c7ac42cb5384be5fb8008bf241a75287_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c7ac42cb5384be5fb8008bf241a75287_JaffaCakes118
Size

44KB
MD5

c7ac42cb5384be5fb8008bf241a75287
SHA1

3772a2dc49ef172933f7a6fbc5151645c4721823
SHA256

4e7dc76a2b4f36b031c1254b3a3b36cd214996b72f3f48f89968b9561524d791
SHA512

eeec3a1402f298fd9b79d93da1fd1860258ddb0350450cf22aa89791fced59e8f954170eb00895c02321b6b253c849b2ca8e332d9ae46c310ff32baf72d2e549
SSDEEP

768:0LQ3EmX/mCYIsmB1H7cpkCvWvcm1y6daTq2c+1aYwNrf1jNU1v4P:a0EIwbkbcmoZadaf1aFrf1jNUx4P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c7ac42cb5384be5fb8008bf241a75287_JaffaCakes118

Files

c7ac42cb5384be5fb8008bf241a75287_JaffaCakes118
.exe windows:5 windows x86 arch:x86

54c20e51307b3390e28e6bed70546688

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetTcpTable
InternalCreateIpForwardEntry
RestoreMediaSense
GetAdaptersInfo
GetNetworkParams
GetIfTable
CreateIpNetEntry
_PfBindInterfaceToIPAddress@12
InternalCreateIpNetEntry
GetTcpStatistics
NhGetInterfaceNameFromDeviceGuid
GetBestRoute
IcmpCloseHandle
GetUniDirectionalAdapterInfo
_PfUnBindInterface@4
_PfGetInterfaceStatistics@16
GetIcmpStatistics
do_echo_rep
NotifyRouteChange
DisableMediaSense
_PfBindInterfaceToIndex@16
DeleteIpForwardEntry
GetIpStatistics
GetIpNetTable
GetIpForwardTable
CreateProxyArpEntry
_PfTestPacket@20
SetIpStatistics
_PfSetLogBuffer@28
IcmpSendEcho
InternalGetIpAddrTable
_PfRemoveFiltersFromInterface@20
InternalSetIpStats
NhpAllocateAndGetInterfaceInfoFromStack
InternalGetIpNetTable
IcmpCreateFile
GetIfEntry
do_echo_req
SetIpForwardEntry
InternalGetTcpTable
_PfRemoveGlobalFilterFromInterface@8
_PfRemoveFilterHandles@12
InternalSetIpNetEntry

polstore

IPSecFreeMulNegPolData
IPSecFreeMulPolicyData
IPSecSetNFAData
IPSecFreeMulISAKMPData
IPSecEnumPolicyData
IPSecGetAssignedPolicyData
IPSecCopyNFAData
IPSecCreateNFAData
IPSecFreeMulNFAData
IPSecEnumNFAData
IPSecExportPolicies
IPSecAllocPolStr
IPSecDeletePolicyData
IPSecCreateNegPolData
IPSecFreeNegPolData
IPSecIsDomainPolicyAssigned
IPSecFreePolicyData
IPSecCreateFilterData
IPSecSetPolicyData
IPSecCopyAuthMethod
IPSecOpenPolicyStore
IPSecSetISAKMPData
IPSecFreeMulFilterData
IPSecCopyFilterSpec
IPSecGetNegPolData
IPSecFreeFilterData
IPSecClosePolicyStore
IPSecCopyPolicyData
IPSecDeleteISAKMPData
IPSecGetISAKMPData
IPSecCopyISAKMPData
IPSecDeleteNFAData
IPSecGetFilterData
IPSecCreatePolicyData
IPSecCopyNegPolData
IPSecAllocPolMem
IPSecEnumNegPolData
IPSecDeleteFilterData
IPSecFreePolStr
IPSecEnumFilterData
IPSecCreateISAKMPData
IPSecFreeFilterSpecs
IPSecSetNegPolData

msasn1

ASN1BERDecOpenType
ASN1BEREncEndOfContents
ASN1BERDecEndOfContents
ASN1objectidentifier2_cmp
ASN1_CloseDecoder
ASN1BERDotVal2Eoid
ASN1BEREncBitString
ASN1BEREncOctetString
ASN1BERDecChar16String
ASN1BERDecZeroChar16String
ASN1objectidentifier_free
ASN1octetstring_cmp
ASN1CEREncChar32String
ASN1_SetDecoderOption
ASN1BEREncChar32String
ASN1BEREncZeroMultibyteString
ASN1BEREncExplicitTag
ASN1BEREncNull
ASN1BERDecU8Val
ASN1BEREncUTF8String
ASN1utctime_cmp
ASN1_CloseModule
ASN1BERDecUTF8String
ASN1BEREncEoid
ASN1_FreeDecoded
ASN1BEREncDouble
ASN1char32string_cmp
ASN1octetstring_free
ASN1BEREncSX
ASN1BERDecS16Val
ASN1BERDecFlush
ASN1BERDecLength
ASN1ztcharstring_free
ASN1BEREncObjectIdentifier
ASN1BERDecMultibyteString
ASN1CEREncBeginBlk
ASN1BEREncChar16String
ASN1CEREncFlushBlkElement
ASN1CEREncZeroMultibyteString
ASN1_CreateDecoderEx
ASN1_Encode
ASN1CEREncCharString
ASN1BERDecSXVal
ASN1BEREncOpenType
ASN1BEREncBool

kernel32

SetComPlusPackageInstallStatus
InitializeCriticalSectionAndSpinCount
GetConsoleAliasesW
GetPrivateProfileIntW
WriteConsoleInputA
SetClientTimeZoneInformation
SleepEx
CallNamedPipeA
GetVolumePathNameA
CreateMutexA
SetConsoleTitleW
OpenEventA
GetConsoleAliasesLengthW
InterlockedIncrement
InitializeCriticalSection
RegisterConsoleIME
GlobalLock
GlobalFindAtomA
EnumLanguageGroupLocalesW
SetFileAttributesA
DisconnectNamedPipe
GetDateFormatW
DefineDosDeviceW
GetWriteWatch
GetTapeParameters
IsDebuggerPresent
FileTimeToDosDateTime
WriteConsoleInputW
ReadFileScatter
SetConsoleCtrlHandler
SetLocaleInfoA
FlushViewOfFile
BeginUpdateResourceW
VirtualFreeEx
QueryDosDeviceA
LoadLibraryA
OutputDebugStringA
VirtualAlloc
GetVolumeInformationW
FindFirstVolumeA
PrivMoveFileIdentityW
EnumDateFormatsA
OpenMutexA
lstrcmpiA
GlobalMemoryStatus

sqlunirl

_CharUpperBuff_@8
_StartDoc@8
_CreateEnhMetaFile_@16
_GetDiskFreeSpaceEx@16
_FindFirstFile_@8
_GetLocaleInfo_@16
_ExtractIcon_@12
_ObjectCloseAuditAlarm_@12
_CreateNamedPipe_@32
_RegDeleteKey_@8
_lstrcat_@8
_GetEnvironmentVariable_@12
_StartService_@12
_CreateMetaFile_@4
_CommDlg_OpenSave_GetFolderPath@12
_FindWindowEx_@16
_CreateStatusWindow_@16
_NDdeShareAdd_@20
_AddFontResource_@4
newMultiByteFromWideCharSize
_RegDeleteValue_@8
_GetPrivateProfileSection_@16
_GetTextFace_@12
_PropertySheet_@4
_PostThreadMessage_@16
_DlgDirList_@20
_NDdeIsValidAppTopicList_@4
_GlobalFindAtom_@4
_LookupAccountSid_@28
_CharPrev_@8
_ChooseFont_@4
_FindResourceEx_@16
_EnumFonts_@16
_DialogBoxParam_@20
_ResetDC_@8
_CreateAcceleratorTable_@8
_CompareString_@24
_CreateScalableFontResource_@16
_RegEnumValue_@32
_SetVolumeLabel_@8
_SetDlgItemText@12
_GetShortPathName_@12
_RegLoadKey_@12

odbccu32

SQLExecDirect
SQLCancel
SQLNumParams
SQLGetData
SQLNativeSql
SQLGetInfo
SQLGetStmtOption
SQLExecute
SQLBulkOperations
SQLExtendedFetch
SQLPutData
SQLSetStmtOption
SQLParamData
SQLFreeHandle
SQLTransact
SQLSetPos
SQLFetch
SQLCloseCursor
SQLSetScrollOptions
SQLFetchScroll
SQLFreeStmt
SQLSetDescRec
SQLSetConnectAttr
SQLBindParameter
SQLSetDescField
SQLParamOptions

gdi32

ColorMatchToTarget
GetOutlineTextMetricsA
DdEntry6
Polygon
SetTextCharacterExtra
CreateDCW
CopyEnhMetaFileW
GdiEntry4
GetCharWidthFloatA
EngLoadModule
SelectClipRgn
GetMetaFileW
GdiPlayPageEMF
StartPage
DdEntry36
OffsetViewportOrgEx
GetObjectType
DdEntry8
PathToRegion
GdiDllInitialize
DdEntry4
GetCharABCWidthsFloatW
EngEraseSurface
GetPath
GetCharacterPlacementA
GdiEntry9
CreateMetaFileA
GetBkColor

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

54c20e51307b3390e28e6bed70546688

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

polstore

msasn1

kernel32

sqlunirl

odbccu32

gdi32

Sections

.text Size: 30KB - Virtual size: 30KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 2KB - Virtual size: 20KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 30KB - Virtual size: 30KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 2KB - Virtual size: 20KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B