e15aa106774895eb23b26f3a89d7d66e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e15aa106774895eb23b26f3a89d7d66e_JaffaCakes118
Size

55KB
MD5

e15aa106774895eb23b26f3a89d7d66e
SHA1

cb63e91c01e76ca9e67ed878ff255e557ca70522
SHA256

28432a95767feabfb3450ceadf7b962ae0102a4b1bb2e1a63469a10769fa031b
SHA512

59d695bc390e25cc44cc81eaf6633c8b369d1aa00ab0f57f3de8bdb6a021d58b9ae0bb3613cfbba6279e498980b40f1b1f0270e51c25eb1d0aa39110cfc29852
SSDEEP

1536:QLU6AFd7VqY6cchornkWmPUuckHj/JPIpKCq7nFgN:QILxqY6cvLk3UiD/lI3q7nFW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e15aa106774895eb23b26f3a89d7d66e_JaffaCakes118

Files

e15aa106774895eb23b26f3a89d7d66e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

462604574bd04d7ae2e36900f2242aff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sqlunirl

_InitiateSystemShutdown_@20
_GetFileVersionInfoSize_@8
_lstrcpy_@8
_CallNamedPipe_@28
_ReportEvent_@36
_CreateDirectoryEx_@12
_CreateDesktop_@24
_GetICMProfile_@12
_MessageBoxEx_@20
_DragQueryFile_@16
_DispatchMessage_@4
_FindResourceEx_@16
__hwrite_@12
_RegQueryValueEx_@24
_OpenEvent_@12
_DefMDIChildProc_@16

user32

GetDlgItemTextA
GetCapture
CallWindowProcW
GetWindowContextHelpId
SetCapture
GetMenuCheckMarkDimensions
CopyRect
GetWindowLongA
GetCaretPos
SetWindowTextA
DdeInitializeW
RealGetWindowClass
EnumDisplayDevicesW

msvcrt

??4bad_typeid@@QAEAAV0@ABV0@@Z
wcstol
wcslen
__getmainargs
_mbsnbcpy
_wtempnam
_read
_close
strtod
_ismbcprint
_wsystem
_wctime
_spawnlpe
_wmkdir
__set_app_type
_nextafter
_wcsrev
__p__commode
vswprintf
_ultow

advapi32

CryptDestroyHash
ConvertAccessToSecurityDescriptorW
LsaQueryTrustedDomainInfo
SetPrivateObjectSecurityEx
GetServiceKeyNameW
ConvertStringSDToSDDomainW
I_ScSetServiceBitsW
CryptEnumProvidersA
TraceEvent
AccessCheckByTypeAndAuditAlarmW
CryptSetProvParam
OpenBackupEventLogW
IdentifyCodeAuthzLevelW
CredRenameA
SystemFunction024

kernel32

CreateJobObjectW
GetGeoInfoW
GetTickCount
EnumSystemLanguageGroupsA
SetUserGeoID
EnumDateFormatsExW
Module32NextW
GetProcessHeap
FindFirstFileExW
GetProcessVersion
GetTimeFormatW
VirtualAlloc
AddRefActCtx
Sleep
GetFullPathNameW
GetPrivateProfileSectionNamesW
WideCharToMultiByte
GetVersion
LoadLibraryA
GetLocaleInfoW
SetConsoleFont
SetComputerNameExA

dnsapi

DnsGetDomainName
DnsMapRcodeToStatus
DnsApiSetDebugGlobals
BreakRecordsIntoBlob
DnsNameCompareEx_W
Query_Main
Dns_CreateSocket
DnsWriteReverseNameStringForIpAddress
DnsAllocateRecord
DnsAsyncRegisterHostAddrs
DnsGetPrimaryDomainName_A
DnsNotifyResolverClusterIp
DnsUpdateTest_UTF8
DnsRecordStringForWritableType

comdlg32

CommDlgExtendedError
Ssync_ANSI_UNICODE_Struct_For_WOW
LoadAlterBitmap
GetOpenFileNameA
PageSetupDlgA
PrintDlgExW
GetSaveFileNameA
GetFileTitleA
dwLBSubclass
ReplaceTextW
ChooseColorW
PrintDlgW
FindTextA

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1022B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

462604574bd04d7ae2e36900f2242aff

Headers

DLL Characteristics

File Characteristics

Imports

sqlunirl

user32

msvcrt

advapi32

kernel32

dnsapi

comdlg32

Sections

.text Size: 34KB - Virtual size: 33KB

.data Size: 18KB - Virtual size: 19KB

.rsrc Size: 1024B - Virtual size: 1022B

.reloc Size: 512B - Virtual size: 192B

.text
Size: 34KB - Virtual size: 33KB

.data
Size: 18KB - Virtual size: 19KB

.rsrc
Size: 1024B - Virtual size: 1022B

.reloc
Size: 512B - Virtual size: 192B