bf1d70bbf139aea79e8d44eb51efdede_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

bf1d70bbf139aea79e8d44eb51efdede_JaffaCakes118
Size

874KB
MD5

bf1d70bbf139aea79e8d44eb51efdede
SHA1

3bb582207cc34fe794ff9247a90446b44fd8dbd8
SHA256

63296ba7e036df28ed6d9433726277c89d9665024609efcb3f614fc7a8bfddcf
SHA512

36f2e306690d6d02fd3d9628ce07c5ad2809cc1c0c22ba988962c169307ec646333d89ba688055546d616dbd1d2b5b04ba9eef3a15f2c0d7e9e90fe621fb3f06
SSDEEP

24576:vp+XfCE1ANJ9BAcrozzLI62XHd/VybyEbCUjyRv+W0r01rg:B+Xf5KhBZrM3I6e0byEKt+Wi0C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf1d70bbf139aea79e8d44eb51efdede_JaffaCakes118

Files

bf1d70bbf139aea79e8d44eb51efdede_JaffaCakes118
.exe windows:5 windows x86 arch:x86

471adf39e94e06b8dbdabba690733369

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

odbcjt32

SQLColAttributeW
SQLGetConnectAttrW
SQLSetPos
SQLAllocStmt
SQLBulkOperations
SQLAllocEnv
InvisibleSelectDb
ConfigDSNW
SQLExtendedFetch
SQLSetDescFieldW
SQLTablesW
SQLSetConnectAttrW
SQLProceduresW
SQLFetch
SQLPrepareW
SQLGetDescRecW
RepairCompactProc
SQLGetDiagFieldW
SQLNumParams
LoadByOrdinal
SQLFreeConnect
SQLGetFunctions
SQLGetTypeInfoW
SQLCancel
SQLBindParameter
SQLEndTran
SQLDescribeColW
SQLSetStmtAttrW
SQLNumResultCols
SQLSetCursorNameW
SQLGetCursorNameW
SQLAllocHandle
LoginDialogProc
SQLStatisticsW
OpenDirHook
ConfigDSNExW
SQLGetDiagRecW

wsock32

WSAAsyncGetProtoByNumber
recvfrom
WSAUnhookBlockingHook
ioctlsocket
ntohl
getsockname
WSASetLastError
GetAddressByNameW
inet_ntoa
WSAIsBlocking
s_perror
connect
TransmitFile
inet_network
GetAddressByNameA
WSAAsyncGetHostByAddr
sethostname
SetServiceW
inet_addr
GetAcceptExSockaddrs
listen
getsockopt
getprotobyname
getservbyport
WSAAsyncGetHostByName
rexec
EnumProtocolsA
recv
WSAAsyncSelect
select
MigrateWinsockConfiguration
getnetbyname
gethostbyname
send
WSAGetLastError
closesocket
GetTypeByNameW
SetServiceA
ntohs
GetServiceA
GetTypeByNameA
WSASetBlockingHook

kernel32

GetModuleFileNameA
GlobalAlloc
HeapCompact
LoadLibraryA
SetLocaleInfoW
IsBadHugeWritePtr
CancelWaitableTimer
CreateMemoryResourceNotification
PrivMoveFileIdentityW
DeleteCriticalSection
SetConsoleKeyShortcuts
VDMConsoleOperation
EnumUILanguagesA
WriteConsoleOutputW
FindFirstVolumeA
QueryMemoryResourceNotification
EnumSystemLanguageGroupsA
IsBadCodePtr
EnterCriticalSection
VirtualAlloc
ReadProcessMemory
LeaveCriticalSection
WriteProcessMemory
TlsGetValue
GetEnvironmentStringsA
ReadConsoleW
FlushFileBuffers
SetFileAttributesA
OpenMutexW
GetNumberOfConsoleFonts
SetThreadPriorityBoost
lstrcmp
GetCurrentThread
InitializeSListHead
GetAtomNameA
AddConsoleAliasW
GetProcessWorkingSetSize
SetFirmwareEnvironmentVariableA
ResetEvent
VirtualLock

rasapi32

RasRenameEntryW
RasValidateEntryNameA
RasGetCountryInfoA
RasSetAutodialParamA
RasInvokeEapUI
RasAutodialAddressToNetwork
RasEnumDevicesA
RasGetAutodialAddressA
RasScriptTerm
RasGetCredentialsW
RasGetEapUserDataW
RasSetEntryDialParamsA
RasScriptReceive
RasGetSubEntryPropertiesW
RasGetEapUserIdentityA
RasIsSharedConnection
RasClearConnectionStatistics
RasScriptInit
RasGetEntryPropertiesA
RasSetEapUserDataW
RasGetEntryPropertiesW
RasSetAutodialEnableA
RasQuerySharedAutoDial
RasGetEntryDialParamsA
RasDeleteSubEntryW
RasDeleteSubEntryA
RasGetCustomAuthDataW
RasGetEntryHrasconnW
RasFreeEapUserIdentityW
RasHangUpA
RasSetSubEntryPropertiesA
RasQuerySharedConnection
RasDialW
RasSetSubEntryPropertiesW
RasGetProjectionInfoW
RasGetCredentialsA
RasSetEntryPropertiesA
DDMGetPhonebookInfo
RasGetEapUserIdentityW
RasSetAutodialAddressA
RasGetErrorStringW
RasGetCustomAuthDataA
RasGetCountryInfoW

ntdll

NtSetTimerResolution
RtlQueryHeapInformation
RtlUnicodeStringToAnsiSize
ZwQueryDefaultLocale
RtlFirstFreeAce
ZwMapViewOfSection
ZwQuerySystemEnvironmentValue
RtlIpv4AddressToStringW
ZwSetQuotaInformationFile
strcpy
RtlComputePrivatizedDllName_U
RtlWalkHeap
RtlSetEnvironmentVariable
NtCreateToken
RtlAppendUnicodeStringToString
RtlxOemStringToUnicodeSize
ZwDeleteObjectAuditAlarm
isalpha
ZwOpenMutant
RtlFindMostSignificantBit
NlsMbOemCodePageTag
RtlGetSecurityDescriptorRMControl
ZwQueryEvent
NtUnloadKeyEx
RtlGUIDFromString
NtLockRegistryKey
ZwQueryValueKey
NtDuplicateObject
wcstombs
RtlCreateUserSecurityObject
_CIlog

user32

GetClipboardViewer
MenuWindowProcW
RegisterShellHookWindow
GetCursorInfo
GetClipCursor
ChildWindowFromPointEx
AdjustWindowRectEx
SetMenuInfo
DdeInitializeA
RemovePropW
ToAsciiEx
FrameRect
GetAncestor
IsZoomed
OpenDesktopW
EnumWindowStationsW
DialogBoxIndirectParamW
EnumDisplayMonitors
SetShellWindow
CreateDialogParamW
LoadLocalFonts
WinHelpA
UpdateWindow
SendMessageCallbackW
InternalGetWindowText
ChangeMenuA
TabbedTextOutA
wsprintfW
OpenInputDesktop
GetWindowTextLengthW
ShowCaret
GetDoubleClickTime
SetThreadDesktop
SetClipboardViewer
SendMessageCallbackA
UnregisterClassW
DdeConnectList
CharToOemW

gdi32

GetTextExtentExPointI
PATHOBJ_vEnumStartClipLines
ResetDCA
GetICMProfileA
EqualRgn
EngCreateClip
ColorCorrectPalette
EngLoadModule
CreateColorSpaceW
TranslateCharsetInfo
DrawEscape
DdEntry5
EnumFontFamiliesExA
GdiPlayEMF
EngUnicodeToMultiByteN
EngComputeGlyphSet
SetFontEnumeration
PolyPolyline
EngQueryEMFInfo
CreatePenIndirect
GetCharacterPlacementA
RemoveFontResourceW
CLIPOBJ_cEnumStart
GetROP2
EngDeletePath
LPtoDP

msvcp60

?signaling_NaN@?$numeric_limits@M@std@@SAMXZ
?copy@?$char_traits@G@std@@SAPAGPAGPBGI@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??1?$messages@D@std@@UAE@XZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$complex@O@std@@QAE@ABV?$complex@N@1@@Z
?to_int_type@?$char_traits@D@std@@SAHABD@Z
?uncaught_exception@std@@YA_NXZ
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Init@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXPBDIH@Z
?seekp@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
_FInf
??Dstd@@YA?AV?$complex@N@0@ABNABV10@@Z
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_istream@DU?$char_traits@D@std@@@1@@
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIABV12@II@Z
?find_last_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0underflow_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
?do_max_length@codecvt_base@std@@MBEHXZ
??1?$collate@G@std@@UAE@XZ
??Zstd@@YAAAV?$complex@M@0@AAV10@ABV10@@Z
?encoding@codecvt_base@std@@QBEHXZ
??8std@@YA_NABV?$complex@N@0@ABN@Z
?signaling_NaN@?$numeric_limits@H@std@@SAHXZ
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAPAX@Z
?read@?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV12@PAGH@Z
?is_open@?$basic_ifstream@GU?$char_traits@G@std@@@std@@QBE_NXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z
??4?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0locale@std@@QAE@W4_Uninitialized@1@@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG@Z

msasn1

ASN1BERDecBool
ASN1BERDecExplicitTag
ASN1objectidentifier_free
ASN1uint32_uoctets
ASN1BEREncEndOfContents
ASN1BEREoid_free
ASN1BERDecBitString2
ASN1BERDecChar32String
ASN1_CloseEncoder
ASN1_FreeDecoded
ASN1_SetEncoderOption
ASN1BEREncRemoveZeroBits
ASN1CEREncEndBlk
ASN1BERDecEoid
ASN1_CreateDecoder
ASN1bitstring_cmp
ASN1BERDecUTCTime
ASN1BEREncDouble
ASN1BERDecGeneralizedTime
ASN1BERDecCheck
ASN1BERDecObjectIdentifier2
ASN1BERDecSkip
ASN1octetstring_cmp
ASN1BEREncChar32String
ASN1_SetDecoderOption
ASN1_GetEncoderOption
ASN1BEREncNull
ASN1_CreateModule
ASN1intx2int32
ASN1BERDecU16Val
ASN1BEREncExplicitTag
ASN1_GetDecoderOption
ASN1_CloseModule
ASN1BERDecTag
ASN1bitstring_free
ASN1BEREncOpenType
ASN1BEREncGeneralizedTime
ASN1BEREncChar16String
ASN1objectidentifier2_cmp
ASN1BERDecNotEndOfContents
ASN1_Decode
ASN1CEREncMultibyteString

Sections

.text
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 314KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 388KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

471adf39e94e06b8dbdabba690733369

Headers

DLL Characteristics

File Characteristics

Imports

odbcjt32

wsock32

kernel32

rasapi32

ntdll

user32

gdi32

msvcp60

msasn1

Sections

.text Size: 166KB - Virtual size: 166KB

.rdata Size: 314KB - Virtual size: 314KB

.data Size: 388KB - Virtual size: 1.8MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 166KB - Virtual size: 166KB

.rdata
Size: 314KB - Virtual size: 314KB

.data
Size: 388KB - Virtual size: 1.8MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB