b97ed3b34bfd1cdb852b94eb1a1f0889_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b97ed3b34bfd1cdb852b94eb1a1f0889_JaffaCakes118
Size

852KB
MD5

b97ed3b34bfd1cdb852b94eb1a1f0889
SHA1

9c375842ee1987612ac90419c3b5e9ae83082513
SHA256

5601008eb3b8590c5f255bda1f5437d0b3bc6a63caaf304f2446fc83ae48f87f
SHA512

af0f03f291b21930c439a3f91dfa282d4ef2a4457c8ecdea132bf16b66a32c6aa243c08e0197f2151b6fbc00af6053dbafd328cc9ae5b03f1430fb8816e56971
SSDEEP

24576:yLj+H4f7XxllTQV6KPLKLJjhsphPNR2NKl49AZB:yLCYTh+6ELkhi32MpB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b97ed3b34bfd1cdb852b94eb1a1f0889_JaffaCakes118

Files

b97ed3b34bfd1cdb852b94eb1a1f0889_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ba532e6dcb6f527b79499530d0ed464c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcp60

?min@?$numeric_limits@N@std@@SANXZ
?scan_not@?$ctype@D@std@@QBEPBDFPBD0@Z
?do_grouping@?$_Mpunct@D@std@@MBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?clear@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?signaling_NaN@?$numeric_limits@E@std@@SAEXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
?_Stinit@?1??_Init@?$basic_filebuf@GU?$char_traits@G@std@@@std@@IAEXPAU_iobuf@@W4_Initfl@23@@Z@4HA
??4runtime_error@std@@QAEAAV01@ABV01@@Z
?real@std@@YAOABV?$complex@O@1@@Z
?sputbackc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?max@?$numeric_limits@K@std@@SAKXZ
_FDscale
?pubimbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??Dstd@@YA?AV?$complex@N@0@ABV10@0@Z
?_Getfacet@locale@std@@QBEPBVfacet@12@I_N@Z
??_7?$basic_ofstream@DU?$char_traits@D@std@@@std@@6B@
??1?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@UAE@XZ
?real@?$_Complex_base@N@std@@QBENXZ
??0?$moneypunct@G$0A@@std@@QAE@ABV_Locinfo@1@I@Z
??Dstd@@YA?AV?$complex@N@0@ABNABV10@@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAE@Z
?do_max_length@codecvt_base@std@@MBEHXZ
?round_error@?$numeric_limits@F@std@@SAFXZ
?scan_is@?$ctype@D@std@@QBEPBDFPBD0@Z
??_D?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAEXXZ
?_Isinf@?$_Ctr@N@std@@SA_NN@Z
?do_neg_format@?$_Mpunct@G@std@@MBE?AUpattern@money_base@2@XZ
??4?$numeric_limits@M@std@@QAEAAV01@ABV01@@Z
??Dstd@@YA?AV?$complex@M@0@ABV10@0@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
?_Init@?$ctype@D@std@@IAEXABV_Locinfo@2@@Z
?sinh@std@@YA?AV?$complex@M@1@ABV21@@Z
?_Initcvt@?$basic_filebuf@GU?$char_traits@G@std@@@std@@IAEXXZ
?eof@ios_base@std@@QBE_NXZ
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBD@Z
?opfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE_NXZ
??_F?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?wcerr@std@@3V?$basic_ostream@GU?$char_traits@G@std@@@1@A
?imag@?$_Complex_base@O@std@@QBEOXZ
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@N@0@@Z
?do_length@?$codecvt@DDH@std@@MBEHAAHPBD1I@Z
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEHIIPBGI@Z
??_F?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@XZ
?pubseekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@JFF@Z
??Dstd@@YA?AV?$complex@O@0@ABOABV10@@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??_7?$numpunct@G@std@@6B@
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?_Getcat@?$collate@G@std@@SAIXZ
??_F?$complex@M@std@@QAEXXZ
?_Mode@?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEHH@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?underflow@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@MAEHXZ
??0?$_Complex_base@O@std@@QAE@ABO0@Z
?id@?$moneypunct@D$0A@@std@@2V0locale@2@A
?ws@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@1@AAV21@@Z
??4__non_rtti_object@std@@QAEAAV01@ABV01@@Z
?do_narrow@?$ctype@G@std@@MBEPBGPBG0DPAD@Z
?epsilon@?$numeric_limits@E@std@@SAEXZ
??_7?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
?seekp@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IABV12@II@Z
?_Cosh@?$_Ctr@O@std@@SAOOO@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??4?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
??Gstd@@YA?AV?$complex@O@0@ABV10@0@Z
??_7?$basic_filebuf@GU?$char_traits@G@std@@@std@@6B@
?_Init@strstreambuf@std@@IAEXHPAD0H@Z
?ignore@?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV12@HG@Z
?_Doraise@out_of_range@std@@MBEXXZ
?id@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@2V0locale@2@A
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z

