ddd3fd8d6a2d8355d933fe1bfd8e33b9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ddd3fd8d6a2d8355d933fe1bfd8e33b9_JaffaCakes118
Size

823KB
MD5

ddd3fd8d6a2d8355d933fe1bfd8e33b9
SHA1

d698b51c4c4bc748663e2f7edfebbb68ab09699d
SHA256

94ee4441263962e6d2d0500a5de301ab3cc3d46518b8880cfccd4c0ab8ae6f89
SHA512

07cae57da6abb1cafbcc3179e22643a0f4a60b9ea5dea2247b08b6edd46ccecfcce0381c0438101d12d6951f5a925d20f2e3bc61a26f23da65fbba5cf08f0af5
SSDEEP

24576:tdJfIwQXTIfEbQ3JLe5IG6eva6NDMZTgJN4:tvfItXY1y5IfevBND

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ddd3fd8d6a2d8355d933fe1bfd8e33b9_JaffaCakes118

Files

ddd3fd8d6a2d8355d933fe1bfd8e33b9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

93d966f19874859e357f4cc90d510be7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

query

?SkipFloat@CMemDeSerStream@@UAEXXZ
??0CStandardPropMapper@@QAE@XZ
??0CPersDeComp@@QAE@AAVPDirectory@@KAAVCPhysIndex@@KHH@Z
?Marshall@CDbProp@@QBEXAAVPSerStream@@@Z
?NumberOfSortProps@CCatState@@QBEIXZ
?ReleaseRead@CPropertyStore@@AAEXAAVCReadWriteLockRecord@@@Z
?Flush@CPhysStorage@@QAEXH@Z
??1CPropertyList@@UAE@XZ
?GetNumber@CQueryScanner@@QAEHAAJAAH@Z
?QuerySdidLookupTable@CiStorage@@QAEPAVPRcovStorageObj@@K@Z
?LongInit@CPropStoreManager@@QAEXAAHAAKP6GXKHPBX@Z2@Z
??1CScopeAdmin@@QAE@XZ
??3CDbCmdTreeNode@@SGXPAX@Z
?QueryInterface@CFwPropertyMapper@@UAGJABU_GUID@@PAPAX@Z
?AddCatalog@CCatState@@QAEXAAV?$XPtrST@G@@@Z
??0CAllocStorageVariant@@QAE@PBGAAVPMemoryAllocator@@@Z
?_wcsFileName@CGlobalPropFileRefresher@@0PAGA
?ReturnBuffer@CPhysStorage@@QAEXKHH@Z
?Disconnect@CRequestClient@@QAEXXZ
?GetVolumeName@CDriveInfo@@QAEPBGH@Z
?SetProperties@CDbProperties@@UAGJKQAUtagDBPROPSET@@@Z
?IsValid@CAllocStorageVariant@@QBEHXZ
?GetStackTrace@@YGXPADK@Z
??1CDbSortSet@@QAE@XZ
?SetProperty@CDbColId@@QAEHPBG@Z
??0CPropertyRestriction@@QAE@XZ
?GetLPSTR@CAllocStorageVariant@@QBEPADI@Z
??0CSdidLookupTable@@QAE@XZ
?SkipGUID@CMemDeSerStream@@UAEXXZ
?ChangeCurrentCatalog@CCatState@@QAEXPBG@Z
??3CDbColId@@SGXPAX@Z
?GetFileSystem@CDriveInfo@@QAE?AW4eFileSystem@1@H@Z
?CiGetPassword@@YGHPBG0PAG@Z
?InitializeForWrite@CDynStream@@QAEXK@Z
?AcqRst@CRangeKeyRepository@@QAEPAVCRangeRestriction@@XZ
?Open@COLEPropManager@@QAEHABVCFunnyPath@@@Z
?RemoveCatalog@CMachineAdmin@@QAEXPBGH@Z
?FPSToPROPID@CPidConverter@@UAEJABVCFullPropSpec@@AAK@Z
??1CPropertyRestriction@@QAE@XZ
?Recognize@CDFA@@QAEEPBG@Z
?Release@CEnumWorkid@@UAGKXZ

kernel32

IsBadStringPtrA
GetExitCodeProcess
FindFirstFileW
GlobalMemoryStatus
SetMessageWaitingIndicator
GetOverlappedResult
PeekConsoleInputW
GetTapeParameters
FindCloseChangeNotification
GlobalReAlloc
VirtualProtect
LZInit
GetProcessShutdownParameters
RemoveLocalAlternateComputerNameA
EnumLanguageGroupLocalesW
EnumUILanguagesA
MoveFileWithProgressW
EraseTape
GetConsoleCommandHistoryA
FindResourceExA
GlobalAlloc
GetTapePosition
WaitForMultipleObjects
FoldStringA
GetLocalTime
SetHandleCount
FindNextFileA
FindFirstVolumeMountPointA
DebugActiveProcess
FlushConsoleInputBuffer
LoadLibraryA
OpenMutexW
CreateJobObjectW
GlobalFindAtomA
UnregisterWaitEx
SetCommConfig
GetProcessAffinityMask
AddRefActCtx
lstrcatA
GetModuleHandleW
SetConsoleNumberOfCommandsW
QueryActCtxW
GetConsoleInputWaitHandle
RegisterWaitForSingleObject
GetConsoleAliasW
GetLogicalDriveStringsW
SetWaitableTimer
BaseCheckAppcompatCache
SetTapeParameters
lstrcpyA
SetupComm
GetCompressedFileSizeA
CreateThread
FindResourceExW
GetNumaHighestNodeNumber
VirtualAlloc
IsWow64Process
GetSystemWow64DirectoryA
GetCommMask
SetConsoleOS2OemFormat
SetNamedPipeHandleState
MoveFileA
_hwrite
InitializeCriticalSectionAndSpinCount
SetConsoleScreenBufferSize
CompareStringW
SetPriorityClass
CreateWaitableTimerW
GetHandleInformation
MultiByteToWideChar
EnumDateFormatsW
FindFirstVolumeW
GetSystemInfo

mtxoci

olog
oflng
ologof
oopt
ocon
ocan
oexn
orol
oopen
oparse
oexfet
obndrv
Enlist
odessp
odefinps
oermsg
oerhms
oclose
opinit
obndrn
MTxOciInit
odefin
osetpi
ologTransacted
odescr
ofen
DllRegisterServer
obindps
ofetch
DllUnregisterServer
oexec
MTxOciRegisterCursor
MTxolog
MTxOciGetVersion

mprapi

MprInfoDelete
MprAdminMIBEntryGetNext
MprAdminConnectionEnum
MprInfoRemoveAll
MprAdminServerDisconnect
CompressPhoneNumber
MprConfigInterfaceTransportGetHandle
MprAdminMIBServerDisconnect
MprAdminInterfaceDeviceSetInfo
MprAdminMIBEntryCreate
MprAdminTransportGetInfo
MprConfigInterfaceDelete
MprAdminInterfaceGetHandle
MprPortSetUsage
MprInfoBlockFind
MprConfigTransportDelete
MprInfoBlockAdd
MprAdminIsDomainRasServer
MprConfigServerInstall
MprAdminDeviceEnum
MprAdminMIBEntryGetFirst
MprAdminPortGetInfo
MprAdminUserWrite
MprAdminInterfaceTransportGetInfo
MprAdminUserReadProfFlags
MprAdminPortDisconnect
MprInfoBlockRemove
MprInfoBlockSet

advapi32

RegQueryInfoKeyW
RegQueryMultipleValuesW
RegCreateKeyA
SetSecurityDescriptorDacl
GetLocalManagedApplicationData
GetSecurityDescriptorGroup
GetServiceDisplayNameA
GetFileSecurityA
WmiEnumerateGuids
IsTextUnicode
GetEffectiveRightsFromAclA
ConvertSDToStringSDRootDomainA
SetSecurityInfo
BuildImpersonateTrusteeW
LsaEnumerateTrustedDomains
GetTrusteeNameA
MakeAbsoluteSD
LsaSetForestTrustInformation
GetTraceEnableLevel
SystemFunction035
TrusteeAccessToObjectW
RegSaveKeyExA
ConvertStringSidToSidA
CredRenameW
GetFileSecurityW
ClearEventLogA
ElfOpenBackupEventLogA
SystemFunction024

crtdll

_fullpath
vwprintf
_fpreset
div
_CIpow
iswcntrl
_snprintf
_ismbbtrail
wcsncat
_finite
_mbstok
_global_unwind2
_mbbtombc
_cexit
_gcvt
_spawnvp
_logb
sinh
_sleep
ceil
system
localtime
_strspnp
_mbsbtype
_getdllprocaddr
towlower
_rmdir
_rotl
_yn
_scalb
_popen
__GetMainArgs
_onexit
_spawnlpe
vprintf

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 722KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

93d966f19874859e357f4cc90d510be7

Headers

DLL Characteristics

File Characteristics

Imports

query

kernel32

mtxoci

mprapi

advapi32

crtdll

Sections

.text Size: 22KB - Virtual size: 21KB

.rdata Size: 70KB - Virtual size: 70KB

.data Size: 722KB - Virtual size: 2.0MB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 328B

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 70KB - Virtual size: 70KB

.data
Size: 722KB - Virtual size: 2.0MB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 328B