c0eab8b2073c248b6eb0e66d1f0087d5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c0eab8b2073c248b6eb0e66d1f0087d5_JaffaCakes118
Size

246KB
MD5

c0eab8b2073c248b6eb0e66d1f0087d5
SHA1

268a8a4db8564bf37d51a614d573b58b8ad7b5c8
SHA256

d888a8434a665552b7185834f727f252d382fe7410079c2a8e272f9873c8cd5e
SHA512

0396765f0d3e03fff182df2d1341d672f90962f5166aa9df60f9b88979efdf37cdb8791079d9a303e57c4c6edc488691c15b347d15bfb2adb60aaf04bdbf6aa3
SSDEEP

6144:/gJoEtEJP2gpjG6grfHUds56EMvVktn7WyT05:NEcJpjG6afHVQEMC73G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0eab8b2073c248b6eb0e66d1f0087d5_JaffaCakes118

Files

c0eab8b2073c248b6eb0e66d1f0087d5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

09a91e98f1d73376fdca41727824817d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetApiBufferFree
NetUserEnum

kernel32

lstrcmpW
CompareFileTime
lstrlenA
WideCharToMultiByte
lstrlenW
OutputDebugStringW
SetLastError
lstrcpynW
FreeLibrary
CopyFileW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
DeleteFileW
CreateDirectoryW
CreateFileW
WritePrivateProfileStringW
LocalAlloc
RemoveDirectoryW
GetWindowsDirectoryW
LocalFree
CreateProcessW
UnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetSystemTimeAsFileTime
WaitForSingleObject
CreateEventW
SetFileAttributesW
WriteFile
LoadLibraryExW
ExpandEnvironmentStringsA
GetPrivateProfileStringW
CloseHandle
OpenEventW
GetModuleHandleW
GetTempPathW
SetUnhandledExceptionFilter
GetModuleHandleA
GetProcAddress

user32

LoadStringW
GetForegroundWindow
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetSystemMetrics
SetScrollPos
BringWindowToTop
CopyRect
RegisterWindowMessageW
KillTimer
GetCursorPos
InvalidateRect
UpdateWindow
PtInRect
DrawStateW
IsRectEmpty
GetFocus
DrawEdge
FrameRect
LoadCursorW
InflateRect
DestroyIcon
GetSysColor
GetClassNameW
GetDlgItem
MoveWindow
IsWindow
GetTopWindow
ScreenToClient
SetTimer
OffsetRect
PostMessageW
TranslateAcceleratorW
FillRect
GetWindowLongW
GetWindow
GetClientRect
RedrawWindow
SetWindowPos
IsWindowVisible
GetDlgCtrlID
GetWindowRect
GetParent
GetDC
ReleaseDC
SendMessageW
EnableWindow

gdi32

CreateFontIndirectW
CreateRectRgn
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateCompatibleBitmap
Polygon
CreateRectRgnIndirect
BitBlt
CreateCompatibleDC
GetBkColor
GetTextExtentPoint32W
DeleteObject
CreatePatternBrush
CreateSolidBrush
GetObjectW
GetPixel
Escape
GetCurrentObject

advapi32

IsValidSecurityDescriptor
FreeSid
RegOpenKeyExA
RegQueryValueExA
OpenServiceW
StartServiceW
QueryServiceStatus
OpenSCManagerW
CloseServiceHandle
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RevertToSelf
AddAccessAllowedAce
SetSecurityDescriptorOwner
AllocateAndInitializeSid
InitializeAcl
ImpersonateSelf
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AccessCheck
SetSecurityDescriptorGroup
OpenThreadToken
OpenProcessToken
GetLengthSid

shell32

ShellExecuteW
SHGetFileInfoW

w32topl

ToplListCreate

sqlsrv32

SQLCopyDesc
SQLParamOptions
BCP_moretext
SQLSetConnectAttrW
SQLColumnPrivilegesW
SQLConnectW
SQLGetFunctions
LibMain
SQLGetDiagRecW
SQLProceduresW
BCP_setcolfmt

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.GHOpYd
Size: 1024B - Virtual size: 893B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jbo
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vxIoMm
Size: 512B - Virtual size: 429B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hUzP
Size: 512B - Virtual size: 431B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.noy
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 213KB - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CoDlvu
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.FwQUF
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09a91e98f1d73376fdca41727824817d

Headers

DLL Characteristics

File Characteristics

Imports

netapi32

kernel32

user32

gdi32

advapi32

shell32

w32topl

sqlsrv32

Sections

.text Size: 15KB - Virtual size: 15KB

.GHOpYd Size: 1024B - Virtual size: 893B

.jbo Size: 2KB - Virtual size: 2KB

.rdata Size: 4KB - Virtual size: 4KB

.vxIoMm Size: 512B - Virtual size: 429B

.hUzP Size: 512B - Virtual size: 431B

.noy Size: 1024B - Virtual size: 1KB

.data Size: 213KB - Virtual size: 322KB

.CoDlvu Size: 2KB - Virtual size: 2KB

.FwQUF Size: 2KB - Virtual size: 2KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 15KB - Virtual size: 15KB

.GHOpYd
Size: 1024B - Virtual size: 893B

.jbo
Size: 2KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 4KB

.vxIoMm
Size: 512B - Virtual size: 429B

.hUzP
Size: 512B - Virtual size: 431B

.noy
Size: 1024B - Virtual size: 1KB

.data
Size: 213KB - Virtual size: 322KB

.CoDlvu
Size: 2KB - Virtual size: 2KB

.FwQUF
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 2KB