bd08e261f8cfa9cc200fc35180d1b7ea_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bd08e261f8cfa9cc200fc35180d1b7ea_JaffaCakes118
Size

371KB
MD5

bd08e261f8cfa9cc200fc35180d1b7ea
SHA1

aa51404e4d68d8c19766d4134cb75fe0ae5072b4
SHA256

a2ebbaa993298d04be7d36bd7111ceb26508a2fe30dab7113fcf49e1a6345220
SHA512

db4dc5e26da3d1fc1bbb23ca2928385da76b76af479fd1664ec4d0185f44ff17a802fef4fe61ce34b345ce58328947ae7c844becc386f4c4da705d0ffd567871
SSDEEP

6144:7CrAuf41qALvaooHLxDkMpcpJU53Tq44vOakwaNeGeDhU0x3QQFP2hs65sW8lG:O0uw4tgNIB6KwwcNUu3T+qGb8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd08e261f8cfa9cc200fc35180d1b7ea_JaffaCakes118

Files

bd08e261f8cfa9cc200fc35180d1b7ea_JaffaCakes118
.exe windows:5 windows x86 arch:x86

14d295c75e3eb177cc90d6eaffd60b70

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

wtsapi32

WTSVirtualChannelQuery
WTSQuerySessionInformationW
WTSRegisterSessionNotification
WTSQueryUserConfigW
WTSCloseServer
WTSOpenServerA
WTSUnRegisterSessionNotification
WTSSetSessionInformationW
WTSVirtualChannelPurgeInput
WTSEnumerateProcessesA
WTSEnumerateSessionsA
WTSVirtualChannelPurgeOutput
WTSEnumerateProcessesW
WTSTerminateProcess
WTSQuerySessionInformationA
WTSFreeMemory
WTSSetSessionInformationA
WTSDisconnectSession
WTSEnumerateSessionsW
WTSOpenServerW
WTSVirtualChannelClose
WTSVirtualChannelOpen
WTSSendMessageW
WTSVirtualChannelWrite
WTSWaitSystemEvent
WTSVirtualChannelRead
WTSEnumerateServersA
WTSQueryUserToken
WTSEnumerateServersW
WTSSendMessageA
WTSSetUserConfigA
WTSLogoffSession
WTSSetUserConfigW
WTSQueryUserConfigA
WTSShutdownSystem

opengl32

glGetError
wglSwapLayerBuffers
glMapGrid1d
GlmfBeginGlsBlock
glColor3s
glDisableClientState
glEvalCoord2d
glVertex4f
glMap1f
glVertex3iv
glRectd
glVertex2d
glPopAttrib
glDrawPixels
glTexCoord1f
glTexParameterf
glEnd
glTexGendv
glTexCoord3s
glScissor
glNormal3i
glRasterPos2s
glTexCoord1d
glPixelTransferi
glTexGend
glColor4bv
glLineWidth
glColor3ub
glLightf
glColor4fv
glFrontFace
glTexParameterfv
glVertex3dv
glVertex2fv

advapi32

CreateServiceW
ConvertSecurityDescriptorToStringSecurityDescriptorA
CryptGenRandom
FreeEncryptedFileKeyInfo
CryptGetDefaultProviderA
SystemFunction010
BuildTrusteeWithSidW
FindFirstFreeAce
ReadEventLogW
SystemFunction014
BuildTrusteeWithNameW
CryptVerifySignatureW
OpenSCManagerW
MapGenericMask
CredEnumerateW
LsaEnumeratePrivileges
CredReadDomainCredentialsA
LsaAddPrivilegesToAccount
LsaLookupNames2
LsaEnumerateAccounts
RegOverridePredefKey
CloseEncryptedFileRaw
AddAccessAllowedAce
GetMultipleTrusteeOperationA
LookupPrivilegeValueW
LsaQueryInformationPolicy
SetPrivateObjectSecurity
CryptGetUserKey
WmiEnumerateGuids
GetTraceEnableFlags
ConvertSecurityDescriptorToAccessA
LsaGetQuotasForAccount
SystemFunction002
RegDisablePredefinedCache
WmiMofEnumerateResourcesA
RegisterServiceCtrlHandlerExW
RegSetValueW
DuplicateTokenEx
CopySid

kernel32

BuildCommDCBW
WriteConsoleOutputW
GetEnvironmentStrings
WriteConsoleInputA
MultiByteToWideChar
HeapSize
GetProfileStringA
CreateProcessInternalA
IsSystemResumeAutomatic
SetPriorityClass
BaseCheckAppcompatCache
OpenWaitableTimerA
QueueUserAPC
GlobalAddAtomW
GetTimeZoneInformation
GetCPInfo
GetAtomNameW
GetCurrencyFormatW
GetConsoleCommandHistoryLengthA
GetSystemTimeAsFileTime
GetFirmwareEnvironmentVariableW
GetLocaleInfoW
FindFirstFileExA
FillConsoleOutputCharacterW
EnumCalendarInfoExA
RequestWakeupLatency
CreateHardLinkA
SearchPathW
EnumerateLocalComputerNamesA
HeapCreate
VirtualUnlock
VirtualAlloc
GlobalHandle
UnregisterWait
GetStringTypeA
LocalAlloc
LZInit
FindActCtxSectionStringA
SuspendThread
SetTapePosition
LoadLibraryA
SetConsoleCtrlHandler
GetExitCodeProcess
SetSystemTimeAdjustment
FindFirstVolumeMountPointW
GetPrivateProfileIntW
SetConsoleDisplayMode
SetConsoleOutputCP

msvcrt40

??0ostream@@IAE@XZ
__threadhandle
?cin@@3Vistream_withassign@@A
_wcreat
_isnan
?seekoff@streambuf@@UAEJJW4seek_dir@ios@@H@Z
_wspawnl
srand
_utime
??_Eostrstream@@UAEPAXI@Z
_rotl
?getline@istream@@QAEAAV1@PACHD@Z
_putch
fgets
?width@ios@@QAEHH@Z
?get@istream@@QAEAAV1@AAC@Z
??0ostream@@IAE@ABV0@@Z
??_8iostream@@7Bostream@@@
fscanf
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?is_open@fstream@@QBEHXZ
_ltoa
_flushall
strcoll
fseek
?_query_new_mode@@YAHXZ
??_7exception@@6B@
_mbschr
_atoldbl
_wexecv
_ismbcl1
_wctime
_getw
?name@type_info@@QBEPBDXZ
?pbackfail@stdiobuf@@UAEHH@Z
_CIcosh
_CIexp
_wcmdln
_fcloseall

odbcconf

DllGetClassObject
AppRegEnum
UnregisterApplication
ExecuteAction
OpenAppRegEnum
CloseAppRegEnum
SetSilent
SetActionEnum
SetActionLogModeSz
SetActionName
RefreshAppRegEnum
SetActionLogMode
RegisterApplication
QueryApplication
RunDLL32_RegisterApplication
RunDLL32_UnregisterApplication
SetActionLogFile

esent

JetGetObjectInfo
JetIdle
JetBeginTransaction@4
JetGetInstanceInfo
JetInit@4
JetSetColumns
JetGotoPosition
JetGetCurrentIndex
JetEndSession@8
JetSetCurrentIndex4
JetGotoBookmark
JetBeginExternalBackup
JetCreateTableColumnIndex
JetResetTableSequential
JetEndSession
JetGetTableIndexInfo
JetGetAttachInfo
JetSetIndexRange
JetCreateDatabase2
JetAddColumn
JetUpdate
JetDeleteColumn
JetSetDatabaseSize
JetDupSession
JetCreateInstance2
JetPrepareUpdate@12
JetBeginTransaction2
JetRestore
JetStopService
JetSetLS
JetCreateIndex
JetSnapshotStart

Sections

.text
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 461KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

14d295c75e3eb177cc90d6eaffd60b70

Headers

File Characteristics

Imports

wtsapi32

opengl32

advapi32

kernel32

msvcrt40

odbcconf

esent

Sections

.text Size: 135KB - Virtual size: 135KB

.rdata Size: 111KB - Virtual size: 111KB

.data Size: 1KB - Virtual size: 461KB

.rsrc Size: 122KB - Virtual size: 122KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 135KB - Virtual size: 135KB

.rdata
Size: 111KB - Virtual size: 111KB

.data
Size: 1KB - Virtual size: 461KB

.rsrc
Size: 122KB - Virtual size: 122KB

.reloc
Size: 1024B - Virtual size: 1024B