d9b502a21c42a663884569f7e6202aaa_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d9b502a21c42a663884569f7e6202aaa_JaffaCakes118
Size

374KB
MD5

d9b502a21c42a663884569f7e6202aaa
SHA1

982b80668d08f2a76a928d84b0134b2864a6a485
SHA256

99b316be65368ba13a0b7d5d7e6c51a07ff00715bb983bc5d854b63d4f1cee84
SHA512

402c16739ad0eff39fd06c8e3b83de1b8d84852784e0b78c47f1b7f5f9138276b49177bdc5b9a30d9802c04ea3cea3e0636006cc5062942d0eee3a77dfe0ad1d
SSDEEP

6144:OEVWGzX8K1DjhlmMw5Bj/7CsU9xooLZDyiAPY4O+XOOrnmqfEHB4CNRPeQXYmvUT:JzNVli7roMiAw4T2q0rnXYmva+qx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d9b502a21c42a663884569f7e6202aaa_JaffaCakes118

Files

d9b502a21c42a663884569f7e6202aaa_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3605ab974ba4ca21a87dec27b5153fee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

odbctrac

TraceSQLTablesW
TraceSQLEndTran
TraceSQLTablePrivilegesW
TraceSQLSetScrollOptions
TraceSQLBindParameter
TraceSQLSetCursorName
TraceSQLError
TraceSQLAllocEnv
TraceSQLBrowseConnectW
TraceSQLSetPos
TraceSQLFreeConnect
TraceSQLFreeEnv
TraceSQLDataSources
TraceSQLBindCol
TraceSQLDescribeCol
TraceSQLExtendedFetch
TraceSQLProcedures
TraceSQLPrepare
TraceSQLNativeSqlW
TraceSQLDrivers
TraceSQLNumParams
TraceSQLSetConnectOptionW
TraceSQLTables
TraceSQLDataSourcesW
TraceSQLColAttribute
TraceSQLSetStmtOption
TraceSQLColumnsW
TraceSQLDisconnect
TraceSQLGetData
TraceSQLFetch
TraceSQLGetDiagField
TraceSQLProcedureColumnsW
TraceSQLGetEnvAttr
TraceSQLGetDescRec
TraceSQLForeignKeys
TraceSQLFreeHandle
TraceSQLGetStmtOption
TraceVersion
TraceSQLGetTypeInfoW
TraceSQLFreeStmt

msvcrt

_CxxThrowException
fclose
fgetc
_sys_errlist
_statusfp
_daylight
_mbcjistojms
_msize
_findnexti64
?_query_new_mode@@YAHXZ
is_wctype
_CIfmod
_CIsin
_HUGE
_wcsnicmp
__pioinfo
_scwprintf
_mbsupr
__wargv
__p__daylight
iscntrl
_mbsrev
_mbsdup
_mbslen
_execlp
??4bad_cast@@QAEAAV0@ABV0@@Z
_ismbcl2
_cgetws
_tell
??1__non_rtti_object@@UAE@XZ
wcscoll
??_Eexception@@UAEPAXI@Z
_kbhit
_dup
_execve
__p__tzname

shlwapi

PathMakeSystemFolderW
PathIsUNCServerShareA
PathIsDirectoryW
SHDeleteOrphanKeyW
UrlHashA
StrRetToBufW
PathFindFileNameA
PathSearchAndQualifyA
ChrCmpIW
PathRemoveFileSpecA
UrlHashW
SHRegQueryInfoUSKeyW
SHLoadIndirectString
StrFormatKBSizeA
SHDeleteEmptyKeyA
SHRegGetBoolUSValueW
SHCreateStreamOnFileW
StrDupA
DelayLoadFailureHook
PathCanonicalizeW
PathIsSameRootW
PathCombineW
StrRetToBufA
StrFormatKBSizeW
PathStripToRootA
StrRChrIA
AssocQueryKeyW
AssocCreate
PathQuoteSpacesW
PathIsURLW
UrlIsA
StrRStrIW
SHAutoComplete
PathRemoveExtensionW
UrlGetPartW
SHRegDeleteEmptyUSKeyA
SHRegSetPathA

opengl32

glVertex3sv
glMaterialfv
glRasterPos3iv
glTexCoord4dv
glPopClientAttrib
glTexCoord2dv
wglChoosePixelFormat
wglMakeCurrent
glIndexPointer
glDepthMask
glTexEnvf
glGetMapdv
glVertex2fv
glTexCoord1s
glTexParameteri
glLightfv
glMateriali
glCullFace
glCopyTexImage1D
glPixelTransferi
glClearColor
wglGetCurrentDC
glPixelStoref
wglCreateContext
glTexGenfv
glGetPixelMapfv
glEvalCoord1f
glDebugEntry
glRasterPos3i
wglUseFontOutlinesA
glEnable
glTexGeni
glColorPointer
glMapGrid2f
glRects
glGetPixelMapusv
glColor4ui
glTexCoord1f

kernel32

UpdateResourceW
FindResourceExW
GetCPInfoExA
GlobalAlloc
HeapLock
GetExitCodeThread
CreateTimerQueue
SetCommBreak
lstrlenW
GetCurrentThread
VirtualAlloc
GetCalendarInfoW
LoadLibraryA
GetLastError
GetSystemInfo
FreeLibrary
GlobalFree
FindActCtxSectionGuid
SetLastError
OpenEventA
FindResourceW
CreateToolhelp32Snapshot
WritePrivateProfileStringW
GetEnvironmentStringsA
WaitForSingleObjectEx
SetConsoleOutputCP
TlsAlloc
VirtualProtectEx
InterlockedDecrement
VirtualQueryEx
DebugActiveProcessStop

sqlwoa

_SendDlgItemMessage@20
_RemoveProp@8
_SendMessage@16
_PeekMessage@20
_LoadIcon@8
_PostMessage@16
_DefWindowProc@16
_CreateFile@28
_SetProp@12
_TranslateAccelerator@12
_GetDiskFreeSpaceEx@16
_GetTextExtentPoint32@16
_trename
newMultiByteFromWideChar
_MAKEINTRESOURCE@4
ConvertMultiSZNameToW
_CallWindowProc@20
_CommDlg_OpenSave_GetSpec@12
_WinHelp@16
_FreeEnvironmentStrings@4
_GetOpenFileName@4
_LoadMenu@8
_LoadLibrary@4
_GetWindowLong@8
_DrawText@20
_GetModuleFileName@12
_CharLower@4
_StartDoc@8
_IsDialogMessage@8

iphlpapi

GetUniDirectionalAdapterInfo
NhGetInterfaceNameFromGuid
GetAdaptersInfo
SetTcpEntry
NTTimeToNTPTime
GetAdapterIndex
NhGetGuidFromInterfaceName
GetPerAdapterInfo
SetIfEntry
GetIfTable
IcmpSendEcho2
InternalSetTcpEntry
_PfGetInterfaceStatistics@16
SetIpForwardEntry
GetAdaptersAddresses
Icmp6ParseReplies
InternalSetIpForwardEntry
_PfAddFiltersToInterface@24
GetNetworkParams
SetIpNetEntry
_PfAddGlobalFilterToInterface@8
IpReleaseAddress
_PfRebindFilters@8
GetTcpTable
CreateIpNetEntry
register_icmp
GetNumberOfInterfaces
InternalGetTcpTable
_PfTestPacket@20
CreateIpForwardEntry
IcmpSendEcho
DeleteIpNetEntry
_PfBindInterfaceToIndex@16
_PfCreateInterface@24

user32

EndDialog

Sections

.text
Size: 89KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 448KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 139KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3605ab974ba4ca21a87dec27b5153fee

Headers

File Characteristics

Imports

odbctrac

msvcrt

shlwapi

opengl32

kernel32

sqlwoa

iphlpapi

user32

Sections

.text Size: 89KB - Virtual size: 92KB

.rdata Size: 144KB - Virtual size: 144KB

.data Size: 512B - Virtual size: 448KB

.rsrc Size: 139KB - Virtual size: 140KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 89KB - Virtual size: 92KB

.rdata
Size: 144KB - Virtual size: 144KB

.data
Size: 512B - Virtual size: 448KB

.rsrc
Size: 139KB - Virtual size: 140KB

.reloc
Size: 1024B - Virtual size: 4KB