kernel32

EnumCalendarInfoExW
RequestWakeupLatency
GetStartupInfoA
CreateFiber
LeaveCriticalSection
GetPrivateProfileStringA
GetConsoleProcessList
SetMessageWaitingIndicator
TermsrvAppInstallMode
DeleteCriticalSection
SetFileApisToOEM
EscapeCommFunction
QueryActCtxW
CancelDeviceWakeupRequest
GetSystemDefaultLangID
ActivateActCtx
GetModuleHandleExA
GetVolumePathNamesForVolumeNameA
RtlMoveMemory
FindFirstVolumeMountPointW
FindNextChangeNotification
GetConsoleInputWaitHandle
CreateJobObjectW
EnumResourceLanguagesW
IsProcessInJob
DeleteFileW
GetConsoleAliasesW
AddConsoleAliasA
IsBadWritePtr
EnumLanguageGroupLocalesA
GetProcessAffinityMask
CreateSemaphoreA
SetHandleInformation
DisconnectNamedPipe
EndUpdateResourceW
LoadLibraryA
SetComputerNameA
CreateEventW
EnterCriticalSection
VirtualAlloc
ExitProcess
DnsHostnameToComputerNameW

query

?GetSZParam@CMachineAdmin@@QAEHPBGPAGK@Z
??0CColumns@@QAE@ABV0@@Z
??0CFullPath@@QAE@PBG@Z
?AddArg@CFwEventItem@@QAEXK@Z
?SetColumn@CCatState@@QAEXPBGI@Z
?Marshall@CDbCmdTreeNode@@QBEXAAVPSerStream@@@Z
InitializeCIISAPIPerformanceData
?Get@CWin32RegAccess@@QAEHPBGPAGIH@Z
?AddTable@CDbNestingNode@@QAEHPAVCDbCmdTreeNode@@@Z
?DisableNotification@CRegNotify@@QAEXXZ
?URLEscapeW@@YGXPBGAAVCVirtualString@@KH@Z
?IsCIStopped@CMachineAdmin@@QAEHXZ
?Marshall@CDbParameter@@QBEXAAVPSerStream@@@Z
?Initialize@CImpersonationTokenCache@@QAEXPBGHHHKKK@Z
??1CScopeEnum@@QAE@XZ
?SetDATE@CStorageVariant@@QAEXNI@Z
??0CGenericCiProxy@@QAE@AAVCSharedNameGen@@KK@Z
?Next@CStaticPropertyList@@UAEPBVCPropEntry@@XZ
?GetCommandChar@CQueryScanner@@QAEGXZ
?GetByte@CMemDeSerStream@@UAEEXZ
?DeleteRegistryParamNoThrow@CCatalogAdmin@@QAEXPBG@Z
?ReadProperty@COLEPropManager@@QAEHABVCFullPropSpec@@AAUtagPROPVARIANT@@@Z
?GetVolumeName@CDriveInfo@@QAEPBGH@Z
??0CPidLookupTable@@QAE@XZ
??1CDbPropSet@@QAE@XZ
?GetDiskSpace@CDriveInfo@@QAEXAA_J0@Z
?_wcsFileName@CGlobalPropFileRefresher@@0PAGA
?AcceptCommand@CQueryScanner@@QAEXXZ
?Find@CPropertyList@@UAEPBVCPropEntry@@ABVCDbColId@@@Z
?Commit@CRcovStrmWriteTrans@@QAEXXZ
?GetBackupSize@CPropStoreManager@@QAEKK@Z
?VerifyConsistency@PRcovStorageObj@@QAEXXZ

