b7a084e08623c4ea37aa3e36cf7e0b45_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b7a084e08623c4ea37aa3e36cf7e0b45_JaffaCakes118
Size

96KB
MD5

b7a084e08623c4ea37aa3e36cf7e0b45
SHA1

eb3648131a836c26930819899b2e74fa2a44cf8c
SHA256

7722af5ae85606968d5d30e46f2bf94e257f9481aea617c111cab57e3ad69dbb
SHA512

60c9cc36595f42a65fe760c80ed157eb9edbc3c197ef32dfc42412e795ea309882ec06218f94a05d1ab8e4e74fe88043701f0fbd53d43a12f7e1179bf34b75ce
SSDEEP

1536:jzeicjTLMRgPoTi08/wsfJLXuPUDjqBzu7NSjwfJkYlVLwE51zzSLVVFaJXR5Ff:3eH7MiAuVYshLXjnYS7llL6VVEJBLf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7a084e08623c4ea37aa3e36cf7e0b45_JaffaCakes118

Files

b7a084e08623c4ea37aa3e36cf7e0b45_JaffaCakes118
.exe windows:1 windows x86 arch:x86

150d978563d64b035f22eb1e182928f7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

imagehlp

SymLoadModule
SymGetSymFromName
UnmapDebugInformation
TouchFileTimes
SymFunctionTableAccess
ImageGetCertificateData
SymFromAddr
ImageUnload
ReBaseImage
SymRegisterCallback64
SymGetSearchPath
SymGetLineNext
ImageDirectoryEntryToDataEx
ReBaseImage64
EnumerateLoadedModules
SymSetOptions
SymGetLinePrev64
MakeSureDirectoryPathExists
SymGetLineFromName
ImageRvaToSection
FindFileInSearchPath
SymFindFileInPath
ImageGetCertificateHeader
BindImageEx
SymRegisterFunctionEntryCallback
SymUnDName
SymLoadModule64
GetImageUnusedHeaderBytes
SymGetLineFromAddr64
SymUnloadModule64
SymSetContext
SplitSymbols
SymGetModuleInfoW
RemoveRelocations
SymEnumSym
SymRegisterFunctionEntryCallback64
ImageRemoveCertificate

kernel32

SetComPlusPackageInstallStatus
GlobalAlloc
SetFileApisToOEM
GetCurrentThread
SetTapePosition
GetThreadTimes
DeleteVolumeMountPointW
GetDefaultCommConfigW
SetLocalTime
LocalReAlloc
GetCPInfo
GetCalendarInfoW
VerifyVersionInfoW
_lread
LoadLibraryA
SetCommTimeouts
GetPrivateProfileStringA
OpenJobObjectW
GetProfileIntA
GlobalCompact
CallNamedPipeA
GetProfileSectionW
CreateProcessInternalW
GetUserDefaultLCID
GetModuleHandleA
VirtualAlloc
DeleteCriticalSection
lstrcpyA
GetCommandLineW

winmm

mmioStringToFOURCCA
waveInPrepareHeader
mixerClose
mixerMessage
midiOutGetDevCapsW
waveOutWrite
timeEndPeriod
mci32Message
mmioWrite
waveOutReset
wod32Message
mciGetDeviceIDA
midiInGetDevCapsA
mmioClose
midiStreamPosition
waveOutSetPlaybackRate
waveInUnprepareHeader
waveInGetErrorTextW
waveOutBreakLoop
joy32Message
midiOutPrepareHeader
waveOutUnprepareHeader
mciGetDeviceIDFromElementIDA
waveOutSetVolume
midiConnect
wid32Message
midiOutGetVolume

opengl32

glGetTexLevelParameteriv
glColor3d
glRects
glGetTexParameterfv
glMatrixMode
glTexCoord2d
glEdgeFlag
wglUseFontBitmapsA
glDrawBuffer
glPushMatrix
glTexCoord3dv
glLightModelfv
glColor3i
glMapGrid2d
glLoadMatrixd
glCallList
glIndexdv
glEvalCoord1dv
glColor4ub
glColor3ub
glIndexubv
glTexCoord4sv
glRasterPos2sv
glMap1d
wglSetPixelFormat
glTexCoord2dv
glTexCoord1dv
glScaled
glLoadMatrixf
glVertex2iv
glRasterPos3d
glReadPixels
wglGetProcAddress
glClearAccum
glDepthRange
glLoadIdentity
glClearStencil
glPopName
glTexCoord4fv
glVertex3s
glRasterPos4f
glLightModeliv
glAreTexturesResident

advapi32

CredDeleteW
ObjectOpenAuditAlarmW
CredUnmarshalCredentialA
ElfBackupEventLogFileW
CryptEnumProviderTypesW
MakeSelfRelativeSD
CryptSetHashParam
ElfClearEventLogFileW
BuildExplicitAccessWithNameA
CredReadDomainCredentialsA
CredWriteDomainCredentialsW
SetSecurityDescriptorGroup
FlushTraceA
TreeResetNamedSecurityInfoW
InstallApplication
CryptSignHashW
GetNumberOfEventLogRecords
SystemFunction013
GetLocalManagedApplications
SaferiCompareTokenLevels
LsaSetTrustedDomainInformation
LsaRemovePrivilegesFromAccount
SaferCreateLevel
CreateProcessWithLogonW
LookupPrivilegeDisplayNameA
SystemFunction021
SystemFunction027
RegCreateKeyA
GetInformationCodeAuthzLevelW
RegSaveKeyA
MD4Update

winsta

ServerSetInternetConnectorStatus
_WinStationUpdateUserConfig
_WinStationShadowTarget
WinStationGetAllProcesses
WinStationGetTermSrvCountersValue
ServerLicensingGetAvailablePolicyIds
WinStationGetProcessSid
ServerLicensingUnloadPolicy
WinStationWaitSystemEvent
WinStationEnumerateProcesses
WinStationQueryLogonCredentialsW
LogonIdFromWinStationNameW
WinStationNtsdDebug
ServerLicensingOpenA
_WinStationBeepOpen
WinStationConnectW
WinStationSetInformationA
ServerLicensingClose
WinStationGetLanAdapterNameW
WinStationNameFromLogonIdA
_WinStationCallback
ServerLicensingOpenW
WinStationVirtualOpen
_WinStationNotifyLogoff
WinStationSetInformationW
WinStationBroadcastSystemMessage
WinStationGetMachinePolicy
WinStationQueryInformationA
WinStationRenameW
WinStationQueryInformationW
WinStationConnectCallback
LogonIdFromWinStationNameA
ServerGetInternetConnectorStatus
WinStationFreeMemory
WinStationNameFromLogonIdW
_NWLogonQueryAdmin
ServerLicensingGetPolicyInformationW
WinStationSendMessageW

odbcbcp

bcp_initW
bcp_initA
dbprtypeW
SQLCloseEnumServers
SQLInitEnumServers
bcp_readfmtA
bcp_collen
bcp_moretext
LibMain
SQLGetNextEnumeration
SQLLinkedCatalogsA
bcp_done
bcp_writefmtW
bcp_writefmtA
bcp_getcolfmt
bcp_colfmt
bcp_columns
SQLLinkedServers
bcp_exec
bcp_colptr
dbprtypeA
SQLLinkedCatalogsW
bcp_batch
bcp_readfmtW
bcp_control
bcp_setcolfmt
bcp_bind
bcp_sendrow

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

150d978563d64b035f22eb1e182928f7

Headers

File Characteristics

Imports

imagehlp

kernel32

winmm

opengl32

advapi32

winsta

odbcbcp

Sections

.text Size: 42KB - Virtual size: 42KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 33KB - Virtual size: 151KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 908B

.text
Size: 42KB - Virtual size: 42KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 33KB - Virtual size: 151KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 908B