b89ef829481bf99550959354c137866f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b89ef829481bf99550959354c137866f_JaffaCakes118
Size

872KB
MD5

b89ef829481bf99550959354c137866f
SHA1

9111f5963512218fd266ba00031f256904f2daa8
SHA256

4b719d31b93c755dbed84ce1abc968be25506227d912437c2b86cd7ac2e7a4d3
SHA512

fc9ab280fad8e31b1316cb144e2de2b71077be027aa5b489e9265d619819576c5ae95e909b6bb40aa34d113933d889f017de181e1895223fd2bb7c8976dd6427
SSDEEP

24576:26fS6JShoLMySjRtf4Q76zY06zJ0YnmjIvl:fS6JvLMyqRB4EOk08mjU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b89ef829481bf99550959354c137866f_JaffaCakes118

Files

b89ef829481bf99550959354c137866f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

dfdedd63d3b33b5ded87e468667a8136

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcp60

?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?assign@?$char_traits@G@std@@SAXAAGABG@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
??_8?$basic_istream@GU?$char_traits@G@std@@@std@@7B@
?pow@std@@YA?AV?$complex@O@1@ABOABV21@@Z
??_7?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Doraise@underflow_error@std@@MBEXXZ
?exp@std@@YA?AV?$complex@N@1@ABV21@@Z
??8std@@YA_NABV?$complex@M@0@ABM@Z
_Denorm
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??4_Locinfo@std@@QAEAAV01@ABV01@@Z
??9std@@YA_NABV?$complex@O@0@ABO@Z
??9std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
?_Getcat@?$numpunct@G@std@@SAIXZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PAD0ABV12@@Z
?ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Getcat@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIXZ
?overflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGG@Z
??1bad_alloc@std@@UAE@XZ
_Hugeval
??9std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??1codecvt_base@std@@UAE@XZ
?norm@std@@YAOABV?$complex@O@1@@Z
??Mstd@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?frac_digits@?$_Mpunct@D@std@@QBEHXZ
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
??1__non_rtti_object@std@@UAE@XZ
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
?find_last_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
_Inf
??0?$collate@G@std@@QAE@I@Z
?_Doraise@bad_typeid@std@@MBEXXZ
?sungetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sqrt@std@@YA?AV?$complex@O@1@ABV21@@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z

query

?Get@CRegAccess@@QAEXPBGPAGI@Z
??1CScopeEnum@@QAE@XZ
??0CDbSortSet@@QAE@I@Z
?Serialize@CDbQueryResults@@QBEXAAVPSerStream@@@Z
?Init@CRegChangeEvent@@QAEXXZ
?FindPropid@CPidLookupTable@@QAEHABVCFullPropSpec@@AAKH@Z
?NewWordBreaker@CCiOle@@SGPAUIWordBreaker@@ABU_GUID@@@Z
??1CDbProp@@QAE@XZ
?GetOffset@CKeyDeComp@@QAEXAAUBitOffset@@@Z
?LokUpdate@CCatStateInfo@@QAEHXZ
??0CFullPropSpec@@QAE@ABV0@@Z
??1CKeyArray@@QAE@XZ
?MakeICommand@@YGJPAPAUIUnknown@@PBG1PAU1@@Z
??0CDbColId@@QAE@XZ
?ValidateScopeRestriction@@YGHPAVCRestriction@@@Z
??0CPersDeComp@@QAE@AAVPDirectory@@KAAVCPhysIndex@@KHH@Z
?Next@CEnumWorkid@@UAGJKPAK0@Z
?Disconnect@CRequestClient@@QAEXXZ
?ChangeCurrentDepth@CCatState@@QAEXH@Z
?ciDelete@@YGXPAX@Z
?PropertyToPropid@CFwPropertyMapper@@UAGJPBUtagFULLPROPSPEC@@HPAK@Z
??1CFwAsyncWorkItem@@UAE@XZ
?SetProperty@CFullPropSpec@@QAEHPBG@Z
?Find@CEmptyPropertyList@@QAEPBVCPropEntry@@ABVCDbColId@@@Z
??1CRegNotify@@MAE@XZ
??0CPropListFile@@QAE@PAVCEmptyPropertyList@@HPBGK@Z
CIMakeICommand
?EnumerateProperty@CPidLookupTable@@QAEHAAVCFullPropSpec@@AAI@Z
?UnMarshall@CRestriction@@SGPAV1@AAVPDeSerStream@@@Z
?Unmap@CRcovStrmTrans@@IAEXW4DataCopyNum@CRcovStorageHdr@@@Z
??3CDbParameter@@SGXPAX@Z
?ReadProperty@COLEPropManager@@QAEHABVCFullPropSpec@@AAUtagPROPVARIANT@@@Z
?_FindOrAddAnchor@CDbSortNode@@AAEPAVCDbSortListAnchor@@XZ
?Find@CPropertyList@@UAEPBVCPropEntry@@ABVCDbColId@@@Z
?SetValue@CPropertyRestriction@@QAEXAAUtagBLOB@@@Z
?GetProperties@CDbProperties@@UAGJKQBUtagDBPROPIDSET@@PAKPAPAUtagDBPROPSET@@@Z
?GetLong@CMemDeSerStream@@UAEJXZ
?Init@CRcovStorageHdr@@QAEXK@Z
?GetStorage@CPropStoreManager@@QAEAAVPStorage@@K@Z
?Get@CWin32RegAccess@@QAEHPBGPAGIH@Z
FsCiShutdown
?CreateSubdirs@CMachineAdmin@@QAEXPBG@Z
CITextToSelectTree
?GetUShort@CMemDeSerStream@@UAEGXZ
?PidToRealPid@CPidMapper@@QAEKK@Z
?AddSortColumn@CDbSortNode@@QAEHABUtagDBID@@HK@Z
??0CPropStoreManager@@QAE@K@Z
?Find@CCombinedPropertyList@@UAEPBVCPropEntry@@PBG@Z
??1CPhraseRestriction@@QAE@XZ
_AbortMerges@16
?Marshall@CDbParameter@@QBEXAAVPSerStream@@@Z
?GetLPWSTR@CAllocStorageVariant@@QBEPAGI@Z
?QueryScopeAdmin@CScopeEnum@@QAEPAVCScopeAdmin@@XZ
?GetStr@CKeyBuf@@QBEPAGXZ
?Marshall@CPropNameArray@@QBEXAAVPSerStream@@@Z
??1CAllocStorageVariant@@IAE@XZ
?PutMinValue@CValueNormalizer@@QAEXKAAKW4VARENUM@@@Z
?LokNewWorkId@CPropertyStore@@AAEKKHH@Z
?CheckError@CLocalGlobalPropertyList@@QAEJAAKPAPAG@Z
?VT_VARIANT_GT@@YGHABUtagPROPVARIANT@@0@Z
?NewStemmer@CCiOle@@SGPAUIStemmer@@ABU_GUID@@@Z
??0CCategorizationSet@@QAE@I@Z
?AddRef@CEnumWorkid@@UAGKXZ
?FillMax@CKeyArray@@QAEHH@Z
?Empty@CSdidLookupTable@@QAEXXZ
??0CPerfMon@@QAE@PBG@Z
??0CDbColId@@QAE@ABUtagDBID@@@Z
??1CNotRestriction@@QAE@XZ
??1CGenericCiProxy@@UAE@XZ
??1CEventItem@@QAE@XZ
?CheckHasIndexTable@CiStorage@@SGHPBG@Z
?GetAllEntries@CPropertyList@@UAEJPAPAVCPropEntry@@K@Z
??0CFullPath@@QAE@PBGI@Z

kernel32

CreateMutexW
FindClose
lstrlenW
GetVolumeInformationA
GetSystemWow64DirectoryA
BaseUpdateAppcompatCache
GetFileAttributesExA
FillConsoleOutputAttribute
IsBadWritePtr
GetEnvironmentStringsA
GetDiskFreeSpaceExA
UnlockFileEx
DeleteTimerQueueTimer
DeleteCriticalSection
GetCurrencyFormatW
GetCurrentDirectoryW
FatalExit
SetVDMCurrentDirectories
LoadLibraryA
GetPrivateProfileStructA
RemoveDirectoryA
GlobalCompact
RtlUnwind
WaitNamedPipeW
AddVectoredExceptionHandler
EnumLanguageGroupLocalesA
ExpandEnvironmentStringsW
BeginUpdateResourceA
GetNamedPipeHandleStateA
Heap32Next
Toolhelp32ReadProcessMemory
LeaveCriticalSection
GetPrivateProfileSectionA
GetFirmwareEnvironmentVariableA
TlsGetValue
RtlFillMemory
EnterCriticalSection
SetConsoleDisplayMode
VirtualAlloc
BaseCleanupAppcompatCacheSupport
ExpungeConsoleCommandHistoryA
GetDateFormatW
GetCurrentThread
DosDateTimeToFileTime
QueryDosDeviceA
GetThreadTimes
FindActCtxSectionGuid
ReadConsoleW

adsldpc

LdapcKeepHandleAround
ADsCreateClassDefinition
SchemaGetStringsFromStringTable
GetDomainDNSNameForDomain
SchemaGetClassInfo
ADSIModifyRdn
GetLDAPTypeName
LdapTypeToAdsTypeDNWithBinary
ReadPagingSupportedAttr
LdapParseResult
UnMarshallLDAPToLDAPSynID
ADsCreateAttributeDefinition
ADsFreeColumn
AllocADsStr
LdapSearchInitPage
ADSIOpenDSObject
SchemaIsClassAContainer
SchemaGetObjectCount
LdapAddS
ADsGetLastError
LdapAttributeFree
SchemaAddRef
LdapReadAttribute2
ADsGetObjectAttributes
ADSIGetNextRow
BuildADsPathFromLDAPPath2
LdapMemFree
LdapOpenObject
LdapControlFree
?SetFSlashDisabler@CLexer@@QAEXH@Z
SchemaClose
ADsEncodeBinaryData
LdapTypeToAdsTypeGeneralizedTime
ADSIGetNextColumnName
ADSIFreeColumn
FindEntryInSearchTable
ADSISetObjectAttributes
LdapGetValuesLen
LdapTypeCopyConstruct
ADsCreateDSObjectExt
ReallocADsMem

sqlwoa

_TranslateAccelerator@12
_PostMessage@16
_GetComputerName@8
_DrawText@20
_CreateDialogIndirectParam@20
_GetUserName@8
_PeekMessage@20
newWideCharFromMultiByte
_CommDlg_OpenSave_GetFolderPath@12
_MessageBox@16
_CreateFile@28
_GetDlgItemText@16
_CreateFont@56
_CommDlg_OpenSave_GetFilePath@12
_GetSaveFileName@4
_FreeEnvironmentStrings@4
_GetProp@8
_GetClassInfo@12
_SendMessage@16
ConvertMultiSZNameToW
_IsDialogMessage@8
_GetOpenFileName@4
_GetTextMetrics@8
_GetFileTitle@12
newMultiByteFromWideChar

ir32_32

DriverDialogProc
DriverProc
AboutDialogProc
DllMain

Sections

.text
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 355KB - Virtual size: 354KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 346KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dfdedd63d3b33b5ded87e468667a8136

Headers

DLL Characteristics

File Characteristics

Imports

msvcp60

query

kernel32

adsldpc

sqlwoa

ir32_32

Sections

.text Size: 166KB - Virtual size: 165KB

.rdata Size: 355KB - Virtual size: 354KB

.data Size: 346KB - Virtual size: 1.8MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 166KB - Virtual size: 165KB

.rdata
Size: 355KB - Virtual size: 354KB

.data
Size: 346KB - Virtual size: 1.8MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB