cfdee00c7bd81228c61b10cff67e53ba_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cfdee00c7bd81228c61b10cff67e53ba_JaffaCakes118
Size

61KB
MD5

cfdee00c7bd81228c61b10cff67e53ba
SHA1

202f66219fdf3925cc336ce47e9b6a85e595f654
SHA256

e25d5ffd247b0f57d545f4c6d386cffd81951a585f817f5140c84ebf1cda9a20
SHA512

e35a27068aa19f4fdae3ed03fc561cfeeff5cf13fe92a59048be885294f4d20f40e15812e629d775d250743f1f87ce4d2ae7b7decff3692af1ab213d711f2919
SSDEEP

1536:oAAGhb9/1sCtz7NtjhbgSyQI7kvHJ78EOkOFLDn:oAAM91sMzBbxwkBUHn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cfdee00c7bd81228c61b10cff67e53ba_JaffaCakes118

Files

cfdee00c7bd81228c61b10cff67e53ba_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6ba7eb62ffe4230fcf3cfc1a69316533

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

esent

JetSetCurrentIndex
JetReadFileInstance
JetRenameTable
JetGetObjectInfo
JetSnapshotStart
JetResetCounter
JetSetDatabaseSize
JetCloseFileInstance
JetOSSnapshotFreeze
JetEndExternalBackup
JetCreateInstance2
JetMakeKey@20
JetGetRecordPosition
JetUnregisterCallback
JetSetIndexRange
JetMove@16
JetSetCurrentIndex3
JetDeleteColumn2
JetGetTableColumnInfo
JetAttachDatabase
JetGetSecondaryIndexBookmark
JetInit2

query

?QueryScopeAdmin@CCatalogAdmin@@QAEPAVCScopeAdmin@@PBG@Z
?UnMarshall@CDbProp@@QAEHAAVPDeSerStream@@@Z
?FormFullTree@CTextToTree@@QAEPAUtagDBCOMMANDTREE@@XZ
?SkipByte@CMemDeSerStream@@UAEXXZ
?RemoveCatalogFiles@CMachineAdmin@@QAEXPBG@Z
?ciDelete@@YGXPAX@Z
CIMakeICommand
?EnumVPaths@CMetaDataMgr@@QAEXAAVCMetaDataCallBack@@@Z
?GetPropType@CEmptyPropertyList@@SGGI@Z
CiSvcMain
?Clone@CDbCmdTreeNode@@QBEPAV1@H@Z
?ParseStringColumns@@YGPAVCDbColumns@@PBGPAUIColumnMapper@@KPAVPVariableSet@@PAV?$CDynArray@G@@@Z
?StrLen@CKeyBuf@@QBEIXZ
?GetUShort@CMemDeSerStream@@UAEGXZ
?SkipBlob@CMemDeSerStream@@UAEXK@Z
?LokNewWorkId@CPropertyStore@@AAEKKHH@Z
??1CInternalPropertyRestriction@@QAE@XZ
?GetPropInfo@CEmptyPropertyList@@QAEHPBGPAPAVCDbColId@@PAGPAI@Z
?AddArg@CEventItem@@QAEXK@Z
?Clone@COccRestriction@@QBEPAV1@XZ
??0CFileBuffer@@QAE@AAVCFileMapView@@I@Z
?SetExclude@CScopeAdmin@@QAEXH@Z
?UnMarshall@CDbParameter@@QAEHAAVPDeSerStream@@@Z
?PeekULong@CMemDeSerStream@@UAEKXZ
??1CCatalogEnum@@QAE@XZ
?SetRestriction@CDbSelectNode@@QAEHPAVCDbCmdTreeNode@@@Z

kernel32

SetWaitableTimer
GetCurrentProcessId
HeapSummary
SystemTimeToTzSpecificLocalTime
GetSystemWow64DirectoryW
LocalLock
DeviceIoControl
GetTickCount
SetComputerNameExA
GetStartupInfoW
PeekNamedPipe
QueryPerformanceCounter
UnregisterConsoleIME
BeginUpdateResourceA
LoadLibraryA
RegisterWowExec
LoadLibraryExW
GetConsoleCursorInfo
GetDiskFreeSpaceExA
GetLargestConsoleWindowSize
GetSystemDefaultLangID
VirtualAlloc
GetModuleFileNameW
GetNumaHighestNodeNumber
lstrlen
GetCurrentThreadId
DeleteVolumeMountPointA
Thread32Next
OpenFileMappingA

msvcrt20

_getsystime
??4iostream@@IAEAAV0@PAVstreambuf@@@Z
??_Gstdiobuf@@UAEPAXI@Z
?is_open@fstream@@QBEHXZ
?pword@ios@@QBEAAPAXH@Z
wcsspn
strncmp
??6ostream@@QAEAAV0@PAVstreambuf@@@Z
sscanf
iscntrl
?setmode@ofstream@@QAEHH@Z
?iword@ios@@QBEAAJH@Z
_mbctohira
?setmode@ifstream@@QAEHH@Z
vfprintf
_pclose
_except_handler2
_open
_putch
??1ifstream@@UAE@XZ
_wspawnlpe
fputs
?read@istream@@QAEAAV1@PACH@Z
mbtowc
_mbspbrk
_ismbclegal
_tcsnccnt
_mbbtype

wmi

OpenTraceA
WmiSetSingleInstanceA
WmiQueryGuidInformation
WmiFreeBuffer
WmiFileHandleToInstanceNameW
TraceEvent
GetTraceEnableFlags
RegisterTraceGuidsW
WmiQuerySingleInstanceW
WmiMofEnumerateResourcesA
WmiEnumerateGuids
WmiExecuteMethodA
SetTraceCallback
RemoveTraceCallback
WmiOpenBlock
WmiQueryAllDataW
TraceEventInstance
QueryAllTracesW
StartTraceW
StartTraceA

msi

MsiQueryFeatureStateA
MsiDecomposeDescriptorA
MsiSourceListAddSourceW
MsiGetProductCodeFromPackageCodeA
MsiRecordSetStringA
MsiDatabaseApplyTransformW
MsiRecordGetStringW
MsiPreviewBillboardW
MsiSetTargetPathA
MsiGetComponentStateW
MsiEnableUIPreview
MsiGetSummaryInformationA
MsiRecordReadStream
MsiGetProductInfoW
MsiSetComponentStateA
MsiGetShortcutTargetA
MsiAdvertiseProductA
MsiDatabaseExportW
MsiConfigureFeatureFromDescriptorA
MsiProvideAssemblyW
MsiIsProductElevatedW
MsiRecordClearData
MsiGetLastErrorRecord
MsiMessageBoxW
MsiSetPropertyA

odbcbcp

bcp_getcolfmt
bcp_readfmtA
SQLLinkedCatalogsW
bcp_writefmtA
bcp_initW
SQLLinkedCatalogsA
dbprtypeA
bcp_sendrow
SQLInitEnumServers
bcp_exec
bcp_done
bcp_batch
bcp_columns
bcp_readfmtW
SQLGetNextEnumeration
bcp_colfmt
LibMain
bcp_moretext
bcp_control
bcp_bind
bcp_initA
SQLCloseEnumServers
bcp_collen
bcp_setcolfmt
dbprtypeW
bcp_colptr
bcp_writefmtW

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ba7eb62ffe4230fcf3cfc1a69316533

Headers

DLL Characteristics

File Characteristics

Imports

esent

query

kernel32

msvcrt20

wmi

msi

odbcbcp

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 22KB - Virtual size: 62KB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 248B

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 22KB - Virtual size: 62KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 248B