fbef564815d34cef2bac36e3545e3194_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fbef564815d34cef2bac36e3545e3194_JaffaCakes118
Size

46KB
MD5

fbef564815d34cef2bac36e3545e3194
SHA1

d732ce78c0bdf702a1f5475f5ef0a53e1dec6900
SHA256

640a29b40a96aedb5b99f30096b727c43d1d8ba84d08d72dcc74b0d67cfff22f
SHA512

4f5c1141f898a2545288b27caddd1ae938568610213cb06db6a19cfc975b45afe61f0cd2bdfec1f173b58f4a065d0066d91416dec7266ca5f3c9d8df39b3e194
SSDEEP

768:2sR/9gCOb5YqsM/gar5a98iypEK1JX1Yp5VD4ePzPzqoaTr4RWK:VVJObX4arA9Nyx6H2errqoaoRWK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fbef564815d34cef2bac36e3545e3194_JaffaCakes118

Files

fbef564815d34cef2bac36e3545e3194_JaffaCakes118
.exe windows:5 windows x86 arch:x86

47ff6ad06df79813c8b88127b7dcd057

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDriveTypeA
CreateMailslotA
InterlockedDecrement
MapUserPhysicalPagesScatter
CreateConsoleScreenBuffer
GetConsoleAliasesW
EnumCalendarInfoExW
IsValidCodePage
SetConsoleWindowInfo
GetLogicalDriveStringsA
GetStartupInfoA
SetConsoleDisplayMode
ReadConsoleOutputCharacterA
GetVolumeInformationW
FindResourceExW
LoadLibraryA
GetUserDefaultUILanguage
VirtualAlloc
GetSystemWow64DirectoryW
IsDebuggerPresent
ContinueDebugEvent
CopyFileExA
VirtualQuery
SetFileAttributesW
SetConsoleNlsMode
UnregisterWaitEx
CreateActCtxW
GetCPInfo
lstrcmpiA
lstrlen
WriteProfileSectionA
GlobalFindAtomA
EnumSystemLanguageGroupsA
LockFileEx
GetConsoleCommandHistoryW
GetLocaleInfoW
SetFileValidData
EraseTape
PrepareTape
SetThreadLocale
InitializeCriticalSection
LCMapStringA
FindVolumeMountPointClose
GetProcessHeap
GetFileAttributesA
CallNamedPipeW
CreateProcessInternalW
PulseEvent
AddRefActCtx

msvcirt

??0iostream@@QAE@PAVstreambuf@@@Z
?good@ios@@QBEHXZ
?opfx@ostream@@QAEHXZ
??_8istream@@7B@
?hex@@YAAAVios@@AAV1@@Z
?rdbuf@ostrstream@@QBEPAVstrstreambuf@@XZ
??_8stdiostream@@7Bistream@@@
??_Estdiobuf@@UAEPAXI@Z
_mtlock
??_Eistream_withassign@@UAEPAXI@Z
??0strstreambuf@@QAE@ABV0@@Z
??_8iostream@@7Bistream@@@
??1streambuf@@UAE@XZ
??1ostrstream@@UAE@XZ
??0ofstream@@QAE@PBDHH@Z
?eback@streambuf@@IBEPADXZ
?get@istream@@QAEAAV1@AAVstreambuf@@D@Z
?is_open@ofstream@@QBEHXZ
?put@ostream@@QAEAAV1@D@Z
?clrlock@ios@@QAAXXZ
?setrwbuf@stdiobuf@@QAEHHH@Z
?overflow@stdiobuf@@UAEHH@Z
?write@ostream@@QAEAAV1@PBDH@Z
?fd@filebuf@@QBEHXZ
?stossc@streambuf@@QAEXXZ
??_8stdiostream@@7Bostream@@@
?allocate@streambuf@@IAEHXZ
?write@ostream@@QAEAAV1@PBEH@Z
?overflow@filebuf@@UAEHH@Z
??5istream@@QAEAAV0@AAG@Z
?flush@@YAAAVostream@@AAV1@@Z
??_Gistrstream@@UAEPAXI@Z

wsnmp32

SnmpEncodeMsg
SnmpGetRetry
SnmpStrToEntity
SnmpFreePdu
SnmpCountVbl
SnmpSetVb
SnmpGetLastError
SnmpSetRetransmitMode
SnmpFreeEntity
SnmpSetPduData
SnmpSetPort
SnmpGetTimeout
_SnmpConveyAgentAddress@4
SnmpClose
SnmpOidCopy
SnmpStrToOid
SnmpCancelMsg
SnmpListen
SnmpCleanup
SnmpOidCompare
SnmpSetTimeout
SnmpDecodeMsg
SnmpGetRetransmitMode
SnmpOidToStr
SnmpRecvMsg
SnmpStrToContext
SnmpDeleteVb
SnmpDuplicatePdu
SnmpGetTranslateMode
SnmpEntityToStr
SnmpOpen
SnmpStartup
SnmpCreateSession
SnmpRegister
SnmpFreeContext
SnmpCreateVbl
SnmpCreatePdu
SnmpFreeVbl

rtm

RtmDeleteRouteToDest
RtmCreateRouteEnum
RtmDeregisterClient
RtmCreateNextHopEnum
RtmGetEnumDests
RtmCreateEnumerationHandle
RtmRegisterEntity
RtmGetAddressFamilyInfo
MgmGroupEnumerationStart
RtmIgnoreChangedDests
MgmGetFirstMfeStats
RtmGetEnumNextHops
RtmGetNetworkCount
DestroyTable
RtmReferenceHandles
RtmReleaseEntityInfo
RtmIsMarkedForChangeNotification
RtmReleaseNextHops
RtmDequeueRouteChangeMessage
RtmReleaseEntities
RtmGetListEnumRoutes
MgmGetFirstMfe
RtmGetInstanceInfo
RtmCreateRouteListEnum
RtmInvokeMethod
RtmRegisterClient
BestMatchInTable
RtmGetDestInfo
CreateTable
RtmAddRouteToDest
RtmGetRouteAge
RtmCreateDestEnum
RtmDeleteEnumHandle
RtmGetNextHopPointer
SearchInTable
RtmIsBestRoute
MgmGetNextMfeStats
RtmGetExactMatchDestination

msvcrt40

_fstati64
strncpy
_close
??4logic_error@@QAEAAV0@ABV0@@Z
_mbsnicmp
_ismbckata
_setjmp
_lseeki64
??4fstream@@QAEAAV0@AAV0@@Z
towlower
?setmode@ofstream@@QAEHH@Z
_msize
rewind
_iob
_outpd
_execle
??_Giostream@@UAEPAXI@Z
_wgetenv
_expand
fgetpos
_mbbtype
_wcsicoll
vswprintf
??6ostream@@QAEAAV0@K@Z
_mbsnbcmp
strftime
?setmode@fstream@@QAEHH@Z
??6ostream@@QAEAAV0@D@Z
_mbccpy
__dllonexit
_rmtmp
_mbsrev
_fgetwchar
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_getdrive
?width@ios@@QAEHH@Z

query

?Release@CWorkQueue@@QAEXPAVCWorkThread@@@Z
?MakeBackupCopy@CPidLookupTable@@QAEXAAVPRcovStorageObj@@AAVPSaveProgressTracker@@@Z
??3CDbContent@@SGXPAX@Z
?GetLong@CMemDeSerStream@@UAEJXZ
?Resume@CProcess@@QAEXXZ
?QuerySdidLookupTable@CiStorage@@QAEPAVPRcovStorageObj@@K@Z
?ClearList@CCombinedPropertyList@@QAEXXZ
?ChangeDirty@CPropStoreInfo@@AAEXH@Z
??0CColumnSet@@QAE@I@Z
??1CDbPropSet@@QAE@XZ
??0CAllocStorageVariant@@QAE@AAUtagPROPVARIANT@@AAVPMemoryAllocator@@@Z
??1CPropertyRestriction@@QAE@XZ
??0CPropertyStoreWids@@QAE@AAVCPropStoreManager@@@Z
?FastInit@CPropStoreManager@@QAEXPAVCiStorage@@@Z
??1?$XPtr@VCDbCmdTreeNode@@@@QAE@XZ
??0CAllocStorageVariant@@QAE@AAVPDeSerStream@@AAVPMemoryAllocator@@@Z
??0CCatState@@QAE@XZ
?Find@CStaticPropertyList@@UAEPBVCPropEntry@@PBG@Z
??1CWorkQueue@@QAE@XZ
?CheckHasIndexTable@CiStorage@@SGHPBG@Z
?GetWeight@CDbCmdTreeNode@@QBEJXZ
?SetPhrase@CNatLanguageRestriction@@QAEXPBG@Z
??1CFwEventItem@@QAE@XZ
?Release@CQueryUnknown@@UAGKXZ
?GetGlobalStaticPropertyList@@YGPAVCStaticPropertyList@@XZ
?Clone@CNodeRestriction@@QBEPAV1@XZ
?IsCIDialect@CDbPropertyRestriction@@QAEHXZ
DoneFILTERPerformanceData
?ChangeCurrentScope@CCatState@@QAEXPBG@Z
?IsNullPointerVariant@@YGHPAUtagPROPVARIANT@@@Z
?GetAllEntries@CPropertyList@@UAEJPAPAVCPropEntry@@K@Z
?Release@CFwPropertyMapper@@UAGKXZ
??1CPhysStorage@@UAE@XZ
?Initialize@CImpersonationTokenCache@@QAEXPBGHHHKKK@Z
?PutWString@CDbCmdTreeNode@@SGXAAVPSerStream@@PBG@Z
??1CWorkManager@@QAE@XZ

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

47ff6ad06df79813c8b88127b7dcd057

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcirt

wsnmp32

rtm

msvcrt40

query

Sections

.text Size: 29KB - Virtual size: 29KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 2KB - Virtual size: 54KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 29KB - Virtual size: 29KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 2KB - Virtual size: 54KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 1024B