adb4ebeced3082d52761cb62776990db_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

adb4ebeced3082d52761cb62776990db_JaffaCakes118
Size

870KB
MD5

adb4ebeced3082d52761cb62776990db
SHA1

3d5f9e21547474608b3148996e4505ef46e16751
SHA256

8cc198342e5f61b8902716880f96c5ef9b43224eaef613b310eb50ad5b7d75a0
SHA512

0725bec94ca9606cc564ebbc831114838a9f8665bbc4e6bdcead64e97b78f4531cc09a711951ee0584e117241b443eb46b23375216266ec63b683e3a442abf57
SSDEEP

24576:G6QVgeSbWmPJi7ffhPnpdA1Fh2nV9210jec8t4ha3ian:GlV8bPs3h/pdx9ljD8tMh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
adb4ebeced3082d52761cb62776990db_JaffaCakes118

Files

adb4ebeced3082d52761cb62776990db_JaffaCakes118
.exe windows:5 windows x86 arch:x86

05aadf21ab138b5abf3d6050bc8f0b19

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

query

?Grow@CDynStream@@QAEXAAVPStorage@@K@Z
?OpenRecord@CPropStoreManager@@QAEPAVCCompositePropRecord@@KPAE@Z
?SkipGUID@CMemDeSerStream@@UAEXXZ
??3CDbCmdTreeNode@@SGXPAX@Z
?GetStr@CKeyBuf@@QBEPAGXZ
??1CNodeRestriction@@QAE@XZ
?GetCommandChar@CQueryScanner@@QAEGXZ
?Release@CEmptyPropertyList@@UAGKXZ
_StopFWCiSvcWork@16
?StrLen@CKeyBuf@@QBEIXZ
?Copy@CDbProp@@QAEHABUtagDBPROP@@@Z
?Init@CSdidLookupTable@@QAEHPAVCiStorage@@@Z
??0CPropertyRestriction@@QAE@XZ
??0CRequestClient@@QAE@PBGPAUIDBProperties@@@Z
?Commit@CRcovStrmWriteTrans@@QAEXXZ
?GetStorage@CPropStoreManager@@QAEAAVPStorage@@K@Z
??0CMemSerStream@@QAE@I@Z
?MakeISearch@@YGJPAPAUISearchQueryHits@@PAVCDbRestriction@@PBG@Z
??1CDFA@@QAE@XZ
?SetEndKey@CRangeRestriction@@QAEXABVCKeyBuf@@@Z
?SetCurrentProperty@CQueryParser@@AAEXPBGW4PropertyType@@@Z
?RemoveCatalog@CMachineAdmin@@QAEXPBGH@Z
?GetProperties@CGetDbProps@@QAEXPAUIDBProperties@@K@Z
?SkipWChar@CMemDeSerStream@@UAEXK@Z
?VerifyThreadHasAdminPrivilege@@YGXXZ
??0CFullPropSpec@@QAE@ABV0@@Z
?Clone@CEnumString@@UAGJPAPAUIEnumString@@@Z
?GetBOOL@CAllocStorageVariant@@QBEFI@Z
?Skip@CEnumString@@UAGJK@Z
?PropertyToPropId@CStandardPropMapper@@QAEKABVCFullPropSpec@@H@Z
?ReadProperty@CPropStoreManager@@QAEHAAVCCompositePropRecord@@KAAUtagPROPVARIANT@@@Z
CIMakeICommand
?Recognize@CDFA@@QAEEPBG@Z
??0CVirtualString@@QAE@I@Z
?MultiByteToXArrayWideChar@@YGKPBEKIAAV?$XArray@G@@@Z
?GetDouble@CMemDeSerStream@@UAENXZ
?FormQueryTree@@YGPAVCDbCmdTreeNode@@AAV1@AAVCCatState@@PAUIColumnMapper@@HH@Z
LoadTextFilter
?IsPaused@CCatalogAdmin@@QAEHXZ
?QueryPidLookupTable@CiStorage@@QAEPAVPRcovStorageObj@@K@Z
??1CVirtualString@@QAE@XZ
?Empty@CPropStoreManager@@QAEXXZ
?Get@CRegAccess@@QAEKPBG@Z
??0CDbColId@@QAE@ABV0@@Z
?Commit@CRcovStrmAppendTrans@@QAEXXZ

polstore

IPSecDeletePolicyData
IPSecDeleteNegPolData
IPSecFreeNegPolData
IPSecClosePolicyStore
IPSecFreeMulISAKMPData
IPSecEnumPolicyData
IPSecGetISAKMPData
IPSecEnumNFAData
IPSecCreateISAKMPData
IPSecAssignPolicy
IPSecCopyFilterSpec
IPSecDeleteISAKMPData
IPSecCreatePolicyData
IPSecDeleteFilterData
IPSecGetNegPolData
IPSecEnumNegPolData
IPSecFreePolStr
IPSecFreeISAKMPData
IPSecFreeMulPolicyData
IPSecDeleteNFAData
IPSecCopyNFAData
IPSecFreeFilterSpecs
IPSecExportPolicies
IPSecEnumFilterData
IPSecGetAssignedPolicyData
IPSecSetFilterData
IPSecCopyPolicyData
IPSecFreeMulNFAData
IPSecCreateNegPolData
IPSecCopyISAKMPData
IPSecEnumISAKMPData
IPSecSetNFAData
IPSecFreeFilterData
IPSecFreeMulFilterData
IPSecCopyFilterData
IPSecCopyAuthMethod
IPSecUnassignPolicy
IPSecOpenPolicyStore
IPSecImportPolicies
IPSecAllocPolStr

ole32

CreateILockBytesOnHGlobal
OleGetIconOfClass
CoGetTreatAsClass
HICON_UserUnmarshal
CoRegisterMessageFilter
STGMEDIUM_UserUnmarshal
HACCEL_UserSize
GetErrorInfo
HPALETTE_UserSize
StgCreateDocfile
OleQueryLinkFromData
ProgIDFromCLSID
HPALETTE_UserUnmarshal
FreePropVariantArray
CoRegisterMallocSpy
OleGetAutoConvert
HENHMETAFILE_UserUnmarshal
CLSIDFromString
CoTaskMemFree
CreateClassMoniker
StgOpenAsyncDocfileOnIFillLockBytes
CoUnloadingWOW
CoGetCurrentLogicalThreadId
CoReleaseMarshalData
StgCreateDocfileOnILockBytes
HENHMETAFILE_UserMarshal
CoInitializeSecurity
ComPs_NdrDllUnregisterProxy
OleDoAutoConvert
CoCopyProxy
UtConvertDvtd16toDvtd32
WdtpInterfacePointer_UserUnmarshal
UpdateDCOMSettings
OleSetMenuDescriptor
OleConvertOLESTREAMToIStorageEx
CoGetStandardMarshal
RegisterDragDrop
CoRegisterClassObject

msvcrt

_ftol
putwchar
_fpreset
_wutime64
__p__pgmptr
sqrt
_atoi64
abs
_flsbuf
_adj_fptan
atan2
_CIfmod
_ftime
__set_app_type
__p__daylight
wcsxfrm
_lseek
__argc
_safe_fprem1
_EH_prolog
??4__non_rtti_object@@QAEAAV0@ABV0@@Z
__getmainargs
__p__wenviron
perror
fscanf
_spawnlp
_wcsnset
_clearfp
labs
mbtowc
wcscat
putwc
_adj_fdiv_r
wctomb
_mbschr
?before@type_info@@QBEHABV1@@Z
memcpy
_assert
feof
_mbsncat
_wfindnext
_j0
_cprintf
_ismbbalnum
_cputs
remove
_pipe
exit
__p__commode
_dup
_wenviron
_ecvt
_callnewh
iswxdigit
_strlwr
wcsftime
_wremove
_cwait
_getpid
_ismbbkalnum
_lrotl
_read
_tell
_wstati64
_vscwprintf

user32

SetClassLongW
SendInput
SetMessageQueue
SetDoubleClickTime
RemoveMenu
GetMessageW
CreateWindowExA
GetClassNameA
DdeReconnect
EndDialog
SetWindowPos
DrawCaptionTempW
BeginPaint
LoadCursorFromFileA
DestroyReasons
DialogBoxParamA
LoadKeyboardLayoutA
TranslateMessage
DragDetect
DdeEnableCallback
SetPropA
LoadKeyboardLayoutEx
ClientToScreen
CheckRadioButton
SwitchToThisWindow
PeekMessageW
PostThreadMessageA
TileWindows
CreateAcceleratorTableW
DdeDisconnectList
GetMenuItemID
GetRawInputBuffer
GetMessagePos
IsCharAlphaA
RegisterHotKey
SetMenuItemBitmaps
CopyIcon
CopyAcceleratorTableW
SetWindowContextHelpId
KillTimer

kernel32

LoadLibraryA
SetLastError
IsWow64Process
CompareStringW
lstrcpynW
Module32FirstW
FindFirstVolumeMountPointW
CreateMailslotA
HeapSummary
OpenFileMappingA
DeleteFileW
SetupComm
GetLongPathNameA
CreateActCtxA
CreateMutexA
GetLogicalDriveStringsW
GetExitCodeThread
WriteFile
GetCommMask
lstrcpy
OutputDebugStringA
GetSystemTimeAsFileTime
ReadConsoleOutputA
ShowConsoleCursor
GetSystemDefaultLangID
GlobalUnlock
VirtualAlloc
GetLastError
ReplaceFileW
SetLocalTime
GetProcessHeap
RtlZeroMemory
GetConsoleInputWaitHandle
lstrcpyn
GetTickCount

Sections

.text
Size: 380KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 361KB - Virtual size: 361KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 125KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

05aadf21ab138b5abf3d6050bc8f0b19

Headers

DLL Characteristics

File Characteristics

Imports

query

polstore

ole32

msvcrt

user32

kernel32

Sections

.text Size: 380KB - Virtual size: 380KB

.rdata Size: 361KB - Virtual size: 361KB

.data Size: 125KB - Virtual size: 1.6MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 380KB - Virtual size: 380KB

.rdata
Size: 361KB - Virtual size: 361KB

.data
Size: 125KB - Virtual size: 1.6MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB