af358f8904472c864b42caa1b81059c0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

af358f8904472c864b42caa1b81059c0_JaffaCakes118
Size

864KB
MD5

af358f8904472c864b42caa1b81059c0
SHA1

7803c8495bb08ccab73e2de79d32bcff4375863b
SHA256

f08adb7fac7ffaec4917c96100c450a648e2837ffef3baa6c45852a661ec1af6
SHA512

23b72ddea84ae14198b8c74c7eb92c9feefe6286e2bc69eed10f65f07c78131516a3d04850151f28c5c68dedcfe7862975c737124511013198deb9dbe8ce59b4
SSDEEP

24576:1ZVh8ra9edei6PeXX7rvlSCSB/B1iZ4COo3BX:xhonX7xSCSJ1iSCOo3B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af358f8904472c864b42caa1b81059c0_JaffaCakes118

Files

af358f8904472c864b42caa1b81059c0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

67723476dc5fe0f9a2863201ac75c93d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

query

??1?$XPtr@VCDbProjectListAnchor@@@@QAE@XZ
?Marshall@CDbParameter@@QBEXAAVPSerStream@@@Z
?GetPhysicalPath@CWebServer@@QAEKPBGPAGKK@Z
?GetGlobalPropListFile@@YGPAVCPropListFile@@XZ
?Marshall@CFullPropSpec@@QBEXAAVPSerStream@@@Z
?FindPropid@CPidLookupTable@@QAEHABVCFullPropSpec@@AAKH@Z
??1CFullPropSpec@@QAE@XZ
??0CFullPath@@QAE@PBGI@Z
??0CPerfMon@@QAE@PBG@Z
FsCiShutdown
?Shutdown@CWorkQueue@@QAEXXZ
?ciDelete@@YGXPAX@Z
?SkipUShort@CMemDeSerStream@@UAEXXZ
??0CImpersonationTokenCache@@QAE@PBG@Z
??3CDbContent@@SGXPAX@Z
?PutWString@@YGXAAVPSerStream@@PBG@Z
?WritePropertyInNewRecord@CPropStoreManager@@QAEKKABVCStorageVariant@@@Z
?QueryInterface@CEmptyPropertyList@@UAGJABU_GUID@@PAPAX@Z
?SkipDouble@CMemDeSerStream@@UAEXXZ
??0CNormalizer@@QAE@AAVPNoiseList@@@Z
?URLEscapeW@@YGXPBGAAVCVirtualString@@KH@Z
?LookupSDID@CSdidLookupTable@@QAEKPAXK@Z
BindIFilterFromStream
?ReturnBuffer@CPhysStorage@@QAEXKHH@Z
?ReleaseWorkThreads@CWorkQueue@@QAEXXZ
??1CDbQueryResults@@QAE@XZ
?VT_VARIANT_GT@@YGHABUtagPROPVARIANT@@0@Z
?GetNumber@CQueryScanner@@QAEHAAKAAH@Z
?ParseTree@CParseCommandTree@@QAEXPAVCDbCmdTreeNode@@@Z
?AddArg@CEventItem@@QAEXK@Z
?IsImpersonated@CImpersonateSystem@@SGHXZ
?InitIterator@CPropertyList@@UAEXXZ
??0CPropertyValueParser@@QAE@AAVCQueryScanner@@GK@Z
?StopCI@CMachineAdmin@@QAEHXZ

user32

RealGetWindowClass
GetLastInputInfo
mouse_event
DefDlgProcW
SetDlgItemInt
SoftModalMessageBox
SetCapture
IsWindow
GrayStringA
TrackPopupMenuEx
SetUserObjectInformationA
IsCharAlphaA
DrawEdge
DdeQueryConvInfo
VkKeyScanW
DeregisterShellHookWindow
EnumDesktopsA
GetRawInputDeviceList
SwitchToThisWindow
RegisterClassExA
MapDialogRect
RegisterShellHookWindow
RegisterMessagePumpHook
PrivateExtractIconExA
LockWindowUpdate
RegisterClassW
CheckDlgButton
UpdatePerUserSystemParameters
GetMenuStringA
MsgWaitForMultipleObjects
SetProcessDefaultLayout
WINNLSGetIMEHotkey
CharToOemA
DeferWindowPos
SetClipboardData
UnpackDDElParam
GetDoubleClickTime
DialogBoxParamA
DragDetect
GetDlgItemTextW
EnumDisplayDevicesA
SetWindowStationUser
DlgDirSelectExW

