fd22c4e557ef42af9de2dc9a3ebaae9c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fd22c4e557ef42af9de2dc9a3ebaae9c_JaffaCakes118
Size

280KB
MD5

fd22c4e557ef42af9de2dc9a3ebaae9c
SHA1

7d4cb79e8357133031905220be97354b8340d30b
SHA256

67002d56257408c9d40adc61441b1a7494e8fb8c4fe2797db8932a2f34691c33
SHA512

51b8860281085a1c8b8a3997b3d75200b7a796db40ecbbb2a9477f266e8fc026b1159010714de736837ab1b26b78cfb7b17551ddb1626e163f46e289fa7675b3
SSDEEP

6144:m+/+1FsBitEybrmhR/Vln5jMKayuGPe8T:mG+1FsBvErIFVFm8T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd22c4e557ef42af9de2dc9a3ebaae9c_JaffaCakes118

Files

fd22c4e557ef42af9de2dc9a3ebaae9c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3d627504cdf4cf0dd927127aeb882db9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

y:\dbcomponents\dbdll\ado\Com\ReleaseU\crdb_com.pdb

Imports

cxlibw-2-6

?copyFrom@?$SString_t@G$00@CXLib206@@QAE_NPBG@Z
?copyFrom@?$SString_t@G$00@CXLib206@@QAE_NPBD@Z
?ToString@SWCharStringConv@CXLib206@@SA?AVSWCharString@2@NH@Z
??0SDate@CXLib206@@QAE@FEE@Z
?FormatDate@SLocale@CXLib206@@SA?AVSWCharString@2@KABVSDate@2@@Z
?TZ_Local@STimeZone@CXLib206@@SAABV12@XZ
??0STime@CXLib206@@QAE@EEEGABVSTimeZone@1@@Z
?FormatTime@SLocale@CXLib206@@SA?AVSWCharString@2@KABVSTime@2@ABVSTimeZone@2@@Z
?ToString@SWCharStringConv@CXLib206@@SA?AVSWCharString@2@IH@Z
?ToString@SWCharStringConv@CXLib206@@SA?AVSWCharString@2@_KH@Z
?ToString@SWCharStringConv@CXLib206@@SA?AVSWCharString@2@_JH@Z
?FromString@SWCharStringConv@CXLib206@@SA_NABVSWCharString@2@AAN@Z
?ToNumber@NeutralString@CXLib206@@SA_NABVSWCharString@2@AA_J@Z
?fromMBCS@?$SString_t@G$00@CXLib206@@QAE_NPBD@Z
?toWChar@?$SString_t@G$00@CXLib206@@QBEIPAGI@Z
??1SWCharStringCI@CXLib206@@QAE@XZ
??1Registry@CXLib206@@UAE@XZ
??8?$SString_t@G$00@CXLib206@@QBE_NABV01@@Z
?ToString@SWCharStringConv@CXLib206@@SA?AVSWCharString@2@JH@Z
??H?$SString_t@G$00@CXLib206@@QBE?AV01@ABV01@@Z
?ToString@SWCharStringConv@CXLib206@@SA?AVSWCharString@2@HH@Z
?getNChars@?$SString_t@G$00@CXLib206@@QBEIXZ
?makeWords@SStringHelper@CXLib206@@SAXABVSWCharString@2@AAV?$SIArray@VSWCharString@CXLib206@@@2@0_N2@Z
?right@?$SString_t@G$00@CXLib206@@QBE?AV12@I@Z
?deleteChar@?$SString_t@G$00@CXLib206@@QAEXI@Z
?trim@?$SString_t@G$00@CXLib206@@QAEXXZ
??7iterator@?$SString_t@G$00@CXLib206@@QBE_NXZ
?empty@?$SString_t@G$00@CXLib206@@QAEXXZ
??4SWCharString@CXLib206@@QAEAAV01@ABV?$SString_t@G$00@1@@Z
??Eiterator@?$SString_t@G$00@CXLib206@@QAEAAV012@XZ
?right@?$SString_t@G$00@CXLib206@@QBE?AV12@Viterator@12@@Z
?ToString@SWCharStringConv@CXLib206@@SA?AVSWCharString@2@KH@Z
??8?$SString_t@G$00@CXLib206@@QBE_NPBG@Z
??4SWCharString@CXLib206@@QAEAAV01@ABV01@@Z
??0?$SChar_t@G$00@CXLib206@@QAE@G@Z
?findFirst@?$SString_t@G$00@CXLib206@@QBE?AViterator@12@V?$SChar_t@G$00@2@@Z
?left@?$SString_t@G$00@CXLib206@@QBE?AV12@Viterator@12@@Z
??0SWCharString@CXLib206@@QAE@ABV?$SString_t@G$00@1@@Z
?toUpper@?$SString_t@G$00@CXLib206@@QAEXXZ
??0?$SString_t@G$00@CXLib206@@QAE@PBG@Z
?compareNoCase@?$SString_t@G$00@CXLib206@@QBEHABV12@@Z
?ReadValue@Registry@CXLib206@@QBE?AVSWCharString@2@ABV32@@Z
??0Registry@CXLib206@@QAE@ABVSWCharStringCI@1@0ABQAUHKEY__@@_N@Z
??0SWCharStringCI@CXLib206@@QAE@PBG@Z
??1?$SString_t@G$00@CXLib206@@QAE@XZ
??4SWCharString@CXLib206@@QAEAAV01@PBG@Z
??Y?$SString_t@G$00@CXLib206@@QAEAAV01@PBG@Z
??0SWCharString@CXLib206@@QAE@PBG@Z
?isEmpty@?$SString_t@G$00@CXLib206@@QBE_NXZ
??Y?$SString_t@G$00@CXLib206@@QAEAAV01@ABV01@@Z
??M?$SString_t@G$00@CXLib206@@QBE_NABV01@@Z
??0SWCharString@CXLib206@@QAE@ABV01@@Z
??0SWCharString@CXLib206@@QAE@XZ
??B?$SString_t@G$00@CXLib206@@QBEPBGXZ
??1SStrTok@CXLib206@@UAE@XZ
?Next@SStrTok@CXLib206@@QAE?AVSWCharString@2@XZ
??0SStrTok@CXLib206@@QAE@ABVSWCharString@1@0@Z
?GetMillisecond@SDateTime@CXLib206@@QBEGXZ
?GetSecond@SDateTime@CXLib206@@QBEEXZ
?GetMinute@SDateTime@CXLib206@@QBEEABVSTimeZone@2@@Z
?GetHour@SDateTime@CXLib206@@QBEEABVSTimeZone@2@@Z
?GetDayOfWeek@SDateTime@CXLib206@@QBEEABVSTimeZone@2@@Z
?GetDay@SDateTime@CXLib206@@QBEEABVSTimeZone@2@@Z
?GetMonth@SDateTime@CXLib206@@QBEEABVSTimeZone@2@@Z
?GetYear@SDateTime@CXLib206@@QBEFABVSTimeZone@2@@Z
?GetCurrentDateTime@SDateTime@CXLib206@@SA?AV12@XZ
?Terminate@SResManager@CXLib206@@SA_NXZ
?Rfc1766ToLcid@SLocale@CXLib206@@SAKABVSWCharString@2@@Z
?Initialize@SResManager@CXLib206@@SA_NXZ
?GetCollection@SResManager@CXLib206@@SA?AV?$CSmartRefCountPtr@VSResCollection@CXLib206@@@2@PBG0QAUHINSTANCE__@@@Z
??1SWCharString@CXLib206@@QAE@XZ

msvcr71

_wcsicmp
_wcsicoll
memset
wcschr
__CppXcptFilter
_adjust_fdiv
malloc
_initterm
?terminate@@YAXXZ
_onexit
__dllonexit
__security_error_handler
??1type_info@@UAE@XZ
_wsplitpath
towupper
_splitpath
_exit
floor
_snwprintf
wcslen
wcsncpy
wcscpy
wcscmp
??_U@YAPAXI@Z
_ultow
_ltow
??0exception@@QAE@ABV0@@Z
_CxxThrowException
free
??0exception@@QAE@XZ
??1exception@@UAE@XZ
__CxxFrameHandler
??2@YAPAXI@Z
_except_handler3
??3@YAXPAX@Z
??_V@YAXPAX@Z

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

kernel32

InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSection
GlobalLock
InterlockedExchange
GetVersionExA
LocalFree
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ExitProcess
GetModuleFileNameW
GlobalFree
GetACP
GlobalSize
GlobalAlloc
GlobalUnlock
LoadLibraryA
GetModuleFileNameA
FreeLibrary
LoadLibraryW
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
GetVersionExW
GetThreadLocale
GetLocaleInfoA

advapi32

RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ole32

CLSIDFromProgID
CoCreateInstance
OleRun
CLSIDFromString

oleaut32

GetErrorInfo
SystemTimeToVariantTime
VarDecFromStr
VarDecFromR8
VarR8FromDec
VarDecInt
VarBstrFromDec
VarCyFromStr
VarCyFromDec
VarBstrFromCy
VariantClear
SysAllocString
VariantCopy
VariantInit
SysFreeString
SysStringByteLen
SysAllocStringByteLen

Exports

Exports

DbBindToField
DbCloseRowset
DbExecuteQuery
DbFetchDatabaseType
DbFetchLogonUIInfo
DbFetchServerName
DbFetchTableFields
DbFetchTableInfo
DbFetchTableList
DbFetchTableParameters
DbFreeErrorInfo
DbFreeFieldBinding
DbFreeFieldList
DbFreeLogonInfo
DbFreeParametersList
DbFreeString
DbFreeTableInfo
DbFreeTableList
DbGetInfo
DbInitialize
DbLogoffServer
DbLogonServer
DbMatchLogonInfo
DbReadRecord
DbReadVariantColumnValue
DbTerminate

Sections

.text
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3d627504cdf4cf0dd927127aeb882db9

Headers

File Characteristics

PDB Paths

Imports

cxlibw-2-6

msvcr71

msvcp71

kernel32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 76KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 472B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 16KB - Virtual size: 13KB

.text Size: 152KB - Virtual size: 152KB

.text
Size: 80KB - Virtual size: 76KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 472B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 16KB - Virtual size: 13KB

.text
Size: 152KB - Virtual size: 152KB