a3955976e4cc23849407a9cd00b7abc9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a3955976e4cc23849407a9cd00b7abc9_JaffaCakes118
Size

867KB
MD5

a3955976e4cc23849407a9cd00b7abc9
SHA1

10cd7096ce2e3e91abd38e8d2dc680810e1512c1
SHA256

99eb85406d858d2a9b88649f1203f95a92245d4f827d5ceee2b482d47c622a0a
SHA512

38f960e0064b59fc41cef56470a1af5203fc60d4461198f75ea0eaf80967463089ce7109eed02082c846db267e11a50366a3870ff0a38e8a29e41d23ddedcaf5
SSDEEP

24576:DHXF8t2T3ryv9KBUoscMAL4QPP9ESmKnAv9:7XitbMBUnytESmV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a3955976e4cc23849407a9cd00b7abc9_JaffaCakes118

Files

a3955976e4cc23849407a9cd00b7abc9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

20ce77620578b59ab921124d3c08eea4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

duser

UnregisterGadgetMessageString
GetStdColorPenF
GetStdColorPenI
SetGadgetMessageFilter
UnregisterGadgetProperty
GetGadget
GetGadgetRootInfo
FireGadgetMessages
DUserDeleteGadget
RemoveGadgetProperty
DUserStopAnimation
GetGadgetFocus
FindStdColor
UtilGetColor
UtilDrawOutlineRect
GetGadgetStyle
SetGadgetBufferInfo
DUserGetAlphaPRID
AttachWndProcA
DUserGetRectPRID
SetGadgetRotation
GetGadgetSize
GetStdColorF
PeekMessageExW
DUserSendMethod
GetGadgetTicket
DUserRegisterStub
EnumGadgets
DUserRegisterGuts
GetGadgetCenterPoint
DUserFindClass
SetGadgetOrder
DUserCastClass
SetGadgetFocus
SetGadgetFillI
RemoveGadgetMessageHandler
DUserCastHandle
BuildAnimation
GetDebug
IsStartDelete
InitGadgetComponent
DUserGetGutsData

msdart

?sm_wDefaultSpinCount@CSmallSpinLock@@1GA
mpMalloc
?IsMillnm@CMdVersionInfo@@SAHXZ
?SetSpinCount@CFakeLock@@QAE_NG@Z
?IsUsable@CLKRHashTable@@QBE_NXZ
?sm_wDefaultSpinCount@CSpinLock@@1GA
?GetDefaultSpinAdjustmentFactor@CReaderWriterLock3@@SGNXZ
?Last@CDoubleList@@QBEQAVCListEntry@@XZ
MpHeapAlloc
?WriteLock@CLKRHashTable@@QAEXXZ
?_Initialize@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@P6G?BKPBX@ZP6GKK@ZP6G_NKK@ZP6GX0H@ZPBDNK@Z
?SetDefaultSpinCount@CReaderWriterLock3@@SGXG@Z
?_CalcKeyHash@CLKRHashTable@@ABEKK@Z
?ConvertSharedToExclusive@CCritSec@@QAEXXZ
?ReadOrWriteLock@CSpinLock@@QAE_NXZ
??4CLKRHashTableStats@@QAEAAV0@ABV0@@Z
??4CReaderWriterLock2@@QAEAAV0@ABV0@@Z
??0CLockedDoubleList@@QAE@XZ
?Clear@CLKRLinearHashTable@@QAEXXZ
??0CLKRHashTableStats@@QAE@XZ
?IsWriteUnlocked@CSpinLock@@QBE_NXZ
?SetSpinCount@CSpinLock@@QAE_NG@Z
?FindRecord@CLKRHashTable@@QBE?AW4LK_RETCODE@@PBX@Z
?sm_llGlobalList@CLKRLinearHashTable@@0VCLockedDoubleList@@A
??0CLockedSingleList@@QAE@XZ
?IsReadUnlocked@CLKRLinearHashTable@@QBE_NXZ
?ConvertSharedToExclusive@CLKRHashTable@@QBEXXZ
?ConvertSharedToExclusive@CSmallSpinLock@@QAEXXZ
?GetSpinCount@CSmallSpinLock@@QBEGXZ
?IsEmpty@CDoubleList@@QBE_NXZ
?_ReadLockSpin@CReaderWriterLock@@AAEXXZ
?_ExtractKey@CLKRLinearHashTable@@ABE?BKPBX@Z

kernel32

GetTimeZoneInformation
ReadConsoleOutputAttribute
GetVolumeNameForVolumeMountPointA
CreateTapePartition
SetTimerQueueTimer
EnumResourceNamesW
CreateProcessInternalW
GetNumaProcessorNode
CreateConsoleScreenBuffer
SetComputerNameExA
SetConsoleNumberOfCommandsW
FoldStringW
ConvertThreadToFiber
PostQueuedCompletionStatus
LocalAlloc
SetConsoleOutputCP
BackupSeek
SetVolumeMountPointA
QueryActCtxW
SetLocalPrimaryComputerNameA
CancelWaitableTimer
GetPrivateProfileStringW
SetConsoleInputExeNameW
GetBinaryTypeW
VirtualAlloc
GetThreadLocale
GlobalHandle
IsValidLocale
RemoveDirectoryA
GetSystemWindowsDirectoryW
SetCommMask
LocalCompact
GetConsoleCursorMode
GlobalDeleteAtom
InterlockedFlushSList
LoadLibraryA
GetDiskFreeSpaceExW
GetDefaultCommConfigW
WritePrivateProfileStructW
CreateThread
GetConsoleAliasExesA
GetLogicalDriveStringsW
GetDevicePowerState
lstrcpynA
GetBinaryType
GetCurrentThreadId

odbctrac

TraceSQLBrowseConnectW
TraceSQLPrepareW
TraceSQLGetInfo
TraceSQLStatistics
TraceSQLConnectW
TraceSQLNumResultCols
TraceSQLGetDiagFieldW
TraceCloseLogFile
TraceSQLNumParams
TraceSQLBindParam
TraceSQLDriverConnect
TraceSQLDisconnect
TraceSQLColumns
TraceSQLConnect
TraceSQLExecDirect
TraceSQLError
TraceVersion
TraceSQLFetchScroll
TraceSQLColAttribute
TraceSQLDriversW
TraceSQLFetch
FireVSDebugEvent
TraceSQLGetDescRecW
TraceSQLSetDescFieldW
TraceSQLSetEnvAttr
TraceSQLGetCursorNameW
TraceSQLColAttributesW
TraceSQLPrimaryKeys
TraceSQLSetDescRec
TraceSQLFreeEnv
TraceSQLStatisticsW
TraceSQLSetPos
TraceSQLGetDescRec
TraceSQLAllocConnect
TraceSQLTablePrivilegesW
TraceSQLFreeConnect
TraceSQLFreeHandle
TraceSQLTables
TraceSQLPrimaryKeysW
TraceSQLGetTypeInfo
TraceSQLGetCursorName
TraceSQLCopyDesc
TraceSQLBrowseConnect
TraceVSControl

oleaut32

VarI4FromDate
VarBstrFromDate
VarI8FromDisp
SafeArrayUnlock
VarUI4FromCy
BstrFromVector
SafeArraySetRecordInfo
VarI1FromDisp
OleIconToCursor
VarUI2FromR4
VarUI8FromBool
VarUI8FromDisp
GetActiveObject
VarI4FromUI2
VarR4FromDec
OaBuildVersion
VarCyCmp
VarFormat
VarR8FromDisp
VarI8FromR8
VarTokenizeFormatString
SetOaNoCache
VarR8FromUI4
SysAllocString
LPSAFEARRAY_UserUnmarshal
SysReAllocString
DispGetParam
VarFormatNumber
VarUI2FromUI4
VarDecFromI1
VarBoolFromUI2
OleCreateFontIndirect
VarI1FromBool
DosDateTimeToVariantTime
VarUI1FromStr

comctl32

FlatSB_GetScrollInfo
PropertySheetA
FlatSB_EnableScrollBar
ImageList_GetDragImage
GetEffectiveClientRect
UninitializeFlatSB
CreatePropertySheetPageA
ImageList_AddMasked
CreateStatusWindowA
InitCommonControls
FlatSB_SetScrollProp
ImageList_GetImageInfo
ImageList_Duplicate
ShowHideMenuCtl
ImageList_Merge
ImageList_Create
ImageList_DragMove
ImageList_DragEnter
FlatSB_GetScrollPos
ImageList_SetIconSize
DrawStatusTextW
CreatePropertySheetPage
ImageList_Destroy
ImageList_GetBkColor
PropertySheet
DrawStatusText
ImageList_GetFlags
ImageList_GetIconSize
ImageList_Draw
ImageList_SetOverlayImage
ImageList_DrawEx
ImageList_LoadImage
ImageList_SetBkColor
ImageList_GetImageRect
InitMUILanguage
GetMUILanguage
_TrackMouseEvent
FlatSB_GetScrollProp
FlatSB_SetScrollInfo
DestroyPropertySheetPage
ImageList_SetDragCursorImage
CreateToolbar
ImageList_LoadImageA
ImageList_AddIcon
ImageList_DragShowNolock

Sections

.text
Size: 343KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 313KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20ce77620578b59ab921124d3c08eea4

Headers

DLL Characteristics

File Characteristics

Imports

duser

msdart

kernel32

odbctrac

oleaut32

comctl32

Sections

.text Size: 343KB - Virtual size: 343KB

.rdata Size: 204KB - Virtual size: 204KB

.data Size: 313KB - Virtual size: 1.7MB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 343KB - Virtual size: 343KB

.rdata
Size: 204KB - Virtual size: 204KB

.data
Size: 313KB - Virtual size: 1.7MB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 1024B