be40b7ad13f3e2447f273d9d504aa151_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

be40b7ad13f3e2447f273d9d504aa151_JaffaCakes118
Size

864KB
MD5

be40b7ad13f3e2447f273d9d504aa151
SHA1

175fcb9c98f2f1693d000f30aa9c6595ba4e0980
SHA256

4765d7a3fb0795b9ca244ae7c0fec7a1d375cffd42d04bae322166dcf4d65f09
SHA512

adaa3dac0f811092280dc4b758f3f8d0c85b284b008b4e977b6d581a3ea27b113f0d8ad394253d369d345517de9910a8b74d02b717bb5f83848569ea33d2de9e
SSDEEP

24576:DmpTwINqar+IZkyiN/vurYkRVolpjJNepxc8s:efxr+2p0aVoLJNGd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be40b7ad13f3e2447f273d9d504aa151_JaffaCakes118

Files

be40b7ad13f3e2447f273d9d504aa151_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8aa13872248b6f305cda751995bf353c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

query

?Add@CDbSortSet@@QAEHABVCDbColId@@KI@Z
?AddRef@CEnumWorkid@@UAGKXZ
?AllocHeapAndCopy@@YGPAGPBGAAK@Z
??1CDbContentBaseRestriction@@QAE@XZ
?ReadProperty@CPropStoreManager@@QAEHAAVCCompositePropRecord@@KPAUtagPROPVARIANT@@PAI@Z
?DoUpdates@CFilterDaemon@@QAEJXZ
?ShrinkToFit@CPhysStorage@@QAEXXZ
?ParseTree@CParseCommandTree@@QAEXPAVCDbCmdTreeNode@@@Z
?VT_VARIANT_GE@@YGHABUtagPROPVARIANT@@0@Z
?BuildRegistryScopesKey@@YGXAAV?$XArray@G@@PBG@Z
?ResetBuffer@CQueryScanner@@QAEXPBG@Z
?QueryCatalogEnum@CMachineAdmin@@QAEPAVCCatalogEnum@@XZ
?Clone@CDbCmdTreeNode@@QBEPAV1@H@Z
?FastInit@CPropStoreManager@@QAEXPAVCiStorage@@@Z
??1CLangList@@QAE@XZ
?Marshall@CContentRestriction@@QBEXAAVPSerStream@@@Z
?IsPaused@CCatalogAdmin@@QAEHXZ
??1CVirtualString@@QAE@XZ
??0CMmStreamConsecBuf@@QAE@XZ
??0CRcovStrmAppendTrans@@QAE@AAVPRcovStorageObj@@@Z
??0CPropertyRestriction@@QAE@KABVCFullPropSpec@@ABVCStorageVariant@@@Z
?QueryInterface@CDbProperties@@UAGJABU_GUID@@PAPAX@Z
??0CRequestClient@@QAE@PBGPAUIDBProperties@@@Z
?UnMarshall@CDbPropSet@@QAEHAAVPDeSerStream@@@Z
?GetDWORDParam@CMachineAdmin@@QAEHPBGAAK@Z
??0CDynStream@@QAE@PAVPMmStream@@@Z
??0CCiAdminParams@@QAE@PAVCLangList@@@Z
??1CDbProp@@QAE@XZ
?GetPropInfoFromId@CEmptyPropertyList@@UAGJPBUtagDBID@@PAPAGPAGPAI@Z
?DisableVPathNotify@CMetaDataMgr@@QAEXXZ
?_dwLastCheckMoment@CGlobalPropFileRefresher@@0KA
??1CWin32RegAccess@@QAE@XZ
?RequiresFlush@CPhysStorage@@QAEHK@Z
?IsIISAdminUp@CMetaDataMgr@@SGHAAH@Z
?ReadPrimaryProperty@CPropStoreManager@@QAEHKKAAUtagPROPVARIANT@@@Z
??3CDbPropSet@@SGXPAX@Z
LocateCatalogsW
??0CQueryScanner@@QAE@PBGHKH@Z
?UnMarshall@CRestriction@@SGPAV1@AAVPDeSerStream@@@Z
?AppendListElement@CDbProjectListAnchor@@QAEHABUtagDBID@@PAG@Z
?LokNewWorkId@CPropertyStore@@AAEKKHH@Z
??0CAllocStorageVariant@@QAE@AAVPDeSerStream@@AAVPMemoryAllocator@@@Z
?SetRunningAsSystem@CImpersonateSystem@@SGXXZ
??1CNodeRestriction@@QAE@XZ
?MakePrivileged@CImpersonateSystem@@AAEXXZ
?Stop@CCatalogAdmin@@QAEHXZ
?GetLong@CMemDeSerStream@@UAEJXZ
?RemoveFirstChild@CDbCmdTreeNode@@IAEPAV1@XZ
??1CPropStoreManager@@QAE@XZ
?Release@CDbProperties@@UAGKXZ
??0CException@@QAE@XZ
??1?$XPtr@VCDbProjectListAnchor@@@@QAE@XZ
?ReadProperty@COLEPropManager@@QAEHABVCFullPropSpec@@AAUtagPROPVARIANT@@@Z
?EnumerateProperty@CPidLookupTable@@QAEHAAVCFullPropSpec@@AAI@Z
?QuerySdidLookupTable@CiStorage@@QAEPAVPRcovStorageObj@@K@Z
?GetCY@CAllocStorageVariant@@QBE?ATtagCY@@I@Z
?LongInit@CPropStoreManager@@QAEXAAHAAKP6GXKHPBX@Z2@Z
??0CKeyArray@@QAE@HH@Z
?ClearList@CPropertyList@@QAEXXZ
?DeleteRegistryParamNoThrow@CCatalogAdmin@@QAEXPBG@Z
??1CMemSerStream@@UAE@XZ
??0CRequestQueue@@QAE@IIIHIIABU_GUID@@@Z
??1CPerfMon@@QAE@XZ
_StartFWCiSvcWork@12
?AcqRst@CRangeKeyRepository@@QAEPAVCRangeRestriction@@XZ
??0CPropertyStoreWids@@QAE@AAVCPropStoreManager@@@Z
_ForceMasterMerge@16
?Set@CPidRemapper@@QAEXAAV?$XArray@K@@@Z
?UnMarshallTree@CDbCmdTreeNode@@SGPAV1@AAVPDeSerStream@@@Z
?Resume@CProcess@@QAEXXZ
??0CDriveInfo@@QAE@PBGK@Z

kernel32

GlobalWire
LoadLibraryA
GetFileTime
GetCompressedFileSizeA
EnterCriticalSection
BindIoCompletionCallback
lstrcat
AssignProcessToJobObject
FindFirstVolumeMountPointW
RemoveVectoredExceptionHandler
SetConsoleMenuClose
LeaveCriticalSection
HeapCompact
SetVolumeMountPointW
CreateWaitableTimerA
GetSystemDefaultLangID
EnumDateFormatsExA
FindResourceA
GetSystemDefaultLCID
ResetWriteWatch
GetModuleHandleW
GetStringTypeW
IsValidLocale
IsDebuggerPresent
SetCommTimeouts
EnumSystemLanguageGroupsW
SetConsoleOutputCP
GetThreadPriorityBoost
SetFilePointer
WaitForSingleObjectEx
TlsFree
IsValidCodePage
CreateDirectoryW
VirtualAlloc
LocalFlags
GetUserDefaultUILanguage
GetComputerNameA
VirtualProtectEx
GetUserDefaultLCID
GetModuleHandleExW

w32topl

ToplEdgeFree
ToplSTHeapAdd
ToplEdgeSetToVertex
ToplVertexSetId
ToplVertexNumberOfOutEdges
ToplVertexGetId
ToplAddEdgeToGraph
ToplScheduleValid
ToplSTHeapExtractMin
ToplGraphSetVertexIter
ToplEdgeCreate
ToplHeapIsEmpty
ToplIterAdvance
ToplEdgeSetVtx
ToplGraphRemoveVertex
ToplScheduleCacheCreate
ToplEdgeGetWeight
ToplListSetIter
ToplVertexFree
ToplGraphDestroy
ToplDeleteGraphState
ToplHeapInsert
ToplScheduleIsEqual
ToplEdgeGetToVertex
ToplScheduleCacheDestroy
ToplAddEdgeSetToGraph
ToplListCreate
ToplEdgeDisassociate
ToplGraphAddVertex
ToplGraphCreate
ToplScheduleExportReadonly

olecli32

GenDraw
OleClose
OleRevokeClientDoc
PbCreateLinkFromFile
SetNextNetDrive
LeReconnect
OleQueryClientVersion
OleExecute
ErrReconnect
BmRelease
OleCreateFromFile
OleEqual
OleClone
OleSetColorScheme
BmDraw
MfSaveToStream
DibEnumFormat
OleQueryReleaseStatus
GenClone
PbCreate
DefCreateFromFile
OleQueryOpen
GenQueryBounds
OleQueryReleaseMethod
OleReconnect
GenRelease

sqlunirl

_lstrcmpi_@8
_VkKeyScan_@4
_CreateEvent_@16
_GetCharWidth_@16
_PostMessage@16
_GetShortPathName_@12
newMultiByteFromWideChar
_GetKeyboardLayoutName_@4
_CreateNamedPipe_@32
_CreateWaitableTimer_@12
_RegConnectRegistry_@12
_InsertMenu_@20
_CommDlg_OpenSave_GetFilePath@12
_ChangeDisplaySettings_@8
_GetObject@12
_SetWindowText@8
_CharLower@4
_VerQueryValue_@16
_MapVirtualKeyEx_@12
_lstrcpyn_@12
_CharToOem_@8
_RegSetValueEx_@24
_IsCharAlpha_@4
_RegQueryInfoKey_@48
_GetTextFace_@12
_GetUnicodeRedirectionLayer@0
_GetTempPath_@8

lz32

LZStart
LZRead
CopyLZFile
LZCreateFileW
LZOpenFileA
LZSeek
LZInit
LZCloseFile
LZClose
GetExpandedNameW
LZCopy
LZOpenFileW
GetExpandedNameA
LZDone

msvcrt

__getmainargs
__set_app_type
__p__commode
exit

kbdusl

KbdLayerDescriptor

Sections

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 502KB - Virtual size: 502KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 198KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8aa13872248b6f305cda751995bf353c

Headers

DLL Characteristics

File Characteristics

Imports

query

kernel32

w32topl

olecli32

sqlunirl

lz32

msvcrt

kbdusl

Sections

.text Size: 160KB - Virtual size: 160KB

.rdata Size: 502KB - Virtual size: 502KB

.data Size: 198KB - Virtual size: 1.6MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 160KB - Virtual size: 160KB

.rdata
Size: 502KB - Virtual size: 502KB

.data
Size: 198KB - Virtual size: 1.6MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB