d9bb0f03bee594e0de49d2a75d848ed6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d9bb0f03bee594e0de49d2a75d848ed6_JaffaCakes118
Size

60KB
MD5

d9bb0f03bee594e0de49d2a75d848ed6
SHA1

6a0681fbbdbbd91eafabdd3022e056310dd21233
SHA256

040c993c74cc9f5c64f6410a3a05ca1c4dfaa55c9b3ced5925fce9848fc1c7b1
SHA512

e4e6755d4f22f1f5b9ad55332e6bbcec54cce1bed66f6dbac5ea48d92ee764f60d082b8a4885bf7a49cbde335bd8bfe55c47d1d1d8ba729469081e7f3d72ed02
SSDEEP

1536:xxU6s9FLzaubhZ8xYC9JbcMl2hlGcHar2GoPIrxXvU4dpQJN:DUd9ZWO8xYObR0hlT42GoAq7N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d9bb0f03bee594e0de49d2a75d848ed6_JaffaCakes118

Files

d9bb0f03bee594e0de49d2a75d848ed6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a99fc572b8f3f69db87626a041b77c05

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mprapi

MprAdminUserWrite
MprAdminUserSetInfo
MprConfigServerConnect
MprInfoBlockSet
MprConfigTransportGetHandle
MprConfigServerDisconnect
MprAdminMIBEntrySet
MprAdminIsServiceRunning
MprAdminInterfaceDisconnect
MprAdminMIBEntryCreate
MprAdminMIBServerConnect
MprInfoBlockAdd
MprAdminServerConnect
MprPortSetUsage
MprAdminConnectionClearStats
MprAdminTransportCreate
MprConfigInterfaceCreate

kernel32

InterlockedCompareExchange
GetSystemTimeAsFileTime
CreateJobSet
GetCurrentProcessId
GetNumaNodeProcessorMask
CancelWaitableTimer
GetModuleHandleW
QueryPerformanceCounter
GetProcAddress
PostQueuedCompletionStatus
VirtualAlloc
ContinueDebugEvent
GetConsoleAliasesA
LoadLibraryA
GetConsoleCursorInfo
GetTickCount
SetCalendarInfoA
GetFileAttributesW
GetStartupInfoA
OpenThread
GetCurrentThreadId
GetBinaryTypeA
LoadLibraryW
CreateToolhelp32Snapshot

mpr

WNetGetConnection3W
WNetFormatNetworkNameW
WNetCancelConnectionW
WNetGetUserA
MultinetGetConnectionPerformanceA
WNetDisconnectDialog1A
WNetSetLastErrorA
WNetConnectionDialog
WNetGetConnection2A
WNetCancelConnection2A
WNetUseConnectionW
WNetLogonNotify
WNetGetNetworkInformationW
WNetSetConnectionW
I_MprSaveConn
WNetGetUniversalNameA

msdart

?ConvertSharedToExclusive@CCritSec@@QAEXXZ
?ReadLock@CReaderWriterLock@@QAEXXZ
?ReadLock@CCritSec@@QAEXXZ
?sm_llGlobalList@CLKRHashTable@@0VCLockedDoubleList@@A
?Last@CLockedDoubleList@@QAEQAVCListEntry@@XZ
?ConvertSharedToExclusive@CSpinLock@@QAEXXZ
?IsWinNt4orLater@CMdVersionInfo@@SAHXZ
?GetDefaultSpinCount@CReaderWriterLock2@@SGGXZ
?_AddRefRecord@CLKRLinearHashTable@@ABEXPBXH@Z
??4CFakeLock@@QAEAAV0@ABV0@@Z
?SetDefaultSpinCount@CReaderWriterLock3@@SGXG@Z
??1CReaderWriterLock@@QAE@XZ
?_Expand@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@XZ
?ConvertExclusiveToShared@CCritSec@@QAEXXZ
?_ReadLockSpin@CReaderWriterLock@@AAEXXZ
?_TryReadLock@CReaderWriterLock@@AAE_NXZ
??0CDoubleList@@QAE@XZ
?ValidSignature@CLKRHashTable@@QBE_NXZ
mpMalloc
?WriteLock@CLKRLinearHashTable@@QAEXXZ
?SetTableLockSpinCount@CLKRLinearHashTable@@QAEXG@Z
?SetDefaultSpinAdjustmentFactor@CReaderWriterLock2@@SGXN@Z
?IsReadLocked@CReaderWriterLock3@@QBE_NXZ
?SetSpinCount@CReaderWriterLock@@QAE_NG@Z
?ReadOrWriteUnlock@CReaderWriterLock3@@QAEX_N@Z
?IsWin98orLater@CMdVersionInfo@@SAHXZ
?MpHeapCompact@@YAKPAX@Z
?Apply@CLKRLinearHashTable@@QAEKP6G?AW4LK_ACTION@@PBXPAX@Z1W4LK_LOCKTYPE@@@Z

odbcjt32

SQLSetDescFieldW
SQLExecute
SQLCopyDesc
InitDialogAgain
SQLSetCursorNameW
SQLParamData
SQLGetData
SQLGetFunctions
SQLSetStmtAttrW
InvisibleSelectDb
SQLCloseCursor

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a99fc572b8f3f69db87626a041b77c05

Headers

DLL Characteristics

File Characteristics

Imports

mprapi

kernel32

mpr

msdart

odbcjt32

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 10KB - Virtual size: 51KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 380B

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 10KB - Virtual size: 51KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 380B