b5a7248d1177ff706b8df58541060ebc_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b5a7248d1177ff706b8df58541060ebc_JaffaCakes118
Size

42KB
MD5

b5a7248d1177ff706b8df58541060ebc
SHA1

bb00e0b013948f5e35f9c57c46199d6099950d2f
SHA256

511bf5d362bb47a29496854cb97dbff138a15fa6613554af12a881ad07cee064
SHA512

9045b604b777200ef208308c5a899168c540a5219afaccf32de38d5f4fa000978b00bd5682db472cb398272173a11aa1b1be2203a287a9a2b5c925bb93ea5102
SSDEEP

768:zo9TLqgsjMKwgqISkn2t136L9RfKqIYGdKbBVfn6kFUh:zqSHjlwWSk436vfKzYGd0B1Ah

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b5a7248d1177ff706b8df58541060ebc_JaffaCakes118

Files

b5a7248d1177ff706b8df58541060ebc_JaffaCakes118
.exe windows:5 windows x86 arch:x86

080dd450b8e3e94a62ee25003ea88cff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

query

?Marshall@CVectorRestriction@@QBEXAAVPSerStream@@@Z
??1CImpersonateSystem@@QAE@XZ
?SetCurrentProperty@CQueryParser@@AAEXPBGW4PropertyType@@@Z
?GetCGIVariableW@CWebServer@@QAEHPBGAAV?$XArray@G@@AAK@Z
?Flush@CDynStream@@QAEXXZ
?ClearList@CPropertyList@@QAEXXZ
?EnumerateFilesInDir@CiStorage@@SGXPBGAAVCEnumString@@@Z
?AddToWorkQueue@CFwAsyncWorkItem@@QAEXXZ
?GetCLSID@CAllocStorageVariant@@QBE?AU_GUID@@I@Z
?CloseRecord@CPropStoreManager@@QAEXPAVCCompositePropRecord@@@Z
?IsStarted@CCatalogAdmin@@QAEHXZ
?Serialize@CDbQueryResults@@QBEXAAVPSerStream@@@Z
??0CiStorage@@QAE@PBGAAUICiCAdviseStatus@@KKH@Z
?Query@CQueryParser@@AAEPAVCDbRestriction@@PAVCDbNodeRestriction@@@Z
SetCatalogState
?InitIterator@CCombinedPropertyList@@UAEXXZ
?GetBOOL@CAllocStorageVariant@@QBEFI@Z
??0CMemSerStream@@QAE@PAEK@Z
?Read@CRegAccess@@QAEKPBGK@Z
?Release@CWorkQueue@@QAEXPAVCWorkThread@@@Z
?Marshall@CNatLanguageRestriction@@QBEXAAVPSerStream@@@Z
?IsWriteProtected@CDriveInfo@@QAEHXZ
?Next@CStaticPropertyList@@UAEPBVCPropEntry@@XZ
?SetProperty@CDbPropBaseRestriction@@QAEHABUtagDBID@@@Z
?GetProperties@CDbProperties@@UAGJKQBUtagDBPROPIDSET@@PAKPAPAUtagDBPROPSET@@@Z
CollectCIPerformanceData
?LocaleToCodepage@@YGKK@Z
?QueryInterface@CFwPropertyMapper@@UAGJABU_GUID@@PAPAX@Z
?EnumerateProperty@CPidLookupTable@@QAEHAAVCFullPropSpec@@AAI@Z
?InsertChild@CDbCmdTreeNode@@IAEXPAV1@@Z
?GetVPathSSLAccess@CMetaDataMgr@@QAEKPBG@Z
?CiNtOpen@@YGPAXPBGKKK@Z
?VT_VARIANT_NE@@YGHABUtagPROPVARIANT@@0@Z
?Append@CEnumString@@QAEXPBG@Z
?ReadProperty@CPropStoreManager@@QAEHKKAAUtagPROPVARIANT@@PAEPAI@Z
??1CDFA@@QAE@XZ
??0CWordRestriction@@QAE@ABVCKeyBuf@@KKKH@Z
?GetLong@CMemDeSerStream@@UAEJXZ
??1CImpersonateClient@@QAE@XZ
??0CSdidLookupTable@@QAE@XZ
?Remove@CWorkQueue@@QAEXPAVPWorkItem@@@Z
?SetCY@CStorageVariant@@QAEXTtagCY@@I@Z
?GetGUID@CMemDeSerStream@@UAEXAAU_GUID@@@Z
??0CPerfMon@@QAE@PBG@Z

imagehlp

ImageRvaToVa
SymFunctionTableAccess64
SymFromAddr
SymGetTypeFromName
SymSetSearchPath
SymEnumSymbols
SymGetSymFromAddr
SymSetContext
ImageDirectoryEntryToData
GetImageConfigInformation
RemovePrivateCvSymbolic
UpdateDebugInfoFile
ImageGetCertificateData
SymFindFileInPath
SymEnumerateSymbolsW64
SymEnumerateSymbols
SymGetSymPrev
EnumerateLoadedModules64
GetTimestampForLoadedLibrary
ImageGetCertificateHeader
ReBaseImage
SymUnloadModule
SymLoadModule
GetImageUnusedHeaderBytes
MapFileAndCheckSumW
SymLoadModule64
SymGetOptions
MapFileAndCheckSumA
FindFileInPath
FindExecutableImage
ImageGetDigestStream
SymGetModuleBase64
SymGetLinePrev64
ImageAddCertificate
ImageNtHeader

kernel32

CreateHardLinkW
EnumCalendarInfoW
SetLocaleInfoA
GetConsoleCommandHistoryLengthW
GetProfileStringW
SetFileShortNameW
RegisterConsoleOS2
SetDefaultCommConfigW
VirtualAlloc
lstrcpynA
InitializeCriticalSectionAndSpinCount
DeleteTimerQueue
WriteTapemark
GetSystemDirectoryA
GetSystemTimeAsFileTime
SetUserGeoID
LoadLibraryA
GetHandleContext
FindAtomA
CancelIo
OpenWaitableTimerA
UnregisterWait
lstrcmp
GetConsoleHardwareState
GlobalWire
SizeofResource
Heap32ListNext
CreateFileMappingW
ReplaceFile
InitializeSListHead
SetConsoleNumberOfCommandsW
BaseFlushAppcompatCache
ScrollConsoleScreenBufferA
GetModuleHandleExA
GlobalAddAtomA
WriteConsoleOutputCharacterA
AssignProcessToJobObject
EnumSystemLanguageGroupsW
GetConsoleCP
GlobalFindAtomA
GlobalMemoryStatusEx
DeleteFileA
RestoreLastError
DebugSetProcessKillOnExit
GetShortPathNameA

setupapi

CM_Uninstall_DevNode_Ex
SetupDiUnremoveDevice
SetupScanFileQueueA
SetupVerifyInfFileA
CM_Move_DevNode
SetupDiGetSelectedDriverA
SetupGetLineCountW
SetupQueueCopyA
pSetupUnicodeToMultiByte
CM_Free_Res_Des
SetupTermDefaultQueueCallback
SetupDecompressOrCopyFileW
pSetupStringFromGuid
SetupGetLineByIndexA
CM_Get_Device_ID_ExW
CM_Free_Range_List
MyRealloc
CM_Get_Next_Res_Des_Ex
CM_Get_Parent_Ex
SetupDecompressOrCopyFileA
SetupQueueRenameSectionW
pSetupShouldDeviceBeExcluded
SetupSetFileQueueFlags
SetupBackupErrorW
SetupDiSetDeviceRegistryPropertyA
SetupCloseInfFile
SetupDiBuildClassInfoListExA
SetupQueueDeleteA
SetupInitializeFileLogW
pSetupWriteLogError
SetupGetBackupInformationW
SetupInstallFileW
UnicodeToMultiByte
SetupDiDrawMiniIcon
CM_Dup_Range_List
CM_Get_Sibling_Ex
CM_Enumerate_Enumerators_ExW
CM_Set_DevNode_Problem_Ex
SetupDiGetClassRegistryPropertyA
CM_Request_Device_EjectW

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

080dd450b8e3e94a62ee25003ea88cff

Headers

DLL Characteristics

File Characteristics

Imports

query

imagehlp

kernel32

setupapi

Sections

.text Size: 30KB - Virtual size: 30KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 1024B - Virtual size: 9KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 30KB - Virtual size: 30KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 1024B - Virtual size: 9KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB