dd3b345a4da0584a06786792882b7bbb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dd3b345a4da0584a06786792882b7bbb_JaffaCakes118
Size

864KB
MD5

dd3b345a4da0584a06786792882b7bbb
SHA1

a60e96035c34b60e824c6a35868a90b423e6c153
SHA256

845e4798eef8397c4c3fb6356660b7faf75fe1bc30f5e11b6a95f4728c2e2463
SHA512

03baa31763c7da6c9250218be7febf024953d37735f5df3cd25a9cdf9256abe41ef01e9468139455b19101ff9e415ab1ef0d5737363ce10225ee0c9f056bb9ed
SSDEEP

24576:1lN+3jveQeqELURPu+lhzSm1j4thBklrsD7zj:1iTveqEszlhR+arsDnj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd3b345a4da0584a06786792882b7bbb_JaffaCakes118

Files

dd3b345a4da0584a06786792882b7bbb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

61ec35de329647705170c793f98e7f54

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

OleSavePictureFile
VarCmp
VarI1FromI4
VarI2FromI4
VarI4FromDec
VarCyFromI2
VarBoolFromI1
VarUI2FromI8
VarDateFromCy
VarDecFromUI8
VarUI4FromR8
BSTR_UserUnmarshal
VarDecMul
VarUI1FromI4
VarUI4FromI1
VarDateFromUI4
VarUI8FromI8
VarMonthName
SafeArrayCreate
RegisterActiveObject
GetRecordInfoFromTypeInfo
VarBstrFromUI4
SysAllocString
VarI1FromI2
VarOr
VarBoolFromDisp
VarI4FromUI8
SafeArraySetIID
VarR4FromUI1
VarI2FromI1
VarI4FromDate
VarUI8FromDec
VarBoolFromI2
VarDateFromI2
VarUI2FromI1
VarUI1FromR4
VariantChangeTypeEx
DispInvoke
VarBstrFromCy
VarRound
VarFormatCurrency

kernel32

GetVolumeInformationW
RemoveDirectoryA
GetCalendarInfoW
ShowConsoleCursor
Beep
GetConsoleAliasExesLengthW
FreeConsole
GetConsoleCommandHistoryW
GetACP
OpenJobObjectW
QueueUserWorkItem
EnumSystemLanguageGroupsW
DeleteFileA
GetBinaryTypeW
EnumCalendarInfoA
FreeLibrary
GetProfileStringA
GetVolumePathNameA
GetPrivateProfileSectionA
OpenSemaphoreW
GetOEMCP
SetLocaleInfoW
SetHandleInformation
GetPriorityClass
LoadLibraryA
CreateRemoteThread
SetLastError
SetThreadContext
CallNamedPipeW
FindClose
GetConsoleKeyboardLayoutNameW
GetSystemDefaultLangID
GetLocaleInfoW
LocalShrink
FlushConsoleInputBuffer
SwitchToFiber
BeginUpdateResourceW
DeleteFileW
MulDiv
VirtualAlloc
GlobalAlloc
VirtualFree

sqlwoa

_LoadIcon@8
_tfopen
newWideCharFromMultiByte
_DrawText@20
_LoadLibrary@4
_CreateWindowEx@48
_CommDlg_OpenSave_GetFilePath@12
_IsDialogMessage@8
_GetDlgItemText@16
_GetComputerName@8
_PostMessage@16
_CharLower@4
_CallWindowProc@20
_CommDlg_OpenSave_GetFolderPath@12
_GetVersionEx@4
_ExtTextOut@32
_FindResource@12
newMultiByteFromWideCharEx
_FreeEnvironmentStrings@4
_GetWindowTextLength@4
_LoadMenu@8
_MoveFile@8
_PeekMessage@20
_CreateFile@28
_GetSaveFileName@4
_GetProp@8
_GetFileTitle@12
_CreateDialogIndirectParam@20
_GetWindowText@12
_SetDlgItemText@12
_GetTextMetrics@8
_StartDoc@8
_trename
_SendDlgItemMessage@20
_GetOpenFileName@4
_MessageBox@16
_LoadString@16
_CreateFontIndirect@4
newMultiByteFromWideChar
_CommDlg_OpenSave_GetSpec@12
_FormatMessage@28
_DeleteFile@4
AllocConvertMultiSZNameToA

winmm

joyReleaseCapture
mmioInstallIOProcW
mmioAdvance
mciGetErrorStringA
midiOutLongMsg
auxGetVolume
aux32Message
waveOutGetErrorTextW
mixerGetDevCapsA
midiOutGetVolume
waveOutReset
midiOutCachePatches
mmioSetBuffer
midiInAddBuffer
midiStreamPosition
mciGetDeviceIDFromElementIDW
midiOutGetDevCapsW
WOW32ResolveMultiMediaHandle
auxGetNumDevs
midiInReset
waveOutBreakLoop
waveInGetDevCapsW
midiOutGetErrorTextW
mciSendStringA
midiInPrepareHeader
SendDriverMessage
joySetCapture
timeGetSystemTime
mixerOpen
mixerGetLineControlsA
mmTaskCreate
midiOutGetDevCapsA
mmioStringToFOURCCW
timeEndPeriod
mmioRenameW
mmsystemGetVersion
joyGetThreshold
mciSendCommandA
DriverCallback
mciDriverNotify
midiInGetErrorTextW
mixerGetID
waveInGetErrorTextA

Sections

.text
Size: 360KB - Virtual size: 360KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 359KB - Virtual size: 359KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 141KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61ec35de329647705170c793f98e7f54

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

kernel32

sqlwoa

winmm

Sections

.text Size: 360KB - Virtual size: 360KB

.rdata Size: 359KB - Virtual size: 359KB

.data Size: 141KB - Virtual size: 1.6MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 360KB - Virtual size: 360KB

.rdata
Size: 359KB - Virtual size: 359KB

.data
Size: 141KB - Virtual size: 1.6MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB