d46221893853e0333fd50dd033a08939_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d46221893853e0333fd50dd033a08939_JaffaCakes118
Size

824KB
MD5

d46221893853e0333fd50dd033a08939
SHA1

62c2cc6fd064ec1e0318af8bc649c338d50b6ca2
SHA256

ea996b4c8a8bb2d676822ace18e3c48ccfd61e67df371329a4e31219dddf7da8
SHA512

1bf454d192418bc53218a17ba87c371d3e08af4fa2917e799afc6cc43acfb3c4e2b3ddb452f52b08ec48ecab69b956dacd3c9201be554aa5d10ed111fe1f3ad5
SSDEEP

24576:q5zatpStQnibMR7rnzD81VdbOjxlf7POG3TaCWRFUr:An6io7WVlOddzRWRK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d46221893853e0333fd50dd033a08939_JaffaCakes118

Files

d46221893853e0333fd50dd033a08939_JaffaCakes118
.exe windows:5 windows x86 arch:x86

73c273f08bad439fb054606f01c6c1db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

cryptui

CryptUIWizImport
CryptUIWizSubmitCertRequestNoDS
CryptUIGetCertificatePropertiesPagesA
CryptUIWizCertRequest
CryptUIGetViewSignaturesPagesA
CryptUIFreeCertificatePropertiesPagesA
CryptUIFreeViewSignaturesPagesW
I_CryptUIProtect
CryptUIDlgViewCertificatePropertiesA
I_CryptUIProtectFailure
CryptUIDlgSelectStoreA
CryptUIDlgSelectCA
CryptUIDlgFreeCAContext
CryptUIDlgSelectCertificateW
CryptUIWizExport
CryptUIWizFreeDigitalSignContext
CryptUIDlgViewCTLA
CryptUIWizDigitalSign
CryptUIWizQueryCertRequestNoDS
CryptUIGetCertificatePropertiesPagesW
DllUnregisterServer
CryptUIDlgViewContext
CryptUIGetViewSignaturesPagesW
LocalEnrollNoDS
CryptUIDlgViewSignerInfoW
WizardFree
CryptUIDlgViewCertificatePropertiesW
CryptUIWizFreeCertRequestNoDS
CryptUIFreeViewSignaturesPagesA
CryptUIDlgViewCertificateW
ACUIProviderInvokeUI
CryptUIWizBuildCTL
DllRegisterServer
EnrollmentCOMObjectFactory_getInstance
CryptUIDlgCertMgr

odbcbcp

bcp_colptr
bcp_collen
SQLLinkedServers
bcp_writefmtW
SQLCloseEnumServers
LibMain
bcp_control
bcp_columns
dbprtypeA
bcp_done
bcp_initW
dbprtypeW
bcp_exec
SQLLinkedCatalogsW
bcp_bind
bcp_readfmtW
bcp_setcolfmt
bcp_writefmtA
bcp_batch
SQLInitEnumServers
bcp_colfmt
bcp_initA
bcp_moretext
SQLLinkedCatalogsA
SQLGetNextEnumeration
bcp_sendrow
bcp_getcolfmt
bcp_readfmtA

msvcp60

??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAGI@Z
??0domain_error@std@@QAE@ABV01@@Z
??_7?$moneypunct@D$0A@@std@@6B@
?is_open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
??_7?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
??1strstreambuf@std@@UAE@XZ
??1runtime_error@std@@UAE@XZ
?in_avail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PAD0ABV12@@Z
??_8?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@7B@
?capacity@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?do_narrow@?$ctype@G@std@@MBEPBGPBG0DPAD@Z
?do_out@?$codecvt@GDH@std@@MBEHAAHPBG1AAPBGPAD3AAPAD@Z
?do_tolower@?$ctype@G@std@@MBEPBGPAGPBG@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?resize@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXIG@Z
?epsilon@?$numeric_limits@N@std@@SANXZ
?id@?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?max@?$numeric_limits@_N@std@@SA_NXZ
?_Infv@?$_Ctr@N@std@@SANN@Z
?readsome@?$basic_istream@GU?$char_traits@G@std@@@std@@QAEHPAGH@Z
?_Index@ios_base@std@@0HA
?exceptions@ios_base@std@@QAEXF@Z
??4_Num_int_base@std@@QAEAAU01@ABU01@@Z
?decimal_point@?$numpunct@G@std@@QBEGXZ
?ws@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@1@AAV21@@Z
??_8?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B@
?max@?$numeric_limits@O@std@@SAOXZ
?uflow@?$basic_filebuf@GU?$char_traits@G@std@@@std@@MAEGXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IGABV?$allocator@G@1@@Z
??_F?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
??0?$complex@O@std@@QAE@ABV?$complex@N@1@@Z
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??9std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?pword@ios_base@std@@QAEAAPAXH@Z
?pubimbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z

kernel32

GetProcessTimes
WritePrivateProfileStringW
DeleteCriticalSection
CreateProcessInternalW
GetSystemWindowsDirectoryW
LocalHandle
LocalFileTimeToFileTime
GetDiskFreeSpaceA
GetLocalTime
GetStringTypeExW
GetSystemDirectoryW
GlobalFindAtomA
GetBinaryTypeA
FindFirstVolumeMountPointA
SetConsoleFont
SetConsoleTextAttribute
CancelTimerQueueTimer
BeginUpdateResourceW
GetShortPathNameA
BackupRead
CreateTapePartition
LZCopy
Heap32ListNext
IsSystemResumeAutomatic
SetConsoleMode
GlobalUnWire
GetSystemTimeAsFileTime
FlushFileBuffers
GetConsoleAliasExesW
LoadLibraryA
WriteConsoleInputVDMA
DeleteFiber
GetSystemDirectoryA
EndUpdateResourceW
GetModuleHandleExW
GetTickCount
OpenMutexW
SetComputerNameW
LCMapStringW
lstrcatA
SetLocalPrimaryComputerNameW
VirtualAlloc
GetTapeStatus
GetConsoleFontInfo
CreateTimerQueue
SetMailslotInfo

odbctrac

TraceSQLColAttribute
TraceSQLSetDescFieldW
TraceSQLGetStmtOption
TraceSQLColumnPrivileges
TraceSQLDrivers
TraceSQLPrimaryKeys
TraceSQLGetCursorNameW
TraceSQLForeignKeysW
TraceSQLProceduresW
TraceSQLSetCursorName
TraceSQLSetParam
TraceSQLGetDescRecW
TraceSQLGetConnectOption
TraceCloseLogFile
FireVSDebugEvent
TraceSQLAllocConnect
TraceSQLTransact
TraceSQLPrepareW
TraceSQLFetchScroll
TraceSQLDisconnect
TraceSQLCopyDesc
TraceSQLGetEnvAttr
TraceSQLSetStmtOption
TraceSQLDataSources
TraceSQLColumnPrivilegesW
TraceSQLSetPos
TraceSQLDescribeParam
TraceSQLParamOptions
TraceSQLDescribeColW
TraceSQLExtendedFetch
TraceSQLFreeEnv
TraceSQLSetCursorNameW
TraceSQLTables
TraceSQLExecute
TraceSQLFreeStmt
TraceSQLPutData

msvcrt20

?dbp@streambuf@@QAEXXZ
_HUGE
?write@ostream@@QAEAAV1@PBEH@Z
?delbuf@ios@@QBEHXZ
memset
_tcsnextc
?fill@ios@@QBEDXZ
??0ifstream@@QAE@HPADH@Z
_wmktemp
_mbsstr
_filelength
iswalnum
_getws
??_8fstream@@7Bostream@@@
__iscsym
$I10_OUTPUT
_wexeclp
?bitalloc@ios@@SAJXZ
??5istream@@QAEAAV0@AAK@Z
_write
_amsg_exit
?setbuf@ifstream@@QAEPAVstreambuf@@PADH@Z
_adj_fdivr_m16i
??_7strstreambuf@@6B@
_CIfmod
_cwait
??4ostream_withassign@@QAEAAVostream@@ABV1@@Z
?eback@streambuf@@IBEPADXZ
asin
ungetc
_ftol
??_Diostream@@QAEXXZ
??_Dstdiostream@@QAEXXZ
_wtoi
?get@istream@@QAEAAV1@AAD@Z
strchr
??_7filebuf@@6B@
_tempnam
?blen@streambuf@@IBEHXZ
?str@strstream@@QAEPADXZ
??1iostream@@UAE@XZ
labs
_wexeclpe
_flsbuf
_strupr
?fd@filebuf@@QBEHXZ
?sh_read@filebuf@@2HB
?seekoff@strstreambuf@@UAEJJW4seek_dir@ios@@H@Z
_getcwd
__lconv_init
_close
?setf@ios@@QAEJJ@Z
_fileno
?put@ostream@@QAEAAV1@D@Z
?close@filebuf@@QAEPAV1@XZ
?get@istream@@QAEAAV1@AAVstreambuf@@D@Z
_fdopen
isleadbyte
?precision@ios@@QBEHXZ
putc
?seekg@istream@@QAEAAV1@J@Z
_tcsspn
_mtlock
_execve

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 573KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

73c273f08bad439fb054606f01c6c1db

Headers

DLL Characteristics

File Characteristics

Imports

cryptui

odbcbcp

msvcp60

kernel32

odbctrac

msvcrt20

Sections

.text Size: 92KB - Virtual size: 91KB

.rdata Size: 150KB - Virtual size: 150KB

.data Size: 573KB - Virtual size: 1.9MB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 320B

.text
Size: 92KB - Virtual size: 91KB

.rdata
Size: 150KB - Virtual size: 150KB

.data
Size: 573KB - Virtual size: 1.9MB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 320B