a2d1d3d1eec4a9b0e00fb97e245ca328_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a2d1d3d1eec4a9b0e00fb97e245ca328_JaffaCakes118
Size

274KB
MD5

a2d1d3d1eec4a9b0e00fb97e245ca328
SHA1

2d0e4fcfddc29b0eb64117fb8a0e228dbc8f9ee3
SHA256

c08fb299f1e224d96b59735ccab668f2323d0b35b28fe60a060d73770b68d585
SHA512

f0ed1af219c7c2471a4839ddd9cbb43ba940e2f54ee43c3760193e1c07be4ed021819bd8d26af25bd41115a05fd4a4a25a80a9458d89dfc2dd636125153dea98
SSDEEP

6144:FQzfqUESh8Yy2I1YsbQSPmM8b2aOpy+oEU2Mei4FVJsPiIwyirPkfyn:FQkSsbNbneMV/PM8VyirsM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a2d1d3d1eec4a9b0e00fb97e245ca328_JaffaCakes118

Files

a2d1d3d1eec4a9b0e00fb97e245ca328_JaffaCakes118
.dll windows:5 windows x86 arch:x86

bb075e6936343d7a4e5421bcd6a6a73e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

pdh.pdb

Imports

msvcrt

floor
_ftol
_except_handler3
wcstoul
wcsncpy
wcstol
swprintf
strstr
_CIpow
_wtoi
_itow
wcschr
sprintf
_ultow
_wsplitpath
wcsncmp
??3@YAXPAX@Z
wcsstr
_vsnwprintf
_wcsicmp
wcscmp
_wgetenv
_wtol
_ltow
_ltoa
wcstombs
setlocale
mbstowcs
wcslen
_wfullpath
_sleep
atol
fgets
rewind
_wfopen
fclose
_ultoa
atof
strncmp
??2@YAPAXI@Z
_getmbcp

ntdll

RtlStringFromGUID
RtlFreeUnicodeString

shlwapi

ord439
StrCmpNIW

kernel32

lstrcatA
lstrlenA
lstrcatW
lstrcmpiW
lstrcpyW
WaitForSingleObject
lstrcpyA
HeapFree
HeapReAlloc
HeapAlloc
SetLastError
FileTimeToLocalFileTime
SystemTimeToFileTime
FileTimeToSystemTime
GetLastError
CreateMutexW
HeapDestroy
CloseHandle
GetProcessHeap
HeapCreate
GetComputerNameW
DisableThreadLibraryCalls
GetVersionExW
MultiByteToWideChar
HeapSize
GetUserDefaultUILanguage
InterlockedExchange
InterlockedCompareExchange
GetSystemTimeAsFileTime
CreateMutexA
GetCurrentThreadId
GetExitCodeThread
CreateThread
SetEvent
CreateEventW
ReleaseMutex
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
CreateFileW
lstrcpynW
lstrcmpiA
lstrcpynA
ReadFile
SetFilePointer
GetLocalTime
SearchPathW
SetErrorMode
GetTimeZoneInformation
Sleep
TerminateThread
CreateEventA
FlushFileBuffers
WriteFile
DebugBreak
SetEndOfFile
UnlockFile
FlushViewOfFile
LockFile
GetWindowsDirectoryA
lstrcmpW
InterlockedIncrement
InterlockedDecrement
WaitForMultipleObjects
LocalFree
GetFileAttributesW
ExpandEnvironmentStringsW
GetCurrentProcessId
WideCharToMultiByte
lstrlenW

rpcrt4

UuidCreate

advapi32

RegisterEventSourceW
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
QueryServiceConfigW
ChangeServiceConfigW
ChangeServiceConfig2W
RegQueryInfoKeyW
RegEnumKeyW
RegCreateKeyExW
RegFlushKey
RegSetValueExW
OpenProcessToken
GetTokenInformation
EqualSid
LogonUserW
ImpersonateLoggedOnUser
RevertToSelf
StartServiceW
ProcessTrace
CloseTrace
OpenTraceW
UnregisterTraceGuids
StartTraceW
TraceEvent
ControlTraceW
OpenSCManagerW
OpenServiceW
StartServiceA
CloseServiceHandle
RegQueryValueExA
ControlService
ReportEventW
ReportEventA
RegConnectRegistryW
RegQueryInfoKeyA
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
DeregisterEventSource
RegCloseKey

comdlg32

GetOpenFileNameW

user32

PostMessageW
GetDesktopWindow
GetWindowRect
GetParent
SetWindowPos
SetWindowTextA
ShowWindow
SetWindowTextW
GetWindowTextW
MessageBoxW
MessageBeep
GetFocus
CreateDialogParamW
IsWindowEnabled
SendMessageA
GetDC
LoadStringW
wsprintfW
DialogBoxParamW
EnableWindow
GetDlgItem
SendDlgItemMessageW
EndDialog
IsDlgButtonChecked
SetCursor
LoadCursorA
GetWindowLongW
SetFocus
CheckRadioButton
SetWindowLongW
WinHelpA
GetDlgCtrlID
SendMessageW
GetDlgItemTextW
ReleaseDC

ole32

CoInitializeEx
CoMarshalInterThreadInterfaceInStream
CoCreateInstance
CoInitializeSecurity
CoCreateGuid
CoUninitialize
CoGetInterfaceAndReleaseStream
CoSetProxyBlanket

gdi32

GetTextExtentPoint32W

oleaut32

VariantClear
SafeArrayDestroy
SafeArrayGetElement
SysAllocString
SafeArrayGetUBound
VariantInit
SysFreeString
SafeArrayGetLBound

odbc32

ord110
ord36
ord16
ord31
ord9
ord111
ord4
ord3
ord107
ord39
ord1
ord2
ord61
ord13
ord20

odbcbcp

ord3
ord14
ord2
ord18
ord10

crypt32

CryptProtectData
CryptUnprotectData

Exports

Exports

PdhAdd009CounterA
PdhAdd009CounterW
PdhAddCounterA
PdhAddCounterW
PdhBindInputDataSourceA
PdhBindInputDataSourceW
PdhBrowseCountersA
PdhBrowseCountersHA
PdhBrowseCountersHW
PdhBrowseCountersW
PdhCalculateCounterFromRawValue
PdhCloseLog
PdhCloseQuery
PdhCollectQueryData
PdhCollectQueryDataEx
PdhComputeCounterStatistics
PdhConnectMachineA
PdhConnectMachineW
PdhCreateSQLTablesA
PdhCreateSQLTablesW
PdhEnumLogSetNamesA
PdhEnumLogSetNamesW
PdhEnumMachinesA
PdhEnumMachinesHA
PdhEnumMachinesHW
PdhEnumMachinesW
PdhEnumObjectItemsA
PdhEnumObjectItemsHA
PdhEnumObjectItemsHW
PdhEnumObjectItemsW
PdhEnumObjectsA
PdhEnumObjectsHA
PdhEnumObjectsHW
PdhEnumObjectsW
PdhExpandCounterPathA
PdhExpandCounterPathW
PdhExpandWildCardPathA
PdhExpandWildCardPathHA
PdhExpandWildCardPathHW
PdhExpandWildCardPathW
PdhFormatFromRawValue
PdhGetCounterInfoA
PdhGetCounterInfoW
PdhGetCounterTimeBase
PdhGetDataSourceTimeRangeA
PdhGetDataSourceTimeRangeH
PdhGetDataSourceTimeRangeW
PdhGetDefaultPerfCounterA
PdhGetDefaultPerfCounterHA
PdhGetDefaultPerfCounterHW
PdhGetDefaultPerfCounterW
PdhGetDefaultPerfObjectA
PdhGetDefaultPerfObjectHA
PdhGetDefaultPerfObjectHW
PdhGetDefaultPerfObjectW
PdhGetDllVersion
PdhGetFormattedCounterArrayA
PdhGetFormattedCounterArrayW
PdhGetFormattedCounterValue
PdhGetLogFileSize
PdhGetLogFileTypeA
PdhGetLogFileTypeW
PdhGetLogSetGUID
PdhGetRawCounterArrayA
PdhGetRawCounterArrayW
PdhGetRawCounterValue
PdhIsRealTimeQuery
PdhListLogFileHeaderA
PdhListLogFileHeaderW
PdhLogServiceCommandA
PdhLogServiceCommandW
PdhLogServiceControlA
PdhLogServiceControlW
PdhLookupPerfIndexByNameA
PdhLookupPerfIndexByNameW
PdhLookupPerfNameByIndexA
PdhLookupPerfNameByIndexW
PdhMakeCounterPathA
PdhMakeCounterPathW
PdhOpenLogA
PdhOpenLogW
PdhOpenQuery
PdhOpenQueryA
PdhOpenQueryH
PdhOpenQueryW
PdhParseCounterPathA
PdhParseCounterPathW
PdhParseInstanceNameA
PdhParseInstanceNameW
PdhPlaAddItemA
PdhPlaAddItemW
PdhPlaCreateA
PdhPlaCreateW
PdhPlaDeleteA
PdhPlaDeleteW
PdhPlaEnumCollectionsA
PdhPlaEnumCollectionsW
PdhPlaGetInfoA
PdhPlaGetInfoW
PdhPlaGetLogFileNameA
PdhPlaGetLogFileNameW
PdhPlaGetScheduleA
PdhPlaGetScheduleW
PdhPlaRemoveAllItemsA
PdhPlaRemoveAllItemsW
PdhPlaScheduleA
PdhPlaScheduleW
PdhPlaSetInfoA
PdhPlaSetInfoW
PdhPlaSetItemListA
PdhPlaSetItemListW
PdhPlaSetRunAsA
PdhPlaSetRunAsW
PdhPlaStartA
PdhPlaStartW
PdhPlaStopA
PdhPlaStopW
PdhPlaValidateInfoA
PdhPlaValidateInfoW
PdhReadRawLogRecord
PdhRelogA
PdhRelogW
PdhRemoveCounter
PdhSelectDataSourceA
PdhSelectDataSourceW
PdhSetCounterScaleFactor
PdhSetDefaultRealTimeDataSource
PdhSetLogSetRunID
PdhSetQueryTimeRange
PdhTranslate009CounterA
PdhTranslate009CounterW
PdhTranslateLocaleCounterA
PdhTranslateLocaleCounterW
PdhUpdateLogA
PdhUpdateLogFileCatalog
PdhUpdateLogW
PdhValidatePathA
PdhValidatePathW
PdhVbAddCounter
PdhVbCreateCounterPathList
PdhVbGetCounterPathElements
PdhVbGetCounterPathFromList
PdhVbGetDoubleCounterValue
PdhVbGetLogFileSize
PdhVbGetOneCounterPath
PdhVbIsGoodStatus
PdhVbOpenLog
PdhVbOpenQuery
PdhVbUpdateLog
PdhVerifySQLDBA
PdhVerifySQLDBW
PdhiPla2003SP1Installed
PdhiPlaFormatBlanksA
PdhiPlaFormatBlanksW
PdhiPlaGetVersion
PdhiPlaRunAs
PdhiPlaSetRunAs
PlaTimeInfoToMilliSeconds

Sections

.text
Size: 247KB - Virtual size: 247KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb075e6936343d7a4e5421bcd6a6a73e

Headers

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

shlwapi

kernel32

rpcrt4

advapi32

comdlg32

user32

ole32

gdi32

oleaut32

odbc32

odbcbcp

crypt32

Exports

Exports

Sections

.text Size: 247KB - Virtual size: 247KB

.data Size: 1KB - Virtual size: 60KB

.rsrc Size: 24KB - Virtual size: 23KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 247KB - Virtual size: 247KB

.data
Size: 1KB - Virtual size: 60KB

.rsrc
Size: 24KB - Virtual size: 23KB

.reloc
Size: 11KB - Virtual size: 10KB