bbc82d302f5eb65d59b58efceb3e9f79_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bbc82d302f5eb65d59b58efceb3e9f79_JaffaCakes118
Size

872KB
MD5

bbc82d302f5eb65d59b58efceb3e9f79
SHA1

9114f03931b0974686b06ed1b8d5684dbdbc698e
SHA256

fd79d403a238781ab8b532eb42ae3242d14f8c687d15d3e7f0ef95656e162239
SHA512

9ad1e64314137f259442a7b5ec63399854f248acb0cf42185f93ba7e61bff29bd1b989a2eb2f9d6c7a6fe033517e035e85bdae8d4edd0b0d434a2e9d3b887ae0
SSDEEP

12288:jelq0upN3E6ae3wbkIW/7aTg69kWNieZAdSWdYtk98d30j812X/N7x8hs+CVIQFl:KCekIIaFnAcAoWatk9/H8fCVIrg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bbc82d302f5eb65d59b58efceb3e9f79_JaffaCakes118

Files

bbc82d302f5eb65d59b58efceb3e9f79_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5369817410ea28362521e9ab246471b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

query

?SetUI2@CStorageVariant@@QAEXGI@Z
?SkipBlob@CMemDeSerStream@@UAEXK@Z
?SetLPWSTR@CStorageVariant@@QAEXPBGI@Z
?MakeMetadataICommand@@YGJPAPAUIUnknown@@W4CiMetaData@@PBG2PAU1@@Z
??0CException@@QAE@XZ
?InitIterator@CCombinedPropertyList@@UAEXXZ
?GetCGIVariable@CWebServer@@QAEHPBDAAV?$XArray@G@@AAK@Z
?AddError@CEventItem@@QAEXK@Z
?Init@CRegChangeEvent@@QAEXXZ
?Copy@CDbPropSet@@QAEHABUtagDBPROPSET@@@Z
?ReadProperty@CPropStoreManager@@QAEHAAVCCompositePropRecord@@KAAUtagPROPVARIANT@@PAEPAI@Z
?GetProperties@CGetDbProps@@QAEXPAUIDBProperties@@K@Z
?GetOleDBErrorInfo@@YGJPAUIUnknown@@ABU_GUID@@KIPAUtagERRORINFO@@PAPAUIErrorInfo@@@Z
??0CDbColId@@QAE@ABU_GUID@@PBG@Z
?BeginTransaction@CPropStoreManager@@QAEKXZ
?SetI4@CStorageVariant@@QAEXJI@Z
??1CRangeKeyRepository@@UAE@XZ
?Commit@CRcovStrmWriteTrans@@QAEXXZ
?_FindOrAddAnchor@CDbSortNode@@AAEPAVCDbSortListAnchor@@XZ
?QuerySdidLookupTable@CiStorage@@QAEPAVPRcovStorageObj@@K@Z
??0CDriveInfo@@QAE@PBGK@Z
DoneCIISAPIPerformanceData
?GetI2@CAllocStorageVariant@@QBEFI@Z
??1CPropertyStoreWids@@QAE@XZ
?Clone@COccRestriction@@QBEPAV1@XZ
?OpenRecordForWrites@CPropStoreManager@@QAEPAVCCompositePropRecordForWrites@@KPAE@Z
??0CWin32RegAccess@@QAE@PAUHKEY__@@PBG@Z
?AppendListElement@CDbListAnchor@@IAEHGABUtagDBID@@@Z
?SetBackupSize@CPropStoreManager@@QAEXKK@Z
CollectFILTERPerformanceData
?WritePropertyInNewRecord@CPropStoreManager@@QAEKKABVCStorageVariant@@@Z
?GetAllEntries@CPropertyList@@UAEJPAPAVCPropEntry@@K@Z
?GetGlobalPropListFile@@YGPAVCPropListFile@@XZ
?SetStartKey@CRangeRestriction@@QAEXABVCKeyBuf@@@Z
?AddRef@CFwPropertyMapper@@UAGKXZ
?AddArg@CFwEventItem@@QAEXPBG@Z
?IsLeaf@CRestriction@@QBEHXZ
?Eof@CMmStreamConsecBuf@@QAEHXZ

gdi32

SetPixelV
CLIPOBJ_ppoGetPath
GdiAddFontResourceW
DdEntry19
GetTextColor
FONTOBJ_pxoGetXform
STROBJ_bGetAdvanceWidths
XFORMOBJ_iGetXform
GdiSwapBuffers
GdiConvertMetaFilePict
GetTextExtentExPointI
GdiFlush
GdiPlayEMF
CreateFontIndirectA
GdiSetBatchLimit
DdEntry2
EngDeleteSemaphore
GetStringBitmapA
GetWindowExtEx
SetTextAlign
GetFontAssocStatus
EngQueryLocalTime
SetDeviceGammaRamp
PolylineTo
DdEntry8
GdiGetLocalFont
EngLockSurface
RemoveFontResourceTracking
DeleteEnhMetaFile
ExtSelectClipRgn
GetBitmapDimensionEx
CopyMetaFileW
GetLayout
SetPaletteEntries
GetEnhMetaFileDescriptionA
SetViewportExtEx
GetEnhMetaFileBits
BeginPath
GetPixelFormat
UpdateColors

adsldpc

ADsGetPreviousRow
ADsGetLastError
LdapNextAttribute
GetSyntaxOfAttribute
ChangeSeparator
SchemaClose
LdapControlsFree
LdapTypeToAdsTypeUTCTime
GetLDAPTypeName
intcmp
LdapGetSyntaxIdOfAttribute
LdapFirstEntry
LdapNextEntry
LdapReadAttribute
ADSIExecuteSearch
LdapRenameExtS
FindSearchTableIndex
ADsDeleteClassDefinition
LdapResult
ADsExecuteSearch
ADSISetSearchPreference
ADsSetObjectAttributes
FreeADsStr
ADsDeleteAttributeDefinition
ADsCreateClassDefinition
LdapTypeCopyConstruct
ConvertSidToU2Trustee
ADsCreateDSObjectExt
LdapControlFree
MapADSTypeToLDAPType

opengl32

glVertex3i
glNormal3d
wglSwapMultipleBuffers
glRects
glBlendFunc
glGetDoublev
glGetClipPlane
glGetTexImage
wglCreateContext
glFogi
glColor4d
glMap1d
glVertexPointer
glDisableClientState
glColor3ui
glPushName
wglUseFontOutlinesW
glEvalPoint1
GlmfInitPlayback
glDepthMask
glPixelTransferf
glMultMatrixd
glClearColor
glMapGrid1d
glRasterPos2f
glRasterPos4d
glRasterPos4iv
glTexCoord1s
glPrioritizeTextures
glTexCoord4iv
glEvalPoint2
glRasterPos2s
glClear
glEnable
glVertex4s
glEvalCoord2fv
glVertex2i
glPolygonOffset
glListBase
glClipPlane
glColor3ub

user32

GetWindowTextLengthA
WINNLSGetIMEHotkey
GetAncestor
QuerySendMessage
DefWindowProcW
LoadAcceleratorsW
RegisterClassExW
TranslateAcceleratorW
GetDialogBaseUnits
EnumDisplayDevicesA
SetCaretPos
CliImmSetHotKey
MessageBoxW
GetRawInputDeviceInfoA
DrawAnimatedRects
GetTopWindow
GetPropA
PtInRect
UnhookWinEvent
CreateMDIWindowW
DisableProcessWindowsGhosting
ToUnicodeEx
GetClipboardFormatNameA
ReleaseDC
DlgDirListComboBoxW
CharLowerW
SendMessageA
ShowScrollBar
GetLastInputInfo
VkKeyScanExW
GetKeyNameTextA
EnumDisplayMonitors
SetProcessWindowStation
ExitWindowsEx
IsDialogMessageA
GetClassInfoW
DlgDirSelectComboBoxExW
ShowCaret
CharLowerBuffA
LoadIconW
PostThreadMessageW

ir41_qcx

CompressFramesInfo
SetScalability
DllMain
Compress
FreeInstanceData
CompressEnd
AllocInstanceData
CompressBegin

kernel32

FindNextVolumeW
CreateJobObjectW
DebugBreakProcess
lstrcmpiA
GetVolumeNameForVolumeMountPointW
GetFileInformationByHandle
FindNextVolumeMountPointW
GetCurrentThread
Thread32First
GetCurrencyFormatW
GetStartupInfoW
GlobalUnWire
TermsrvAppInstallMode
CreateDirectoryW
EnumSystemCodePagesA
Heap32Next
GetVolumePathNamesForVolumeNameA
LoadLibraryA
BaseFlushAppcompatCache
WriteFileEx
GetHandleContext
BaseCleanupAppcompatCacheSupport
FindVolumeMountPointClose
WaitNamedPipeW
LZSeek
_llseek
SetLocalPrimaryComputerNameA
SetThreadUILanguage
SearchPathA
VirtualAlloc
GetCurrentDirectoryA
lstrlen
GetSystemDefaultLCID
SetLastError
GetVolumeNameForVolumeMountPointA
GetUserDefaultLCID
BindIoCompletionCallback

Sections

.tixt
Size: 359KB - Virtual size: 359KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 338KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5369817410ea28362521e9ab246471b8

Headers

DLL Characteristics

File Characteristics

Imports

query

gdi32

adsldpc

opengl32

user32

ir41_qcx

kernel32

Sections

.tixt Size: 359KB - Virtual size: 359KB

.rdata Size: 171KB - Virtual size: 171KB

.data Size: 338KB - Virtual size: 1.8MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.tixt
Size: 359KB - Virtual size: 359KB

.rdata
Size: 171KB - Virtual size: 171KB

.data
Size: 338KB - Virtual size: 1.8MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B