ea91995eec0712a35b978629b9d61921_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ea91995eec0712a35b978629b9d61921_JaffaCakes118
Size

376KB
MD5

ea91995eec0712a35b978629b9d61921
SHA1

ded8742bf154707dd080f1ed2f394c9b8efe3f33
SHA256

8d0dfdff10e697af9f84d3d5f4ee0dfbbabe18ee4de758fe4bd7b53774162eaa
SHA512

0e10b229049abdd5f5c08879ee4ccce5251450049246fbdd611a452915746edb384b1623c019e9508ac3f62b4d7703c8583193d8a82d350ca22aba73f113214b
SSDEEP

6144:LatkV5p+chSu9m37UoRrcgzhjPsOD0GW7Y703iye2jKS/y2auUBpKLFByT:LIk5pcKm3IoRQgzlxD0GIUye2jlbUWLF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea91995eec0712a35b978629b9d61921_JaffaCakes118

Files

ea91995eec0712a35b978629b9d61921_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b2760aa165124ede2bef85e77940867a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

rasman

RasPortGetBundle
RasDeviceGetInfo
RasFindPrerequisiteEntry
RasRequestNotification
RasRegisterRedialCallback
RasAddConnectionPort
RasGetDialParams
RasSetDevConfig
RasSecurityDialogSend
RasGetDevConfigEx
RasDeviceConnect
RasDestroyConnection
RasStartRasAutoIfRequired
RasRpcRemoteGetUserPreferences
RasRpcGetErrorString
RasGetTimeSinceLastActivity
RasRpcDisconnect
RasRPCBind
RasRpcConnect
RasPortOpenEx
RasServerPortClose
RasGetNdiswanDriverCaps
RasRpcUnloadDll
RasPortGetProtocolCompression
RasGetUnicodeDeviceName
RasRpcGetInstalledProtocols
RasBundleClearStatistics
RasGetCalledIdInfo
RasGetInfoEx
RasDeviceEnum
RasGetEapUserInfo
RasSetRouterUsage
RasInitializeNoWait
RasPortGetStatisticsEx

msvcrt40

??6ostream@@QAEAAV0@J@Z
??6ostream@@QAEAAV0@PBE@Z
?text@filebuf@@2HB
?get@istream@@QAEAAV1@PAEHD@Z
iswxdigit
_wfdopen
?adjustfield@ios@@2JB
??_G__non_rtti_object@@UAEPAXI@Z
??_7logic_error@@6B@
__p___wargv
_snprintf
fread
??0filebuf@@QAE@XZ
_mbsbtype
__dllonexit
_fsopen
??4istream@@IAEAAV0@PAVstreambuf@@@Z
?gcount@istream@@QBEHXZ
_wexecvp
__fpecode
wcsncpy
_lrotl
?attach@filebuf@@QAEPAV1@H@Z
_adj_fdivr_m32i
_getdrive
iswprint
_logb
_ismbbprint
_filelengthi64
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_wmktemp
??_7stdiobuf@@6B@
_open
atan2
??0exception@@QAE@XZ
_wopen
??1ios@@UAE@XZ
_lseeki64
islower
fseek
??_Eiostream@@UAEPAXI@Z
isxdigit
__p__winver
??0streambuf@@IAE@PADH@Z
??0fstream@@QAE@H@Z
?close@fstream@@QAEXXZ
_safe_fdiv
??0fstream@@QAE@XZ
_ismbckata
_wexeclp
?fill@ios@@QAEDD@Z
iswctype
rename
_rotr
_copysign
_mbsrchr
?unsetf@ios@@QAEJJ@Z
?getdouble@istream@@AAEHPADH@Z
?get@istream@@QAEAAV1@AAC@Z
_read
??_Gstdiobuf@@UAEPAXI@Z
?gbump@streambuf@@IAEXH@Z
?doallocate@strstreambuf@@MAEHXZ
putchar
atof

sqlunirl

_CreateMDIWindow_@40
_GetFileTitle@12
_WriteConsoleInput_@16
_OemToCharBuff_@12
_LookupAccountSid_@28
_PostMessage@16
_GetCharABCWidths_@16
_NDdeIsValidAppTopicList_@4
_RegisterWindowMessage_@4
_BuildCommDCB_@8
_RegEnumKeyEx_@32
_GetMenuString_@20
_lstrcmpi_@8
_CreateScalableFontResource_@16
_DlgDirList_@20
_MapVirtualKeyEx_@12
_PeekMessage@20
_GetFileAttributesEx_@12
_CreateDialogIndirectParam@20
_EnumDisplaySettings_@12
_FindExecutable_@12
__lwrite_@12
_ExtTextOut@32
_DispatchMessage_@4
_MoveFileEx_@12
_GetEnhMetaFileDescription_@12
_wvsprintf_@12
_IsBadStringPtr_@8
_ResetDC_@8
_DlgDirSelectComboBoxEx_@16
_DefWindowProc@16
_EnumProps_@8
_CreateIC_@16
_AddAtom_@4
_NDdeTrustedShareEnum_@24
_GetServiceKeyName_@16

query

?GetStr@CKey@@QBEPAGXZ
?SkipULong@CMemDeSerStream@@UAEXXZ
?EnumerateProperty@CPidLookupTable@@QAEHAAVCFullPropSpec@@AAI@Z
?CheckHasIndexTable@CiStorage@@SGHPBG@Z
?AddToWorkQueue@CFwAsyncWorkItem@@QAEXXZ
?VT_VARIANT_GE@@YGHABUtagPROPVARIANT@@0@Z
?AddToWorkList@CWorkManager@@QAEXPAVCFwAsyncWorkItem@@@Z
?DeleteRegistryParamNoThrow@CCatalogAdmin@@QAEXPBG@Z
?ReBuild@CPidRemapper@@QAEXABVCPidMapper@@@Z
?UnMarshallTree@CDbCmdTreeNode@@SGPAV1@AAVPDeSerStream@@@Z
?SetBOOL@CStorageVariant@@QAEXFI@Z
?GetCGIVariable@CWebServer@@QAEHPBDAAV?$XArray@G@@AAK@Z
??0CMachineAdmin@@QAE@PBGH@Z
?CIShutdown@@YGXXZ
?AddArg@CEventItem@@QAEXPBG@Z
??1CRestriction@@QAE@XZ
?Set@CPidRemapper@@QAEXAAV?$XArray@K@@@Z
?CheckError@CLocalGlobalPropertyList@@QAEJAAKPAPAG@Z
?GetStackTrace@@YGXPADK@Z
?GetBackupSize@CPropStoreManager@@QAEKK@Z
_ForceMasterMerge@16
?BorrowNewBuffer@CPhysStorage@@QAEPAKK@Z
?AcqWord@CQueryScanner@@QAEPAGXZ
BindIFilterFromStorage
??1CProcess@@QAE@XZ
?SkipDouble@CMemDeSerStream@@UAEXXZ
?MakeBackupCopy@CPhysStorage@@QAEXAAV1@AAVPSaveProgressTracker@@@Z
?UnMarshall@CRestriction@@SGPAV1@AAVPDeSerStream@@@Z
?ShrinkToFit@CPhysStorage@@QAEXXZ
??0CDbColumns@@QAE@I@Z
?OpenExclusive@CMmStream@@QAEXPAGH@Z
?Find@CEmptyPropertyList@@QAEPBVCPropEntry@@ABVCDbColId@@@Z
??0CCatState@@QAE@XZ
??3CDbCmdTreeNode@@SGXPAX@Z
?Serialize@CDbQueryResults@@QBEXAAVPSerStream@@@Z
??0CPidLookupTable@@QAE@XZ
?ClearList@CCombinedPropertyList@@QAEXXZ
??0CQueryScanner@@QAE@PBGHKH@Z

user32

SetCapture
AllowForegroundActivation
ModifyMenuW
UserLpkPSMTextOut
ValidateRgn
IsChild
GetRawInputData
SetPropA
GetProcessDefaultLayout
EnumWindowStationsW
RegisterLogonProcess
GetKeyboardType
SendMessageW
UnregisterHotKey
CtxInitUser32
OemKeyScan
DdeCreateDataHandle
SetCaretPos
GetSysColorBrush
OpenClipboard
GetWindowTextLengthW
DispatchMessageA
SendNotifyMessageA
OemToCharA
CreateIconFromResource
GetMenuStringA
TrackMouseEvent
GetLayeredWindowAttributes
GetDlgCtrlID
UnloadKeyboardLayout
EnumPropsExA
CreateCaret
WCSToMBEx
DestroyWindow
GetParent
GetUserObjectInformationW
DrawStateW
DialogBoxParamA

kernel32

GetProcessHeaps
LocalAlloc
GetNumaHighestNodeNumber
Module32FirstW
GetCurrentThread
FlushInstructionCache
FindActCtxSectionGuid
GlobalLock
Heap32ListNext
RtlUnwind
QueryPerformanceCounter
EnumResourceNamesA
FindFirstFileA
HeapCreate
OpenWaitableTimerW
LoadLibraryA
SetCommState
EnumResourceTypesW
SetConsoleLocalEUDC
ReadConsoleOutputCharacterW
GetDefaultCommConfigA
FindAtomA
CopyLZFile
GetEnvironmentStringsW
DisconnectNamedPipe
VirtualAlloc
UnregisterConsoleIME
UnlockFile
GetDriveTypeA
SetVolumeLabelW
CreateConsoleScreenBuffer
GetFileAttributesA

Sections

.text
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 529KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b2760aa165124ede2bef85e77940867a

Headers

File Characteristics

Imports

rasman

msvcrt40

sqlunirl

query

user32

kernel32

Sections

.text Size: 78KB - Virtual size: 78KB

.rdata Size: 115KB - Virtual size: 115KB

.data Size: 1KB - Virtual size: 529KB

.rsrc Size: 180KB - Virtual size: 180KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 78KB - Virtual size: 78KB

.rdata
Size: 115KB - Virtual size: 115KB

.data
Size: 1KB - Virtual size: 529KB

.rsrc
Size: 180KB - Virtual size: 180KB

.reloc
Size: 1024B - Virtual size: 1024B