ebf60b6987518545111de0c5b4ac9b61_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ebf60b6987518545111de0c5b4ac9b61_JaffaCakes118
Size

869KB
MD5

ebf60b6987518545111de0c5b4ac9b61
SHA1

143d3c50c77c5d2ab0698bb9882df72c06247a50
SHA256

03d5b523a43ca6a43adf3270ecaa3ae1621f0cacc6e99af1ae9c3b101407556e
SHA512

354a75e8390fb9c24cb72eb9e4e3e96af5c161471c08c08da55a4ef28a90bfa65ac8e822a45f70fa4cb576c3cbd8ac2aaa5111f900da659c957ed1bc1ca86e8b
SSDEEP

24576:1loeON5Vm8uGLrAKKNjrfG6fVbuJ/Dm4C2h9u:165w5y0KKx7fVbIDmE9u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ebf60b6987518545111de0c5b4ac9b61_JaffaCakes118

Files

ebf60b6987518545111de0c5b4ac9b61_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c1650c2ffb514b4f375d5f43f1454687

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsValidCodePage
BackupSeek
DeleteFileA
HeapCreate
AddVectoredExceptionHandler
QueueUserAPC
GetCurrentProcessId
PeekConsoleInputW
QueryPerformanceFrequency
GetThreadContext
VirtualAlloc
MulDiv
BuildCommDCBAndTimeoutsA
GetModuleHandleA
GetVolumePathNamesForVolumeNameA
GetCurrencyFormatA
GetDefaultCommConfigW
GetProcessId
SetCommState
InitAtomTable
UTUnRegister
CreateMutexA
CallNamedPipeA
GetConsoleAliasesA
SetConsoleCursorMode
SetTimerQueueTimer
LoadLibraryA
DeleteVolumeMountPointW
WriteConsoleOutputA
GetConsoleAliasExesLengthW
HeapLock
GenerateConsoleCtrlEvent
MapUserPhysicalPages
InterlockedPopEntrySList

wldap32

ldap_result
ldap_set_optionA
ldap_extended_operationA
ldap_modify_ext_s
ldap_first_attributeW
ldap_conn_from_msg
ldap_ufn2dnW
ldap_encode_sort_controlA
ldap_create_sort_control
LdapGetLastError
ldap_search_ext
ldap_free_controlsW
ldap_next_reference
ldap_create_page_controlA
ldap_start_tls_sW
ldap_parse_page_controlW
ldap_rename_ext
ldap_delete_ext_sW
ldap_create_vlv_controlA
ldap_modify_ext
ldap_compare_sW
ldap_search_init_pageA
ldap_add_extA
ldap_next_attributeA
ldap_msgfree
ldap_rename_extW
ldap_delete_ext_sA
ldap_get_valuesW
ldap_parse_sort_controlA
ldap_next_entry
ber_first_element
ldap_value_freeA
ldap_create_vlv_controlW
ldap_get_optionW
ldap_compareW
ldap_parse_extended_resultW
ldap_search_extW
ldap_connect
ldap_deleteA
ldap_search_extA
ldap_create_sort_controlW
ber_flatten
ldap_count_entries
ldap_explode_dn

ole32

CreateGenericComposite
CoGetProcessIdentifier
HICON_UserFree
CoCreateInstance
CoRegisterSurrogate
OleConvertIStorageToOLESTREAM
OleTranslateAccelerator
OleSave
OleUninitialize
CoQueryReleaseObject
HGLOBAL_UserSize
HWND_UserSize
HBRUSH_UserUnmarshal
CoMarshalInterface
OleCreateDefaultHandler
ReadClassStg
CoGetObjectContext
CreateAntiMoniker
CreateClassMoniker
ProgIDFromCLSID
OleCreateStaticFromData
CoPopServiceDomain
ReleaseStgMedium
CLSIDFromString
HkOleRegisterObject
OleInitializeWOW
CoGetClassObject
ComPs_NdrDllUnregisterProxy
CoGetDefaultContext
StgConvertVariantToProperty
CoTaskMemAlloc
BindMoniker
WdtpInterfacePointer_UserFree
SNB_UserMarshal
DcomChannelSetHResult
HBRUSH_UserSize
CoSetState
FmtIdToPropStgName
CoWaitForMultipleHandles
CoGetInterceptor
OpenOrCreateStream

msvcrt

__p__daylight
towupper
sprintf
__p__iob
iswalpha
atof
iswlower
_chsize
_wtoi64
_mbsstr
_cscanf
_mbsbtype
_ismbblead
__CxxRegisterExceptionObject
iswupper
calloc
_filelengthi64
_wcsnicmp
_wutime
wcscspn
_wmakepath
_fdopen
__unDNameEx
_unloaddll
_getche
_ismbcalpha
_heapset
_mbsnbicmp
mbstowcs
_adj_fprem1
putwchar
mblen
setbuf
_strtoi64
__crtLCMapStringA
wcsncpy
_strnicoll
??_V@YAXPAX@Z
rename
_CIsinh

query

?GetPropInfo@CEmptyPropertyList@@QAEHABVCDbColId@@PAPBGPAGPAI@Z
?ReadProperty@CPropStoreManager@@QAEHAAVCCompositePropRecord@@KAAUtagPROPVARIANT@@@Z
?Marshall@CDbContentVector@@QBEXAAVPSerStream@@@Z
LoadIFilter
?SetPhrase@CContentRestriction@@QAEXPBG@Z
?SkipChar@CMemDeSerStream@@UAEXK@Z
?QueryCatalogAdmin@CCatalogEnum@@QAEPAVCCatalogAdmin@@XZ
??1CScopeRestriction@@QAE@XZ
?Reset@CRegChangeEvent@@QAEXXZ
?SetI8@CStorageVariant@@QAEXT_LARGE_INTEGER@@I@Z
??1CDbCmdTreeNode@@QAE@XZ
??0CMemSerStream@@QAE@PAEK@Z
?GetDouble@CMemDeSerStream@@UAENXZ
?SetEndKey@CRangeRestriction@@QAEXABVCKeyBuf@@@Z
?Start@CCatalogAdmin@@QAEHXZ
?Marshall@CDbProp@@QBEXAAVPSerStream@@@Z
?WritePropertyInNewRecord@CPropStoreManager@@QAEKKABVCStorageVariant@@@Z
InitializeFILTERPerformanceData
?IsWaitingForDocument@CFilterDaemon@@QAEHXZ
??1CNotRestriction@@QAE@XZ
?StrLen@CKey@@QBEIXZ
?ChangeCurrentMachine@CCatState@@QAEXPBG@Z
?OpenRecordForWrites@CPropStoreManager@@QAEPAVCCompositePropRecordForWrites@@KPAE@Z
?BeginTransaction@CPropStoreManager@@QAEKXZ
?SetRestriction@CDbSelectNode@@QAEHPAVCDbCmdTreeNode@@@Z
EndCacheTransaction
?GetOffset@CKeyDeComp@@QAEXAAUBitOffset@@@Z
?SetBOOL@CStorageVariant@@QAEXFI@Z
??0CSdidLookupTable@@QAE@XZ
??0CSizeSerStream@@QAE@XZ
?Get@CRegAccess@@QAEXPBGPAGI@Z
??0CMetaDataMgr@@QAE@HW4CiVRootTypeEnum@@KPBG@Z

gdi32

StrokeAndFillPath
CreatePatternBrush
ResetDCW
GetFontUnicodeRanges
GetEnhMetaFileDescriptionW
LineTo
DrawEscape
ResetDCA
TranslateCharsetInfo
GetNearestColor
OffsetClipRgn
AddFontMemResourceEx
DdEntry40
DdEntry12
EndDoc
DdEntry45
GetPixelFormat
DdEntry11
GetCharWidthW
GdiConsoleTextOut
GdiArtificialDecrementDriver
CreateDCA
DdEntry41
EnumEnhMetaFile
GetBitmapAttributes
GetEnhMetaFileDescriptionA

shell32

SHGetMalloc

user32

MessageBoxW
EndDialog

Sections

.text
Size: 553KB - Virtual size: 553KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 306KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1650c2ffb514b4f375d5f43f1454687

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wldap32

ole32

msvcrt

query

gdi32

shell32

user32

Sections

.text Size: 553KB - Virtual size: 553KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 306KB - Virtual size: 1.7MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 553KB - Virtual size: 553KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 306KB - Virtual size: 1.7MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B