bb8a0c4d41e1afb8efc732e8a1948777_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

bb8a0c4d41e1afb8efc732e8a1948777_JaffaCakes118
Size

29KB
MD5

bb8a0c4d41e1afb8efc732e8a1948777
SHA1

f9e02621a2f2cd94ff546f09b6c7b2f439e23b83
SHA256

406c397847c5ad4dcba054c4fdffe708fc4fced29d2bdbff0bd3b6f50740fde1
SHA512

7f1837c5c070980b1ad0f403c516e7718f7b234f2bcaf5bc7c2003e19734ecf855369900d4fe032bc360ae231765146f9bc23257a08eeaed157b88147a781a95
SSDEEP

768:zi3K/A8vOpumKxUnDTwrCmXQFQqH8/X0awamSj9:zi6/A6mKmnDcQZ8/XzNmSj9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb8a0c4d41e1afb8efc732e8a1948777_JaffaCakes118

Files

bb8a0c4d41e1afb8efc732e8a1948777_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a21843d67c7788499940d59df42f581e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

query

LoadBinaryFilter
??0CDbColumnNode@@QAE@ABUtagDBID@@H@Z
LoadIFilter
??0CNodeRestriction@@QAE@KI@Z
??0CGenericCiProxy@@QAE@AAVCSharedNameGen@@KK@Z
LocateCatalogsW
?MinPageInUse@CBufferCache@@QAEHAAK@Z
?Release@CQueryUnknown@@UAGKXZ
?Reset@CRegChangeEvent@@QAEXXZ
?Find@CPropertyList@@UAEPBVCPropEntry@@ABVCDbColId@@@Z
??1CWordRestriction@@QAE@XZ
??1CFwAsyncWorkItem@@UAE@XZ
??1?$XPtr@VCDbProjectListElement@@@@QAE@XZ
?GetI8@CAllocStorageVariant@@QBE?AT_LARGE_INTEGER@@I@Z
??0CPhysStorage@@IAE@AAVPStorage@@AAVPStorageObject@@KPAVPMmStream@@W4EOpenMode@1@HIH@Z
?SetExclude@CScopeAdmin@@QAEXH@Z
?ClearList@CCombinedPropertyList@@QAEXXZ
?ClearList@CPropertyList@@QAEXXZ
??1CCatState@@QAE@XZ
?CiNtOpen@@YGPAXPBGKKK@Z
?Next@CCombinedPropertyList@@UAEPBVCPropEntry@@XZ
??1CPropertyStore@@QAE@XZ
?Setup@CPropStoreManager@@QAEXKKKKHK@Z
?NumberOfColumns@CCatState@@QBEIXZ
??1CDbPropSet@@QAE@XZ
?EnableVPathNotify@CMetaDataMgr@@QAEXPAVCMetaDataVPathChangeCallBack@@@Z
?Close@CPropSetMap@COLEPropManager@@QAEXXZ
?QueryInterface@CQueryUnknown@@UAGJABU_GUID@@PAPAX@Z
?GetFILETIME@CAllocStorageVariant@@QBE?AU_FILETIME@@I@Z
?Shutdown@CPropStoreManager@@QAEXXZ
??1CMetaDataMgr@@QAE@XZ
?GetBackupSize@CPropStoreManager@@QAEKK@Z
?AcqWord@CQueryScanner@@QAEPAGXZ
DllRegisterServer
?Marshall@CDbPropSet@@QBEXAAVPSerStream@@@Z
??1CDbProp@@QAE@XZ
?Marshall@CPropNameArray@@QBEXAAVPSerStream@@@Z
?AddCatalog@CMachineAdmin@@QAEXPBG0@Z
?AddToWorkList@CWorkManager@@QAEXPAVCFwAsyncWorkItem@@@Z
BindIFilterFromStorage
?Map@CMmStreamConsecBuf@@QAEXK@Z
?ParseStringColumns@@YGPAVCDbColumns@@PBGPAUIColumnMapper@@KPAVPVariableSet@@PAV?$CDynArray@G@@@Z
?IsValid@CAllocStorageVariant@@QBEHXZ
??0CRangeKeyRepository@@QAE@XZ
??1CDbContentBaseRestriction@@QAE@XZ
?MakeISearch@@YGJPAPAUISearchQueryHits@@PAVCDbRestriction@@PBG@Z
CITextToSelectTree
?Marshall@CNatLanguageRestriction@@QBEXAAVPSerStream@@@Z
?PutValue@CValueNormalizer@@QAEXKAAKABVCStorageVariant@@@Z
?QueryCatalogEnum@CMachineAdmin@@QAEPAVCCatalogEnum@@XZ
?Init@CSdidLookupTable@@QAEHPAVCiStorage@@@Z
?ciNew@@YGPAXI@Z
??0CMachineAdmin@@QAE@PBGH@Z
?GetDWORDParam@CMachineAdmin@@QAEHPBGAAK@Z
?GetTotalSizeInKB@CPropertyStore@@QAEKXZ

msvcp60

??_F?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ
??_7length_error@std@@6B@
?length@?$codecvt@DDH@std@@QBEHAAHPBD1I@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIPBGI@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?copyfmt@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEAAV12@ABV12@@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??_7?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??0range_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??_7codecvt_base@std@@6B@
?opfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE_NXZ
?_Refcnt@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEAAEPBG@Z
?quiet_NaN@?$numeric_limits@O@std@@SAOXZ
?sinh@std@@YA?AV?$complex@M@1@ABV21@@Z
??1?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAE@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@PBX@Z
?pow@std@@YA?AV?$complex@O@1@ABV21@ABO@Z
?register_callback@ios_base@std@@QAEXP6AXW4event@12@AAV12@H@ZH@Z
?do_frac_digits@?$_Mpunct@D@std@@MBEHXZ
?_Getcat@?$numpunct@D@std@@SAIXZ
?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
?conj@std@@YA?AV?$complex@O@1@ABV21@@Z
?do_toupper@?$ctype@G@std@@MBEPBGPAGPBG@Z
?denorm_min@?$numeric_limits@H@std@@SAHXZ
?positive_sign@?$_Mpunct@G@std@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ
??4?$allocator@X@std@@QAEAAV01@ABV01@@Z

oleaut32

VarR4FromI2
SafeArrayDestroyData
DispInvoke
VarR4FromDisp
VarCyFromUI1
VarSub
VarUI8FromStr
VarDecSub
VarDecFromCy
VarI2FromStr
OleLoadPictureFileEx
VarBstrCat
VarI4FromUI2
VarUI8FromBool
VarDateFromUI4
VarR8FromStr
VarUI2FromI4
SafeArrayGetIID
VarR4FromUI4
VariantChangeTypeEx
VarI2FromDec
BSTR_UserUnmarshal
VarUI1FromUI8
VarCyAdd
VarI2FromUI2
VarUI4FromR8
VarBoolFromR4
VarNumFromParseNum
LoadTypeLib
VarUI2FromBool

msvcrt20

??0istream@@QAE@PAVstreambuf@@@Z
?binary@filebuf@@2HB
_strerror
_tcsnccmp
?attach@ofstream@@QAEXH@Z
?rdbuf@stdiostream@@QBEPAVstdiobuf@@XZ
_creat
?tellp@ostream@@QAEJXZ
?xsputn@streambuf@@UAEHPBDH@Z
_wstrtime
?is_open@ifstream@@QBEHXZ
bsearch
??0ifstream@@QAE@HPADH@Z
?sputc@streambuf@@QAEHH@Z
_wtoi
?rdbuf@strstream@@QBEPAVstrstreambuf@@XZ
_mbspbrk
_tcsncmp
ldexp
longjmp
floor
iswxdigit
??_Gostream@@UAEPAXI@Z
_wcsdup
labs
??_8fstream@@7Bistream@@@
??4ostream_withassign@@QAEAAV0@ABV0@@Z
atoi
_dup2
??4fstream@@QAEAAV0@AAV0@@Z
__getmainargs
??_Estdiobuf@@UAEPAXI@Z
??4stdiostream@@QAEAAV0@AAV0@@Z
_tcsspnp
ungetwc
_amsg_exit

opengl32

glIndexd
glBindTexture
glColor4d
glDrawBuffer
glNormal3sv
wglCreateContext
glGetTexEnviv
glDrawArrays
glGetString
glVertex4f
GlmfEndGlsBlock
glEnable
glTexCoord3dv
glIndexub
glVertexPointer
glAreTexturesResident
glNormal3d
glScaled
glVertex2i
glColor4s
glNormal3i
glCopyTexSubImage2D
glTexCoord3d
glDisableClientState
glBitmap
glTexCoord2sv
glStencilMask
glDeleteTextures
glTexCoord4iv
glGetTexParameteriv
glVertex3s
glAccum
glVertex3d
glFogf
glDebugEntry
glVertex2sv
glTexCoord2fv

