eee602eb03be1cd084188b449248f38d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

eee602eb03be1cd084188b449248f38d_JaffaCakes118
Size

40KB
MD5

eee602eb03be1cd084188b449248f38d
SHA1

753d2f5516110b1d48867c5fcd20c0142fcff33e
SHA256

81caffa64cae0fc3e9157e9374b24843d2a96d6c91cf6083c28ffecee91d5a7f
SHA512

db6a39916874c54fc5f3a0c3bd5d5319b8bbdf35f732b30c3645ce03597622523b03c96f37eb927169b32b7b9beb6cef873a39d8843f377c0076ffab2b72c518
SSDEEP

768:2mmW9Q8LfiKvqUuigp26QoBG6w3Aqm5DeTTAdIGzWPt345a3N:2Bv8LaKvqUjglhww1zhWlgg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eee602eb03be1cd084188b449248f38d_JaffaCakes118

Files

eee602eb03be1cd084188b449248f38d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

99eec81817825993031f6511ffa3fa9f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileExW
GetConsoleAliasesLengthA
InterlockedPopEntrySList
InitializeCriticalSectionAndSpinCount
SetThreadAffinityMask
LoadLibraryA
SetConsoleFont
FatalAppExitW
EnumCalendarInfoA
VirtualAlloc
GlobalUnfix
_lopen
LZOpenFileA
Beep
DeleteVolumeMountPointW
GetUserDefaultLCID
GetNamedPipeHandleStateA
RemoveDirectoryA
GetOEMCP
FindNextVolumeW
LocalAlloc
ShowConsoleCursor
CreatePipe
WaitNamedPipeA
EnumSystemLocalesA
ReadConsoleOutputA
GetTickCount
InitializeCriticalSection
GlobalAlloc
GetCPInfoExA
GetStdHandle
OpenJobObjectW
GetBinaryType
LZOpenFileW
SetFileShortNameW
LockResource
SetHandleCount
DeleteFileA
IsDBCSLeadByte
GetProfileSectionW
GetLocaleInfoW
FreeEnvironmentStringsA
BeginUpdateResourceA
FindFirstVolumeW

wininet

InternetOpenA
RetrieveUrlCacheEntryStreamA
InternetHangUp
ResumeSuspendedDownload
InternetSetPerSiteCookieDecisionA
InternetCrackUrlA
InternetCanonicalizeUrlA
FtpOpenFileW
GopherGetLocatorTypeW
InternetWriteFile
GopherGetLocatorTypeA
InternetQueryFortezzaStatus
IsHostInProxyBypassList
FindNextUrlCacheGroup
HttpSendRequestA
CreateUrlCacheEntryA
UnlockUrlCacheEntryFile
InternetGetConnectedState
DeleteUrlCacheContainerW
InternetCloseHandle
InternetGetPerSiteCookieDecisionW
InternetEnumPerSiteCookieDecisionA
FtpRenameFileA
FindFirstUrlCacheGroup
InternetSetPerSiteCookieDecisionW
DeleteUrlCacheGroup
HttpCheckDavCompliance
DetectAutoProxyUrl
InternetSetDialStateW
FtpRemoveDirectoryA
IsUrlCacheEntryExpiredW
GopherFindFirstFileA
InternetGetCookieA
FtpOpenFileA
GopherCreateLocatorA
GetUrlCacheHeaderData
SetUrlCacheGroupAttributeA
InternetTimeFromSystemTimeA
InternetFindNextFileA

ntdll

RtlDosPathNameToNtPathName_U
ZwQueueApcThread
RtlPrefixUnicodeString
RtlSetUserValueHeap
RtlSetIoCompletionCallback
RtlInsertElementGenericTableAvl
RtlCopySidAndAttributesArray
ZwSetSystemTime
NtIsProcessInJob
RtlSubAuthorityCountSid
RtlTimeFieldsToTime
ZwCallbackReturn
NtSetSecurityObject
DbgPrintEx
NtRaiseHardError
NtSuspendProcess
_aulldiv
RtlxAnsiStringToUnicodeSize
strncpy
ZwIsProcessInJob
RtlAdjustPrivilege
ZwCreateJobObject
RtlValidAcl
RtlEqualDomainName
isgraph
RtlReleaseActivationContext
ZwMakeTemporaryObject
ZwReadRequestData
RtlDestroyQueryDebugBuffer
ZwSetSystemEnvironmentValueEx
ZwSetSystemPowerState
RtlAddAccessAllowedObjectAce
RtlNewSecurityGrantedAccess
RtlInitAnsiString

user32

InvalidateRgn
LoadMenuW
GetMenuItemCount
MapVirtualKeyExA
IsGUIThread
DdeFreeDataHandle
SetShellWindowEx
RegisterWindowMessageW
ChildWindowFromPoint
IsWindow
GetRawInputDeviceList
PaintMenuBar
EqualRect
SendDlgItemMessageA
IsMenu
ChangeDisplaySettingsA
GetDoubleClickTime
DrawCaptionTempA
DragObject
CreateWindowExW
CloseWindowStation
DlgDirListW
RegisterTasklist
SystemParametersInfoW
ClientThreadSetup
DeleteMenu
ResolveDesktopForWOW
VkKeyScanW
GetWindowModuleFileName
EndDialog
DlgDirSelectExA
GetMessageA
DrawCaption
LoadRemoteFonts
LoadAcceleratorsA

sqlsrv32

SQLTablesW
SQLNumParams
WizDSNDlgProc
SQLEndTran
SQLParamOptions
BCP_collen
SQLDriverConnectW
BCP_colfmt
SQLGetCursorNameW
SQLPutData
SQLBindParameter
SQLGetDescRecW
SQLBindCol
BCP_writefmt
SQLGetStmtAttrW
BCP_done
BCP_exec
WizIntSecurityDlgProc
SQLColumnsW
SQLCopyDesc
SQLGetFunctions
WizLanguageDlgProc
BCP_getcolfmt
BCP_moretext
SQLSetConnectOptionW
SQLGetDiagRecW
SQLDescribeParam
SQLPrimaryKeysW
SQLMoreResults
SQLTablePrivilegesW
BCP_readfmt
FinishDlgProc
SQLProceduresW
ConfigDSNW

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

99eec81817825993031f6511ffa3fa9f

Headers

File Characteristics

Imports

kernel32

wininet

ntdll

user32

sqlsrv32

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 6KB - Virtual size: 18KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 6KB - Virtual size: 18KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B