND_UserMarshal

odbcbcp

bcp_initA
bcp_done
SQLLinkedServers
bcp_writefmtW
SQLLinkedCatalogsA
SQLGetNextEnumeration
bcp_collen
bcp_batch
bcp_control
bcp_columns
bcp_writefmtA
bcp_bind
bcp_colptr
SQLInitEnumServers
bcp_colfmt
bcp_sendrow
bcp_initW
dbprtypeW
bcp_setcolfmt
bcp_readfmtW
bcp_getcolfmt
bcp_exec
LibMain
bcp_readfmtA
SQLCloseEnumServers
dbprtypeA
SQLLinkedCatalogsW
bcp_moretext

wintrust

SoftpubDllRegisterServer
TrustFreeDecode
TrustFindIssuerCertificate
OpenPersonalTrustDBDialog
DriverCleanupPolicy
GenericChainFinalProv
WVTAsn1SpcStatementTypeEncode
CryptCATAdminCalcHashFromFileHandle
WVTAsn1SpcStatementTypeDecode
SoftpubCleanup
CryptCATAdminPauseServiceForBackup
WVTAsn1SpcIndirectDataContentEncode
SoftpubLoadDefUsageCallData
TrustOpenStores
CryptCATPutAttrInfo
CryptCATCDFClose
WintrustLoadFunctionPointers
WVTAsn1CatMemberInfoDecode
CryptCATEnumerateMember
CryptCATCDFEnumAttributes

duser

FindGadgetMessages
GetGadgetAnimation
InvalidateGadget
GetGadgetScale
RegisterGadgetMessageString
DUserGetScalePRID
IsStartDelete
GetGadgetTicket
DUserRegisterStub
MapGadgetPoints
SetGadgetFocus
DUserRegisterGuts
SetGadgetScale
GetStdColorI
InitGadgetComponent
FindStdColor
UnregisterGadgetMessage
IsGadgetParentChainStyle
GetMessageExW
GetStdPalette
DUserDeleteGadget
IsInsideContext
SetGadgetCenterPoint
GetGadgetBufferInfo
UtilDrawOutlineRect
SetActionTimeslice
DllMain
UtilDrawBlendRect
SetGadgetOrder
DUserGetGutsData

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 14KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

47bff10a95fdf6e2415a80db9d3b1eca

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

glmf32

gdi32

msvcrt

ole32

odbcbcp

wintrust

duser

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 14KB - Virtual size: 73KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 252B

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 14KB - Virtual size: 73KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 252B