avifil32

AVISaveVA
AVISave
AVIFileCreateStreamW
AVIStreamWrite
EditStreamCopy
AVIStreamEndStreaming
AVIStreamGetFrame
AVIStreamReadFormat
AVIMakeStreamFromClipboard
AVIStreamRelease
AVIStreamOpenFromFile
AVISaveVW
AVIFileInit
AVIStreamInfoW
AVISaveOptions
AVIBuildFilterA
AVIFileEndRecord
AVIPutFileOnClipboard
AVIMakeFileFromStreams
AVIFileCreateStream
AVIStreamLength
AVIClearClipboard
AVIStreamWriteData
AVIFileWriteData
DllGetClassObject
IID_IGetFrame
AVIStreamAddRef
AVIStreamStart
AVIFileOpenA
AVIStreamGetFrameClose
EditStreamSetInfo
AVISaveOptionsFree
AVIStreamReadData
IID_IAVIStream
EditStreamSetInfoW
IID_IAVIEditStream

wsnmp32

SnmpGetTimeout
SnmpDuplicatePdu
SnmpSetPort
_SnmpSetAgentAddress@4
SnmpCancelMsg
SnmpSetRetry
SnmpEncodeMsg
SnmpStrToOid
SnmpStartup
SnmpFreeContext
SnmpGetRetransmitMode
SnmpRecvMsg
SnmpFreePdu
SnmpFreeEntity
SnmpEntityToStr
SnmpFreeDescriptor
SnmpClose
_SnmpConveyAgentAddress@4
SnmpRegister
SnmpGetVb
SnmpSetPduData
SnmpOidCopy
SnmpGetLastError
SnmpGetPduData
SnmpCreateSession
SnmpSetTranslateMode
SnmpStrToEntity
SnmpSetRetransmitMode
SnmpStrToContext
SnmpContextToStr
SnmpCreateVbl
SnmpGetTranslateMode
SnmpDuplicateVbl
SnmpGetVendorInfo
SnmpSetTimeout
SnmpOidToStr
SnmpListen
SnmpCountVbl

spoolss

SplCommitSpoolData
EnumPrintProcessorsW
ReplyPrinterChangeNotification
DeletePerMachineConnectionW
RouterFreeBidiMem
RouterFindNextPrinterChangeNotification
GetJobW
SplDriverUnloadComplete
DeleteFormW
XcvDataW
AddFormW
PartialReplyPrinterChangeNotification
bSetDevModePerUser
RouterRefreshPrinterChangeNotification
RouterReplyPrinter
WritePrinter
AllocSplStr
RouterAllocBidiMem
SetJobW
AddPrinterDriverW
AddPrinterW
WaitForSpoolerInitialization
EnumPrintersW
ReplyClosePrinter
AlignKMPtr
GetPrinterW
RouterFindFirstPrinterChangeNotification
WaitForPrinterChange
SplGetSpoolFileInfo
AlignRpcPtr
UpdateBufferSize
GetPrinterDataExW
EnumPrinterDriversW
GetNetworkId
ReadPrinter
EnumMonitorsW
EnumPrinterKeyW
SetFormW
SpoolerFindNextPrinterChangeNotification
EnumPrinterDataW
ImpersonatePrinterClient
DeletePrinterIC
ProvidorFindFirstPrinterChangeNotification

kernel32

GetConsoleAliasA
GetExitCodeThread
HeapUnlock
GetVersion
GetThreadLocale
UnmapViewOfFile
GetConsoleTitleW
CreateIoCompletionPort
FindActCtxSectionStringW
Beep
AddLocalAlternateComputerNameW
GetTapeParameters
GetNamedPipeInfo
DisconnectNamedPipe
GlobalUnfix
GetLocaleInfoA
EnumerateLocalComputerNamesA
InvalidateConsoleDIBits
VirtualAlloc
GetBinaryTypeA
GetNumberOfConsoleFonts
ReadConsoleOutputA
OpenEventA
lstrcmpW
SetConsoleDisplayMode
GetCalendarInfoA
GetLargestConsoleWindowSize
Sleep
ReadConsoleInputA
FreeLibrary
CreateFiber
SetClientTimeZoneInformation

user32

PostMessageA

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a21843d67c7788499940d59df42f581e

Headers

DLL Characteristics

File Characteristics

Imports

query

msvcp60

oleaut32

msvcrt20

opengl32

avifil32

wsnmp32

spoolss

kernel32

user32

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1024B - Virtual size: 4KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 4KB