bca7897a8a1961a962d84ede94f40314_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bca7897a8a1961a962d84ede94f40314_JaffaCakes118
Size

136KB
MD5

bca7897a8a1961a962d84ede94f40314
SHA1

6eeffb44121e1cb437282cd70a7929ec557cb617
SHA256

d132d508d73617727bffe0e0183fa013d3ace013e15c426711bca424c3499ff6
SHA512

50e38e489353a82cedfe5806ad43e58bea2d0b54157a3decd276701418d1dd860db9572d388a9bc3b1673bdf654ef0a5f40f779793e8707e23d2e67846c15d88
SSDEEP

3072:mO1/zgcTlQHaUPWrLDGRql/IZIbkr+zxTW2gkboE7lbvRB:mqWWrfGRGPBS2JJv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bca7897a8a1961a962d84ede94f40314_JaffaCakes118

Files

bca7897a8a1961a962d84ede94f40314_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f4c19ba6c44dbcb3a8698c979fbaed5e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winscard

SCardStatusW
SCardIntroduceReaderGroupA
SCardListReaderGroupsA
g_rgSCardT1Pci
SCardForgetReaderW
SCardIsValidContext
SCardListCardsW
SCardLocateCardsW
SCardConnectW
SCardReconnect
SCardIntroduceCardTypeA
SCardListCardsA
SCardLocateCardsByATRW
SCardListReaderGroupsW
SCardStatusA
SCardAccessStartedEvent
SCardForgetReaderGroupW
SCardForgetReaderGroupA
g_rgSCardRawPci
SCardIntroduceReaderA
SCardForgetCardTypeW
SCardIntroduceCardTypeW
SCardReleaseStartedEvent
SCardLocateCardsByATRA
SCardState
SCardDisconnect
SCardGetStatusChangeW
SCardControl
g_rgSCardT0Pci

ntdll

_lfind
NtQueryDefaultUILanguage
ZwUnlockFile
RtlZeroMemory
ZwSetSystemEnvironmentValueEx
RtlUnicodeToMultiByteN
ZwAllocateLocallyUniqueId
ZwCreateNamedPipeFile
RtlRaiseException
NtQuerySemaphore
RtlEnableEarlyCriticalSectionEventCreation
NtQueryPortInformationProcess
toupper
ZwSecureConnectPort
ZwQueryMultipleValueKey
RtlTraceDatabaseUnlock
RtlEnlargedIntegerMultiply
RtlSetControlSecurityDescriptor
ZwSetInformationObject
NtWriteFile
RtlxUnicodeStringToAnsiSize
NtGetDevicePowerState
RtlNumberOfClearBits
NtUnlockFile
_wcsnicmp
NtQueryDebugFilterState
DbgPrompt
ZwRaiseHardError
ZwDeleteAtom
NtEnumerateBootEntries
RtlImageNtHeader
RtlQueryInformationActivationContext
NtSecureConnectPort

kernel32

GetDiskFreeSpaceA
EnterCriticalSection
ExitProcess
WriteConsoleA
IsSystemResumeAutomatic
FreeResource
AllocateUserPhysicalPages
DeleteCriticalSection
FindNextFileA
CreateFileMappingA
SetConsoleOS2OemFormat
VirtualAlloc
GetPrivateProfileSectionNamesW
DosPathToSessionPathW
_lcreat
GetThreadLocale
TlsSetValue
TerminateJobObject
HeapSize
GetHandleInformation
CancelWaitableTimer
GetNumaAvailableMemoryNode
GetConsoleOutputCP
ExitThread
GetCommModemStatus
RegisterWaitForInputIdle
LoadLibraryA
LeaveCriticalSection

sqlsrv32

ConnectDlgProc
SQLProcedureColumnsW
SQLGetStmtAttrW
SQLBindCol
SQLBrowseConnectW
BCP_moretext
SQLFreeHandle
SQLSetPos
SQLGetData
SQLSpecialColumnsW
SQLProceduresW
SQLSetDescRec
SQLGetConnectAttrW
SQLSetDescFieldW
SQLBindParameter
SQLTablePrivilegesW
SQLRowCount
SQLCopyDesc
SQLConnectW
SQLGetDiagFieldW
FinishDlgProc
SQLParamOptions
BCP_collen
WizDSNDlgProc
BCP_setcolfmt
BCP_colptr
SQLSetCursorNameW
SQLSetStmtAttrW
SQLGetDiagRecW
SQLTablesW
SQLCloseCursor
WizDatabaseDlgProc
ConfigDSNW
SQLSetEnvAttr
SQLNumResultCols
SQLNumParams
WizIntSecurityDlgProc
SQLBulkOperations
BCP_exec

msvcrt20

_CIlog
strncpy
getenv
??6ostream@@QAEAAV0@O@Z
_wspawnlp
atoi
_ismbbkana
_spawnvp
?get@istream@@QAEAAV1@PAEHD@Z
_lrotl
_tcstok
?_query_new_mode@@YAHXZ
_safe_fprem
?blen@streambuf@@IBEHXZ
_wexecvp
_mbcjmstojis
fputs
tmpfile
?rdbuf@ifstream@@QBEPAVfilebuf@@XZ
wcschr
_cprintf
_stricmp
_getche
??4ifstream@@QAEAAV0@ABV0@@Z
_tcsnccpy
??_7ios@@6B@
?x_lockc@ios@@0U_RTL_CRITICAL_SECTION@@A
?fail@ios@@QBEHXZ
_mbsnicoll
??0strstream@@QAE@PADHH@Z
?dec@@YAAAVios@@AAV1@@Z

esent

JetCreateTableColumnIndex
JetEnumerateColumns
JetMakeKey@20
JetOpenTempTable2
JetCompact
JetResetTableSequential
JetBeginTransaction@4
JetSetColumn
JetGrowDatabase
JetOpenFile
JetExternalRestore2
JetBackupInstance
JetGetLogInfoInstance2
JetAttachDatabaseWithStreaming
JetEscrowUpdate
JetDeleteColumn
JetStopServiceInstance
JetOpenTempTable3
JetCreateTableColumnIndex2
JetGetRecordPosition
JetGetCounter
JetDelete@8
JetSetLS
JetGetVersion
JetInit
JetGetAttachInfoInstance
JetResetSessionContext
JetRegisterCallback
JetSetDatabaseSize
JetSnapshotStop
JetGetLock

msvcrt40

??0fstream@@QAE@HPADH@Z
wctomb
_wtmpnam
__p___wargv
?getint@istream@@AAEHPAD@Z
?ipfx@istream@@QAEHH@Z
fprintf
??0strstreambuf@@QAE@H@Z
??5istream@@QAEAAV0@AAI@Z
getchar
_adjust_fdiv
_wrename
_setmaxstdio
??_7ostream_withassign@@6B@
??1exception@@UAE@XZ
??0ifstream@@QAE@HPADH@Z
_wspawnlp
wcstok
??0filebuf@@QAE@ABV0@@Z
_strnset
_clearfp
??5istream@@QAEAAV0@AAD@Z
??_Gfstream@@UAEPAXI@Z
??0istrstream@@QAE@ABV0@@Z
__wgetmainargs
__doserrno
?stdiofile@stdiobuf@@QAEPAU_iobuf@@XZ
_dup2
_CIlog

query

?TransferNode@CDbCmdTreeNode@@QAEXPAV1@@Z
?_pGlobalPropListFile@CLocalGlobalPropertyList@@0PAVCPropListFile@@A
?AddTable@CDbNestingNode@@QAEHPAVCDbCmdTreeNode@@@Z
?SetProperty@CDbPropBaseRestriction@@QAEHABUtagDBID@@@Z
?SkipChar@CMemDeSerStream@@UAEXK@Z
??0CFullPath@@QAE@PBG@Z
?FindPropid@CPidLookupTable@@QAEHABVCFullPropSpec@@AAKH@Z
?GetDWORDParam@CMachineAdmin@@QAEHPBGAAK@Z
??1CDbProp@@QAE@XZ
?FormFullTree@CTextToTree@@QAEPAUtagDBCOMMANDTREE@@XZ
?FastInit@CPropStoreManager@@QAEXPAVCiStorage@@@Z
?_FindOrAddValueNode@CDbPropertyRestriction@@AAEPAVCDbScalarValue@@XZ
?Pause@CCatalogAdmin@@QAEHXZ
?ShrinkToFit@CPhysStorage@@QAEXXZ
SetCatalogState
?BorrowNewBuffer@CPhysStorage@@QAEPAKK@Z
?GetR4@CAllocStorageVariant@@QBEMI@Z
??0CEventItem@@QAE@GGKGKPBX@Z
?CiNtOpenNoThrow@@YGJAAPAXPBGKKK@Z
?GetCLSID@CAllocStorageVariant@@QBE?AU_GUID@@I@Z
CollectCIISAPIPerformanceData
??1CRestriction@@QAE@XZ
?SetValue@CPropertyRestriction@@QAEXAAUtagBLOB@@@Z
?Resume@CProcess@@QAEXXZ
?PidToRealPid@CPidMapper@@QAEKK@Z
?RequiresFlush@CPhysStorage@@QAEHK@Z
?UpdateDiskLowInfo@CDiskFreeStatus@@QAEXXZ
?SetLocale@CCatState@@QAEXPBG@Z
??1CEventItem@@QAE@XZ
?ciIsValidPointer@@YGHPBX@Z
?Load@CLocalGlobalPropertyList@@QAEXQBG@Z

fontext

DllGetClassObject

Sections

.text
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4c19ba6c44dbcb3a8698c979fbaed5e

Headers

DLL Characteristics

File Characteristics

Imports

winscard

ntdll

kernel32

sqlsrv32

msvcrt20

esent

msvcrt40

query

fontext

Sections

.text Size: 79KB - Virtual size: 78KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 39KB - Virtual size: 161KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 908B

.text
Size: 79KB - Virtual size: 78KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 39KB - Virtual size: 161KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 908B