mfcsubs

??_FCMapStringToPtr@@QAEXXZ
?GetHashTableSize@CMapStringToPtr@@QBEIXZ
?GetSize@CStringArray@@QBEHXZ
??_7CMapStringToPtr@@6B@
?Lookup@CMapStringToPtr@@QBEHPBGAAPAX@Z
?InsertAt@CStringArray@@QAEXHPAV1@@Z
?Create@CPlex@@SGPAU1@AAPAU1@II@Z
??0CString@@QAE@GH@Z
?FormatMessageW@CString@@QAAXPBGZZ
?Unlock@CCriticalSection@@UAEHXZ
?LoadStringW@CString@@QAEHI@Z
??8@YG_NABVCString@@0@Z
?GetAllocLength@CString@@QBEHXZ
??M@YG_NABVCString@@0@Z
?Find@CString@@QBEHG@Z
??4CPlex@@QAEAAU0@ABU0@@Z
??H@YG?AVCString@@ABV0@PBG@Z
??M@YG_NPBGABVCString@@@Z
?UnlockBuffer@CString@@QAEXXZ
?IsEmpty@CMapStringToPtr@@QBEHXZ
?SetAt@CMapStringToPtr@@QAEXPBGPAX@Z
??YCString@@QAEABV0@D@Z
??BCSyncObject@@QBEPAXXZ
??0CStringArray@@QAE@XZ
?AllocBuffer@CString@@IAEXH@Z
??O@YG_NABVCString@@0@Z
?AfxLoadString@@YGHIPAGI@Z
??ACString@@QBEGH@Z
?ReverseFind@CString@@QBEHG@Z
?Add@CStringArray@@QAEHPBG@Z
?ElementAt@CStringArray@@QAEAAVCString@@H@Z
?LockBuffer@CString@@QAEPAGXZ

odbctrac

TraceSQLErrorW
TraceSQLDescribeParam
TraceSQLEndTran
TraceSQLSetPos
TraceSQLBrowseConnectW
TraceSQLSetStmtAttrW
TraceSQLGetCursorName
TraceSQLGetDescRec
TraceSQLStatisticsW
TraceSQLSetParam
TraceSQLDescribeColW
TraceSQLBindParam
TraceSQLSetStmtOption
TraceSQLGetFunctions
TraceSQLRowCount
TraceSQLFreeEnv
TraceSQLSetScrollOptions
TraceSQLGetCursorNameW
TraceSQLDrivers
TraceCloseLogFile
TraceSQLGetEnvAttr
TraceSQLFetch
TraceSQLNativeSql
TraceSQLConnect
TraceSQLSpecialColumns
TraceSQLPrimaryKeysW
TraceSQLPrepare
TraceSQLCopyDesc
TraceSQLFreeHandle
TraceSQLColumns
TraceSQLFetchScroll
TraceSQLGetTypeInfoW
TraceSQLPrimaryKeys
TraceSQLAllocHandleStd
TraceOpenLogFile
TraceSQLPrepareW
TraceSQLExecDirect
TraceSQLSetDescFieldW
TraceSQLGetTypeInfo
TraceSQLNumParams
TraceSQLProcedureColumnsW
TraceSQLSetConnectAttrW
TraceSQLGetInfoW
TraceSQLSetStmtAttr

msdart

?sm_wDefaultSpinCount@CCritSec@@1GA
?IsWinNt4orLater@CMdVersionInfo@@SAHXZ
?_LockSpin@CSpinLock@@AAEXXZ
??0CFakeLock@@QAE@XZ
?ReadUnlock@CSmallSpinLock@@QAEXXZ
?Size@CLKRHashTable@@QBEKXZ
?ReadUnlock@CSpinLock@@QAEXXZ
?IsWriteLocked@CCritSec@@QBE_NXZ
?sm_lpOSVERSIONINFO@CMdVersionInfo@@0PAU_OSVERSIONINFOW@@A
?sm_dblDfltSpinAdjFctr@CReaderWriterLock2@@1NA
?ConvertSharedToExclusive@CFakeLock@@QAEXXZ
?ReadOrWriteUnlock@CFakeLock@@QAEX_N@Z
?IsMillnm@CMdVersionInfo@@SAHXZ
?_SubTable@CLKRHashTable@@ABEPAVCLKRLinearHashTable@@K@Z
?TryWriteLock@CReaderWriterLock2@@QAE_NXZ
?FindKey@CLKRLinearHashTable@@QBE?AW4LK_RETCODE@@KPAPBX@Z
?TryReadLock@CFakeLock@@QAE_NXZ
?_DeleteRecord@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@PBXK@Z
?_Unlock@CSpinLock@@AAEXXZ
?sm_dblDfltSpinAdjFctr@CSmallSpinLock@@1NA
?GetDefaultSpinCount@CReaderWriterLock3@@SGGXZ
?s_aBucketSizes@?1??BucketSizes@CLKRHashTableStats@@SGPBJXZ@4QBJB
?sm_dblDfltSpinAdjFctr@CReaderWriterLock3@@1NA
?GetDefaultSpinAdjustmentFactor@CCritSec@@SGNXZ
?Push@CSingleList@@QAEXQAVCSingleListEntry@@@Z
?RemoveTail@CLockedDoubleList@@QAEQAVCListEntry@@XZ
FXMemAttach
?Lock@CLockedSingleList@@QAEXXZ
??1CDoubleList@@QAE@XZ
?ConvertSharedToExclusive@CLKRLinearHashTable@@QBEXXZ
?IsEmpty@CLockedDoubleList@@QBE_NXZ
??1CLKRLinearHashTable@@QAE@XZ
??0CLockedSingleList@@QAE@XZ
?ConvertExclusiveToShared@CSpinLock@@QAEXXZ
?_SegIndex@CLKRLinearHashTable@@ABEKK@Z
?sm_wDefaultSpinCount@CReaderWriterLock3@@1GA
?ReadLock@CLKRLinearHashTable@@QBEXXZ
??1CReaderWriterLock3@@QAE@XZ
??1CFakeLock@@QAE@XZ
??4CReaderWriterLock@@QAEAAV0@ABV0@@Z
?ReadLock@CCritSec@@QAEXXZ
?IsWriteLocked@CLKRLinearHashTable@@QBE_NXZ

mtxex

SafeRef
GetObjectContext
DllGetClassObject
MTSCreateActivity

pstorec

DllGetClassObject
PStoreEnumProviders
PStoreCreateInstance

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 266KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 516KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba532e6dcb6f527b79499530d0ed464c

Headers

DLL Characteristics

File Characteristics

Imports

msvcp60

kernel32

query

mfcsubs

odbctrac

msdart

mtxex

pstorec

Sections

.text Size: 66KB - Virtual size: 65KB

.rdata Size: 266KB - Virtual size: 266KB

.data Size: 516KB - Virtual size: 1.9MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1004B

.text
Size: 66KB - Virtual size: 65KB

.rdata
Size: 266KB - Virtual size: 266KB

.data
Size: 516KB - Virtual size: 1.9MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1004B