bd45d7463738d6c5af7657861c670d5b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bd45d7463738d6c5af7657861c670d5b_JaffaCakes118
Size

871KB
MD5

bd45d7463738d6c5af7657861c670d5b
SHA1

c8d42dc38935a124719551d2467ef9d7651120a4
SHA256

b4aff494ec7482c4ff385c5b9975cb8bf33ca31e91b6a5bf57e61b7015db1fe6
SHA512

4400db40f4d514cdb8e21a8ffd52795d05dd4794455ebf7d1fcfcbb4bcef7fb9b7e163268e17eb79d5e56b567005de77d4bd0b70f31c7d1dce590a02e3c86f74
SSDEEP

24576:Pkp5XbgwbgoUi6TfJbGkBm0bpYg+JH/1Z2:srgM6xFlZ+JD2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd45d7463738d6c5af7657861c670d5b_JaffaCakes118

Files

bd45d7463738d6c5af7657861c670d5b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9048276a88977f765f3c336325422235

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt40

??_Difstream@@QAEXXZ
??_7ostream_withassign@@6B@
_sopen
_spawnve
strtod
_loaddll
_locking
??0ifstream@@QAE@PBDHH@Z
?clog@@3Vostream_withassign@@A
_mbctolower
_mbsnccnt
putwc
_abnormal_termination
wcsftime
_wtmpnam
_wexecv
_fpreset
_ismbblead
??_Gfstream@@UAEPAXI@Z
wcsspn
_initterm
?getline@istream@@QAEAAV1@PACHD@Z
_wchdir
__p__pwctype
wcspbrk
wcstol
?stdiofile@stdiobuf@@QAEPAU_iobuf@@XZ
?get@istream@@QAEAAV1@AAD@Z
_mbsnbset
?blen@streambuf@@IBEHXZ
_mbctype
_CxxThrowException
_mbsncoll
_setmode
??_Gstdiostream@@UAEPAXI@Z
wcsncat
__p__wpgmptr
strncmp
_CIpow
_strdup
atoi
??5istream@@QAEAAV0@AAN@Z
__p___winitenv
_ismbbpunct
_CIexp
_umask
??4strstreambuf@@QAEAAV0@ABV0@@Z
exp
_get_osfhandle
??_8ostrstream@@7B@
iswpunct
_chsize
_ultow
puts
_wgetcwd
_ismbclegal
?_query_new_mode@@YAHXZ
_spawnl
?egptr@streambuf@@IBEPADXZ
iswcntrl
??_Gexception@@UAEPAXI@Z
??0ostrstream@@QAE@ABV0@@Z
??4istream_withassign@@QAEAAVistream@@PAVstreambuf@@@Z
?setmode@fstream@@QAEHH@Z
??_Gostream@@UAEPAXI@Z
_ismbbalnum
signal
strncpy
_setmaxstdio
getenv
isprint
??8type_info@@QBEHABV0@@Z
localeconv
?close@ofstream@@QAEXXZ
rand
_wcsicoll
??4strstream@@QAEAAV0@AAV0@@Z

msvcrt

_except_handler3
ungetwc
_gcvt
_CItan
_control87
__DestructExceptionObject
log10
wcstombs
_mbcasemap
_ultow
realloc
strstr
__unDName
_CIatan2
_mbsnbicmp
_itoa
wcscpy
_wgetenv
_wrmdir
_findnext64
_sopen
iswctype
_wspawnlp
towupper
free
??0bad_typeid@@QAE@PBD@Z
abort
__lc_codepage
mbtowc
__getmainargs
fputc
_CIfmod
_pgmptr
_set_SSE2_enable
exp
_wperror
iswspace

msi

MsiGetLanguage
MsiGetFileHashW
MsiGetUserInfoA
MsiVerifyDiskSpace
MsiConfigureFeatureFromDescriptorW
MsiEnumClientsA
MsiSummaryInfoPersist
MsiUseFeatureExW
MsiOpenProductW
MsiDatabaseGenerateTransformW
MsiGetFileSignatureInformationW
MsiConfigureFeatureA
MsiAdvertiseProductExW
MsiInstallMissingFileW
MsiViewGetErrorW
MsiReinstallFeatureFromDescriptorW
MsiSourceListAddSourceA
MsiSourceListClearAllW
MsiInstallMissingComponentA
MsiEvaluateConditionW
MsiAdvertiseScriptW
DllGetClassObject
MsiAdvertiseProductW
MsiDatabaseExportA
MsiSummaryInfoSetPropertyA
MsiEnumPatchesW
MsiDatabaseGenerateTransformA
MsiEvaluateConditionA
MsiDatabaseApplyTransformA
MsiGetFeatureUsageA
MsiCollectUserInfoA
MsiEnumComponentsW
MsiGetFeatureInfoA
MsiAdvertiseScriptA
MsiDoActionW
MsiRecordSetStreamW
MsiOpenPackageA
MsiGetSummaryInformationW

kernel32

GetSystemWindowsDirectoryW
LockFile
RegisterWaitForInputIdle
GetModuleHandleExA
GetLocaleInfoA
GlobalFindAtomA
GetThreadLocale
AddRefActCtx
Heap32Next
VDMConsoleOperation
GetLogicalDriveStringsA
RegisterWowBaseHandlers
VirtualAlloc
CreateSemaphoreW
GlobalMemoryStatusEx
GlobalFree
GetComputerNameExA
FreeUserPhysicalPages
GetExitCodeThread
SetCommConfig
LoadLibraryA
QueryDosDeviceA
IsWow64Process
FindResourceExA
GetSystemWindowsDirectoryA
VirtualQueryEx
LocalReAlloc
QueryPerformanceFrequency
GetConsoleCharType
MapUserPhysicalPagesScatter
HeapCreate
OutputDebugStringA
DosDateTimeToFileTime
GetSystemTime
DuplicateConsoleHandle
PeekConsoleInputA
FileTimeToDosDateTime
SetConsoleInputExeNameA
FatalAppExitA
GetFirmwareEnvironmentVariableA
GetStartupInfoA
QueryPerformanceCounter

query

?ReInitializeIISScopes@CImpersonationTokenCache@@QAEXXZ
?AddRef@CEmptyPropertyList@@UAGKXZ
?AddRef@CEnumWorkid@@UAGKXZ
?ciNew@@YGPAXI@Z
??1CPropertyList@@UAE@XZ
?QueryCatalogAdmin@CMachineAdmin@@QAEPAVCCatalogAdmin@@PBG@Z
??0CRangeKeyRepository@@QAE@XZ
?SetDWORDParam@CMachineAdmin@@QAEXPBGK@Z
?SetProperty@CFullPropSpec@@QAEXK@Z
?Release@CDbProperties@@UAGKXZ
??0CFileBuffer@@QAE@AAVCFileMapView@@I@Z
?CheckHasIndexTable@CiStorage@@SGHPBG@Z
?Find@CStaticPropertyList@@UAEPBVCPropEntry@@PBG@Z
??0CPersDeComp@@QAE@AAVPDirectory@@KAAVCPhysIndex@@KHH@Z
?Unmap@CRcovStrmTrans@@IAEXW4DataCopyNum@CRcovStorageHdr@@@Z
??1CPropertyRestriction@@QAE@XZ
?Find@CEmptyPropertyList@@QAEPBVCPropEntry@@ABVCDbColId@@@Z
??1CProcess@@QAE@XZ
?GetPropTypeName@CEmptyPropertyList@@SGPBGI@Z
LoadIFilter
?AddEntry@CCombinedPropertyList@@UAEXPAVCPropEntry@@H@Z
??0CFullPath@@QAE@PBGI@Z
??1CPidLookupTable@@QAE@XZ
?InitIterator@CCombinedPropertyList@@UAEXXZ
?Commit@CRcovStrmMDTrans@@QAEXXZ
?SetNumberOfSortProps@CCatState@@QAEXI@Z
?GetEntryBuffer@CGenericCiProxy@@QAEPAEAAK@Z
??0CPidLookupTable@@QAE@XZ
?SaComputeSize@@YGKGAAUtagSAFEARRAY@@@Z
?ParseQueryPhrase@CQueryParser@@QAEPAVCDbRestriction@@XZ
CITextToSelectTreeEx
?SaCreateAndCopy@@YGHAAVPMemoryAllocator@@PAUtagSAFEARRAY@@PAPAU2@@Z
?AccessCheck@CSdidLookupTable@@QAEHKPAXKAAH@Z
?SetUI4@CStorageVariant@@QAEXKI@Z
?SkipLong@CMemDeSerStream@@UAEXXZ
?BorrowBuffer@CPhysStorage@@QAEPAKKHH@Z
?Marshall@CNodeRestriction@@QBEXAAVPSerStream@@@Z
?LokNewWorkId@CPropertyStore@@AAEKKHH@Z

