bd42586d9ae36e186f5ccdefd07aef94_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bd42586d9ae36e186f5ccdefd07aef94_JaffaCakes118
Size

845KB
MD5

bd42586d9ae36e186f5ccdefd07aef94
SHA1

a05389a7044e9f6a47b6dafd99c03ea42b970e43
SHA256

9f47d50d0d348777f8d85e950d9ec353888fa3de05dea995d6bf6e1c33ff7851
SHA512

e586caa8186c5aa57f07dee9df9ba47b3fe6fcecbae3d0ca0ea495f911020641772161dee27f4c83b73bdc651a6c90ead5cf29b7c44b00ad3b4f52f0e15812c9
SSDEEP

12288:AVYHtXPTepZHDy0FO6+As87khch8/4FTSraCaivpjgg8PDFghvQ2M80:AVYAZHDy6O6+2khcqwhziv4DShvw80

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd42586d9ae36e186f5ccdefd07aef94_JaffaCakes118

Files

bd42586d9ae36e186f5ccdefd07aef94_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d06f571de1560526c2a69eea34b0a76f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crtdll

_stricmp
_ismbcprint
fgetwc
_ismbcdigit
_mbctohira
iswascii
_toupper
_cscanf
_mbsncat
floor
_strncnt
_setmode
_sys_errlist
_access
__iscsym
_mbsrchr
strspn
_spawnl
memchr
iscntrl
_mbscspn
_rmdir

msvcirt

?unlockbuf@ios@@QAAXXZ
?is_open@ofstream@@QBEHXZ
?str@istrstream@@QAEPADXZ
??_8stdiostream@@7Bistream@@@
?opfx@ostream@@QAEHXZ
??_Gostream_withassign@@UAEPAXI@Z
??4ostream@@IAEAAV0@PAVstreambuf@@@Z
?setbuf@streambuf@@UAEPAV1@PADH@Z
??0ifstream@@QAE@H@Z
?setbuf@ifstream@@QAEPAVstreambuf@@PADH@Z
?flags@ios@@QAEJJ@Z
?get@istream@@QAEAAV1@PADHD@Z
?read@istream@@QAEAAV1@PAEH@Z
?cout@@3Vostream_withassign@@A
??6ostream@@QAEAAV0@PBE@Z
??_Gofstream@@UAEPAXI@Z
??_Dstrstream@@QAEXXZ
??_Diostream@@QAEXXZ
??0ofstream@@QAE@PBDHH@Z

wininet

InternetLockRequestFile
CreateMD5SSOHash
RunOnceUrlCache
DetectAutoProxyUrl
InternetCombineUrlW
RetrieveUrlCacheEntryStreamW
SetUrlCacheEntryGroupA
InternetAttemptConnect
InternetGetConnectedStateExW
GetUrlCacheGroupAttributeW
SetUrlCacheGroupAttributeA
FtpGetCurrentDirectoryW
InternetConnectA
InternetSetCookieA
InternetOpenUrlW
InternetSetOptionExW
InternetShowSecurityInfoByURLA
InternetConfirmZoneCrossingA
InternetAutodial
DeleteUrlCacheEntry
InternetGetCertByURLA

odbc32

SQLNativeSqlA
SQLSpecialColumns
SQLSetCursorNameW
SQLSetEnvAttr
SQLGetCursorNameW
SQLEndTran
SQLExtendedFetch
SQLSetDescRec
SQLDriverConnectA
SQLProceduresA
SQLErrorA
SQLNumParams
SQLGetStmtAttrA
SQLGetInfo
SQLSetDescFieldW
SQLSetConnectAttrA
SQLGetTypeInfoW
SQLNativeSql
SQLSetStmtAttrA

kernel32

LoadLibraryA
NlsGetCacheUpdateCount
IsValidCodePage
GetCommTimeouts
DuplicateConsoleHandle
VirtualAlloc
GetProfileIntA
GetSystemInfo
GetVersionExA
GetLogicalDrives
WriteConsoleInputW
CreateEventA
RegisterConsoleVDM
GetProcAddress
Module32Next
LZCopy
GetConsoleAliasW
GetTickCount
CreateJobSet
GetComputerNameExW
SetThreadPriorityBoost
WriteConsoleInputA
GetNumberFormatA
CreateTimerQueueTimer

Sections

.text
Size: 730KB - Virtual size: 729KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d06f571de1560526c2a69eea34b0a76f

Headers

DLL Characteristics

File Characteristics

Imports

crtdll

msvcirt

wininet

odbc32

kernel32

Sections

.text Size: 730KB - Virtual size: 729KB

.rdata Size: 107KB - Virtual size: 107KB

.data Size: 4KB - Virtual size: 1.4MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1000B

.text
Size: 730KB - Virtual size: 729KB

.rdata
Size: 107KB - Virtual size: 107KB

.data
Size: 4KB - Virtual size: 1.4MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1000B