ba2753b426648c6dd6674a23c8c9db09_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ba2753b426648c6dd6674a23c8c9db09_JaffaCakes118
Size

376KB
MD5

ba2753b426648c6dd6674a23c8c9db09
SHA1

fc91f893ca4383d907d76d037db2835515e7b07e
SHA256

9f15225562fca0c46448f543d9402368b1400f11af7cf7da00169b24acd80d7a
SHA512

271a8d3545def6d52acd95bfa69b66d4836556b5d5317bf13e149de6b21283538f02d4096c7d46bac012be2f8ba06209d18ca06f85037b5eb5d27dcac1751ced
SSDEEP

6144:0CgfoNIyyezKPA510T72NHyr9rVYwlpXva6XE37b/Vh5TCzbATZh1dG:0PiISIo7Ur9W8fDXyX/VhdTn3G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba2753b426648c6dd6674a23c8c9db09_JaffaCakes118

Files

ba2753b426648c6dd6674a23c8c9db09_JaffaCakes118
.exe windows:5 windows x86 arch:x86

08c48e731be77c4081cfc65b4555c3b3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crtdll

_ismbclegal
_mbctolower
vsprintf
fputc
_CIacos
_filelength
swprintf
gmtime
_tempnam
vfprintf
getc
strcmp
_mbscat
ceil
strtok
scanf
_open
strncmp
_y0
_CIexp
wscanf
system
_errno
_memicmp
labs
__fpecode
_lseek
vfwprintf
_cscanf
_local_unwind2
_chsize
tmpfile
islower
srand
_osminor_dll
wcsrchr

kernel32

DnsHostnameToComputerNameW
SetEnvironmentVariableW
GetCurrentThread
DeleteTimerQueueEx
LoadLibraryA
DisconnectNamedPipe
SetLastError
LZStart
GetPrivateProfileStructA
GlobalAlloc
InitAtomTable
OpenWaitableTimerA
SetProcessAffinityMask
FlushInstructionCache
GlobalAddAtomA
EnumSystemGeoID
GetVolumeInformationA
GetEnvironmentVariableA
QueryPerformanceCounter
CreateConsoleScreenBuffer
GetProfileStringA
GetEnvironmentStringsA
GetConsoleMode
Module32First
SetLocalTime
AttachConsole
GetDateFormatA
CreateTimerQueueTimer
InterlockedExchangeAdd
SetConsoleScreenBufferSize
SetConsoleWindowInfo
GetLocaleInfoW
CreateProcessInternalA
SetSystemTime
FatalAppExitW
ExpandEnvironmentStringsA
VirtualAlloc
GlobalFindAtomW
CreateActCtxW
EnumSystemLanguageGroupsW
GetProcessShutdownParameters
SetConsoleNumberOfCommandsA
SetThreadContext
FindNextFileA
CreateNamedPipeA
DosPathToSessionPathA
FreeLibrary

duser

GetGadgetRotation
RemoveGadgetProperty
DUserRegisterSuper
GetGadgetRgn
FindGadgetMessages
EnumGadgets
GetGadgetRect
GetGadgetProperty
LookupGadgetTicket
GetGadgetRootInfo
DUserRegisterGuts
GetGadgetScale
IsInsideContext
GetStdColorPenI
SetGadgetProperty
UtilGetColor
FindGadgetFromPoint
GetGadgetFocus
DUserSendMethod
DUserGetRotatePRID
PeekMessageExW
SetGadgetFillI
GetGadgetCenterPoint
AddGadgetMessageHandler
SetGadgetParent
UnregisterGadgetProperty
UnregisterGadgetMessageString

odbc32

SQLForeignKeysA
SQLFreeConnect
SQLSetConnectAttrW
SQLGetDiagFieldW
VRetrieveDriverErrorsRowCol
SQLSetStmtAttrA
VFreeErrors
SQLBindParameter
SQLGetDescField
SQLPrepareA
SQLGetConnectOption
SQLDescribeCol
SQLSetConnectOptionA
SQLColAttributesW
SQLSetDescFieldW
SQLExecute
SQLColumnPrivilegesA
SQLDescribeParam
SQLSpecialColumnsW
SQLSetScrollOptions
SQLGetConnectOptionW
SQLFreeStmt
SQLConnectA
SQLColumnsA
SQLSetPos
SQLTablesW
SQLParamData
SQLParamOptions
SQLDataSourcesW
SQLBrowseConnectW
SQLSetDescFieldA
SQLSetParam
PostODBCComponentError

polstore

IPSecFreeFilterSpecs
IPSecSetPolicyData
IPSecFreePolStr
IPSecCreateNegPolData
IPSecFreeMulNegPolData
IPSecSetNegPolData
IPSecSetFilterData
IPSecEnumPolicyData
IPSecGetNegPolData
IPSecGetISAKMPData
IPSecCreatePolicyData
IPSecEnumISAKMPData
IPSecCopyISAKMPData
IPSecOpenPolicyStore
IPSecGetFilterData
IPSecSetNFAData
IPSecImportPolicies
IPSecFreeFilterData
IPSecExportPolicies
IPSecCopyNegPolData
IPSecFreeMulFilterData
IPSecCopyPolicyData
IPSecCopyNFAData
IPSecDeletePolicyData
IPSecEnumFilterData
IPSecAssignPolicy
IPSecClosePolicyStore
IPSecEnumNegPolData
IPSecAllocPolStr
IPSecCreateISAKMPData
IPSecDeleteNFAData
IPSecGetAssignedPolicyData

olecli32

BmDraw
PbCreateLinkFromFile
PbCreateInvisible
GenCopy
CheckNetDrive
OleRequestData
ErrSetData
LeEqual
ErrExecute
OleRename
PbCreateLinkFromClip
GenDraw
ErrSetTargetDevice
PbGetData
LeSetData
OleQueryClientVersion
LeGetData
DefCreate
OleCreateFromTemplate
OleSaveToStream
MfRelease
OleEnumFormats
OleCopyFromLink
OleSetData
ErrSetHostNames
OleDraw

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 158KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 520KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 115KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

08c48e731be77c4081cfc65b4555c3b3

Headers

File Characteristics

Imports

crtdll

kernel32

duser

odbc32

polstore

olecli32

Sections

.text Size: 100KB - Virtual size: 100KB

.rdata Size: 158KB - Virtual size: 160KB

.data Size: 512B - Virtual size: 520KB

.rsrc Size: 115KB - Virtual size: 116KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 100KB - Virtual size: 100KB

.rdata
Size: 158KB - Virtual size: 160KB

.data
Size: 512B - Virtual size: 520KB

.rsrc
Size: 115KB - Virtual size: 116KB

.reloc
Size: 1024B - Virtual size: 4KB