msdart

?_H0@CLKRLinearHashTable@@ABEKK@Z
?TryReadLock@CSpinLock@@QAE_NXZ
?SetSpinCount@CFakeLock@@QAE_NG@Z
?ReadOrWriteUnlock@CSpinLock@@QAEX_N@Z
?_WriteLockSpin@CReaderWriterLock2@@AAEXXZ
?TryWriteLock@CReaderWriterLock2@@QAE_NXZ
?IsWriteLocked@CLKRLinearHashTable@@QBE_NXZ
?IsWinNT4@CMdVersionInfo@@SAHXZ
?IsUnlocked@CLockedDoubleList@@QBE_NXZ
?IsWriteUnlocked@CSmallSpinLock@@QBE_NXZ
?_CalcKeyHash@CLKRLinearHashTable@@ABEKK@Z
?SetBucketLockSpinCount@CLKRLinearHashTable@@QAEXG@Z
?_DeleteRecord@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@PBXK@Z
?IsReadLocked@CFakeLock@@QBE_NXZ
??4CReaderWriterLock3@@QAEAAV0@ABV0@@Z
?ConvertExclusiveToShared@CSmallSpinLock@@QAEXXZ
??0CLKRHashTableStats@@QAE@XZ
?IsReadUnlocked@CLKRLinearHashTable@@QBE_NXZ
?SetDefaultSpinCount@CReaderWriterLock2@@SGXG@Z
?WriteUnlock@CLKRHashTable@@QBEXXZ
?IsReadUnlocked@CReaderWriterLock3@@QBE_NXZ
?GetDefaultSpinCount@CSmallSpinLock@@SGGXZ
??0CReaderWriterLock3@@QAE@XZ
UMSEnterCSWraper
?_LockSpin@CReaderWriterLock@@AAEX_N@Z
?ConvertExclusiveToShared@CReaderWriterLock3@@QAEXXZ
?SetBucketLockSpinCount@CLKRHashTable@@QAEXG@Z
?ReadUnlock@CLKRHashTable@@QBEXXZ
?_TryWriteLock@CReaderWriterLock3@@AAE_NJ@Z
?_TryReadLock@CReaderWriterLock2@@AAE_NXZ
??0CCritSec@@QAE@XZ
?WriteLock@CLKRLinearHashTable@@QAEXXZ
?ReadLock@CLKRLinearHashTable@@QBEXXZ
?ValidSignature@CLKRHashTable@@QBE_NXZ
?BucketSizes@CLKRHashTableStats@@SGPBJXZ
?RemoveTail@CLockedDoubleList@@QAEQAVCListEntry@@XZ
FXMemDetach
?RemoveTail@CDoubleList@@QAEQAVCListEntry@@XZ
?IsValid@CLKRLinearHashTable@@QBE_NXZ
?IsWriteLocked@CLKRHashTable@@QBE_NXZ
?Last@CDoubleList@@QBEQAVCListEntry@@XZ

Sections

.text
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 593KB - Virtual size: 593KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 91KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9048276a88977f765f3c336325422235

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt40

msvcrt

msi

kernel32

query

msdart

Sections

.text Size: 182KB - Virtual size: 182KB

.rdata Size: 593KB - Virtual size: 593KB

.data Size: 91KB - Virtual size: 1.5MB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 182KB - Virtual size: 182KB

.rdata
Size: 593KB - Virtual size: 593KB

.data
Size: 91KB - Virtual size: 1.5MB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 1024B