mapistub

HexFromBin@12
ScGenerateMuid@4
HrSzFromEntryID@12
MNLS_lstrlenW@4
SetAttribIMsgOnIStg@16
MAPIDeinitIdle@0
DeregisterIdleRoutine@4
OpenTnefStream
MNLS_WideCharToMultiByte@32
HrGetOmiProvidersFlags
HrValidateParameters@8
MNLS_MultiByteToWideChar@24
FreePadrlist@4
FtAdcFt@20
MAPIFindNext
HrQueryAllRows@24
SzFindSz@8
WrapStoreEntryID@24
MAPIAdminProfiles@8
MAPISendMail
BMAPIDetails
MNLS_IsBadStringPtrW@8
cmc_read
BMAPIAddress
EnableIdleRoutine@8

comctl32

FlatSB_SetScrollRange
ImageList_SetDragCursorImage
CreateStatusWindowA
InitCommonControls
CreateStatusWindowW
ImageList_AddMasked
MakeDragList
CreateUpDownControl
ImageList_Replace
DrawStatusText
DllGetVersion
ImageList_SetFlags
ImageList_SetBkColor
DrawStatusTextA
ImageList_SetImageCount
ImageList_ReplaceIcon
DestroyPropertySheetPage
FlatSB_SetScrollProp
ImageList_GetDragImage
UninitializeFlatSB
ImageList_Remove
ImageList_SetOverlayImage
ImageList_BeginDrag
FlatSB_GetScrollRange
ImageList_DragEnter
ImageList_GetIconSize
FlatSB_GetScrollPos
ImageList_LoadImage
ImageList_EndDrag
CreateStatusWindow
ImageList_GetImageRect
ImageList_Create
ImageList_GetImageInfo

kernel32

LoadLibraryA
ChangeTimerQueueTimer
GetThreadSelectorEntry
EnumSystemLanguageGroupsA
QueryInformationJobObject
IsSystemResumeAutomatic
IsBadReadPtr
lstrcpynW
ReadFileEx
Toolhelp32ReadProcessMemory
SetTapePosition
GetEnvironmentStringsA
GlobalCompact
GlobalUnfix
GlobalMemoryStatusEx
GetConsoleNlsMode
HeapUnlock
IsValidLocale
UnlockFileEx
GlobalFix
ReadDirectoryChangesW
GetConsoleSelectionInfo
CreateMutexA
ReplaceFileA
SetHandleInformation
InitializeCriticalSectionAndSpinCount
DeactivateActCtx
GetProcessShutdownParameters
HeapQueryInformation
CreateFiberEx
GetTempPathA
EnterCriticalSection
CreateSocketHandle
GetConsoleKeyboardLayoutNameW
ReplaceFileW
UTRegister
GetPrivateProfileStringW
IsProcessorFeaturePresent
RegisterWaitForInputIdle
SetThreadPriorityBoost
GlobalHandle
WriteFileEx
LocalFileTimeToFileTime
WriteConsoleInputW
GetConsoleAliasesLengthA
CancelDeviceWakeupRequest
GetNumberOfConsoleInputEvents
GetVersionExA
GetUserDefaultLCID
FindVolumeClose
VirtualAlloc
SetConsoleInputExeNameW
CreateNamedPipeW
FindResourceA
DelayLoadFailureHook
GetProcAddress
ExpungeConsoleCommandHistoryW
WriteProfileStringW
ReadConsoleOutputAttribute
AddAtomW
GetStringTypeA
CloseHandle
SetFileShortNameA
DeleteCriticalSection
OpenJobObjectA
RegisterWowBaseHandlers
GlobalSize
BaseDumpAppcompatCache
VDMOperationStarted
GetDefaultCommConfigA
RtlMoveMemory
SetThreadAffinityMask
IsValidCodePage
CompareFileTime
DeleteVolumeMountPointA
CopyLZFile
Process32NextW
lstrcatW
HeapAlloc
OutputDebugStringA
EnumTimeFormatsA
LocalAlloc

perfproc

OpenSysProcessObject
CloseSysProcessObject
CollectSysProcessObjectData

Sections

.text
Size: 416KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 132KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67723476dc5fe0f9a2863201ac75c93d

Headers

DLL Characteristics

File Characteristics

Imports

query

user32

mapistub

comctl32

kernel32

perfproc

Sections

.text Size: 416KB - Virtual size: 416KB

.rdata Size: 312KB - Virtual size: 312KB

.data Size: 132KB - Virtual size: 1.6MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 416KB - Virtual size: 416KB

.rdata
Size: 312KB - Virtual size: 312KB

.data
Size: 132KB - Virtual size: 1.6MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB