ab74edd4455ba0d434802368d209b1a5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ab74edd4455ba0d434802368d209b1a5_JaffaCakes118
Size

861KB
MD5

ab74edd4455ba0d434802368d209b1a5
SHA1

47424e18be91b51d61dee00a638818f55d19b342
SHA256

aec5fe08b42b897f171bfdfb6b4bb4fbb93d6fa839f84b7b25d2470d892b1054
SHA512

6bf6514b8ce63648ffb4a46c257579ce916aa74fba2916b01b85b8b3651188bd7e68d921bdfa9ba983b83685eb4e016fba660d70a6d18836d67e6ca4ccd7fd3e
SSDEEP

24576:kNrvWzD+Z75wKlxV3tDjIhG4EokARTlg3:Kuv+ZFwKlxJtoLE4Ju

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab74edd4455ba0d434802368d209b1a5_JaffaCakes118

Files

ab74edd4455ba0d434802368d209b1a5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d2d6a82268959048ea2055ac0e9b5810

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

lz32

LZStart
CopyLZFile
LZDone
LZCopy
LZRead
LZCreateFileW
LZOpenFileA
LZInit
LZClose
LZOpenFileW
GetExpandedNameA
LZCloseFile
LZSeek

opengl32

glColor4usv
glVertex4iv
glIndexPointer
glTexEnvi
glVertex3d
glEvalMesh2
glTexCoord4fv
glEvalCoord1f
glRasterPos4s
glRasterPos4fv
wglDescribeLayerPlane
glIsEnabled
glEvalPoint2
glIndexsv
glIndexd
glVertex4fv
glPushMatrix
glColor3f
glTexCoord3f
glVertex4s
glGetMaterialiv
glIndexf
glTexSubImage1D
glIndexdv
glColor4s
glPushName
glGetFloatv
glRenderMode
glColor3i
glVertex4d
glReadBuffer
glLightf

kernel32

IsValidCodePage
EnterCriticalSection
GetTapeParameters
PurgeComm
CreateMailslotW
WriteFileEx
PeekConsoleInputW
FillConsoleOutputCharacterW
VerifyVersionInfoA
SetComputerNameA
CreateActCtxW
GetPrivateProfileSectionNamesA
IsDebuggerPresent
GetVolumePathNamesForVolumeNameW
LoadLibraryA
WriteConsoleOutputA
DosDateTimeToFileTime
VirtualAlloc
GetLogicalDriveStringsW
GlobalSize
SetComPlusPackageInstallStatus
FillConsoleOutputAttribute
ReleaseSemaphore
GetThreadPriority
SetConsoleMode
SetTimerQueueTimer
GetCommModemStatus
lstrcpyA
CreateMutexA
EnumResourceLanguagesA
IsBadCodePtr
RtlZeroMemory
IsValidLocale
CopyLZFile
GetSystemDefaultLCID
GetCurrencyFormatA
GetSystemDefaultLangID
PrivMoveFileIdentityW
GetDevicePowerState
SetFileShortNameA
LeaveCriticalSection
lstrcpyn
GetConsoleCP
ReadConsoleInputW
IsSystemResumeAutomatic
PrivCopyFileExW
OpenJobObjectA
GetUserDefaultLCID
GetPrivateProfileSectionW
GetStartupInfoA

sqlwoa

newMultiByteFromWideCharEx
_PeekMessage@20
_CommDlg_OpenSave_GetFilePath@12
_CreateDialogIndirectParam@20
_SetWindowText@8
_GetFileTitle@12
_CharLower@4
_SetProp@12
_GetModuleFileName@12
_SetWindowLong@12
_GetWindowTextLength@4
_SendDlgItemMessage@20
_WinHelp@16
_GetDiskFreeSpaceEx@16
_LoadString@16
ConvertMultiSZNameToW
_FormatMessage@28
_DeleteFile@4
_CommDlg_OpenSave_GetSpec@12
_GetWindowText@12
newMultiByteFromWideChar
_GetOpenFileName@4
newWideCharFromMultiByte
_GetClassInfo@12
_MoveFile@8
_GetProp@8
_IsDialogMessage@8
_GetUserName@8
AllocConvertMultiSZNameToA
_GetSaveFileName@4
_GetDlgItemText@16
_CreateFile@28
_ExtTextOut@32
_tsystem
_GetTextExtentPoint@16
_LoadBitmap@8

msvcrt40

_spawnl
_wspawnle
?fail@ios@@QBEHXZ
_mbsrev
iswalpha
?seekp@ostream@@QAEAAV1@JW4seek_dir@ios@@@Z
fputc
??6ostream@@QAEAAV0@E@Z
??5istream@@QAEAAV0@AAF@Z
_winver
_mbccpy
?rdbuf@stdiostream@@QBEPAVstdiobuf@@XZ
??_8ostream@@7B@
??6ostream@@QAEAAV0@PBD@Z
_assert
localtime
??1strstream@@UAE@XZ
_chmod
__p___argv
?str@strstream@@QAEPADXZ
_ismbstrail
_mtlock
_exit
_ismbcalpha
_getws

dnsapi

DnsCreateReverseNameStringForIpAddress
DnsFree
DnsExtractRecordsFromMessage_W
DnsRecordCopyEx
DnsApiFree
DnsFlushResolverCacheEntry_A
DnsFlushResolverCacheEntry_UTF8
DnsReleaseContextHandle
DnsModifyRecordsInSet_A
DnsGetLastFailedUpdateInfo
DnsDhcpSrvRegisterInit
Dns_ReadPacketName
DnsNameCompare_UTF8
Dns_CloseConnection
DnsNotifyResolver
NetInfo_Copy
DnsValidateName_W
Dns_WriteQuestionToMessage
DnsValidateName_UTF8
DnsGetPrimaryDomainName_A
DnsRecordBuild_W
DnsQueryExW
NetInfo_Build
Dns_ResetNetworkInfo
DnsQueryExUTF8
DnsGetDnsServerList
Dns_GetRandomXid
NetInfo_Free
DnsQueryConfigAllocEx
DnsReplaceRecordSetA
QueryDirectEx
Dns_ParsePacketRecord
Dns_PingAdapterServers
BreakRecordsIntoBlob

sqlsrv32

SQLRowCount
SQLPrimaryKeysW
SQLBrowseConnectW
FinishDlgProc
SQLGetTypeInfoW
SQLDescribeColW
SQLCopyDesc
SQLSetDescRec
SQLPutData
SQLFetch
BCP_colfmt
SQLGetDescFieldW
TestDlgProc
SQLNumResultCols
SQLGetCursorNameW
BCP_init
BCP_control
SQLSetPos
BCP_bind
SQLDescribeParam
BCP_sendrow
SQLGetEnvAttr
SQLGetDescRecW
SQLGetDiagFieldW
SQLFetchScroll
SQLFreeStmt
SQLMoreResults

Sections

.text
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 222KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 453KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2d6a82268959048ea2055ac0e9b5810

Headers

DLL Characteristics

File Characteristics

Imports

lz32

opengl32

kernel32

sqlwoa

msvcrt40

dnsapi

sqlsrv32

Sections

.text Size: 182KB - Virtual size: 182KB

.rdata Size: 222KB - Virtual size: 222KB

.data Size: 453KB - Virtual size: 1.9MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 182KB - Virtual size: 182KB

.rdata
Size: 222KB - Virtual size: 222KB

.data
Size: 453KB - Virtual size: 1.9MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB