fdda18f0a1a163a784dce062e4c1fcd1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fdda18f0a1a163a784dce062e4c1fcd1_JaffaCakes118
Size

58KB
MD5

fdda18f0a1a163a784dce062e4c1fcd1
SHA1

3b43c6c1f66077e07e459af638a72da663e96557
SHA256

6700de12add18d55388db771ea1c2d7e19da757645b83d7ac8b2ec8dfae6c75d
SHA512

0ac7d8f4fc4da02d7dc7d98db290d60c99ba49869cf6865ed8faf0f374ce7f2d87c6c4dd0f454fd2a72755b25f202283c365897927970643c8b809d7d3b87293
SSDEEP

768:LCThE3r47UmKER6wDtD6rBS8FB+8JTfCOPD6NIwKZusWg7v3xh6f//C:Why+3X+8YLGOPSMZXWwv3xh6f/K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fdda18f0a1a163a784dce062e4c1fcd1_JaffaCakes118

Files

fdda18f0a1a163a784dce062e4c1fcd1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b9b739287d72bddcce13b16e34be20b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mprapi

MprAdminRegisterConnectionNotification
MprAdminServerDisconnect
MprAdminInterfaceTransportAdd
MprConfigTransportDelete
MprAdminPortClearStats
MprAdminUserSetInfo
MprAdminInterfaceDeviceSetInfo
MprAdminPortEnum
MprConfigServerConnect
MprAdminInterfaceDelete
MprInfoRemoveAll
MprAdminInterfaceGetCredentialsEx
MprAdminUserServerConnect
MprConfigGetFriendlyName
MprAdminMIBEntryGet
MprConfigInterfaceCreate
MprAdminMIBEntryGetFirst
MprAdminBufferFree
MprAdminMIBEntryDelete
MprAdminUserWriteProfFlags

odbc32

PostODBCComponentError
SQLConnectA
SQLPrimaryKeysW
SQLFreeHandle
SQLProcedureColumnsA
SQLDescribeCol
OpenODBCPerfData
ODBCInternalConnectW
SQLColumnsW
SQLError
SQLGetConnectAttrW
ODBCSetTryWaitValue
SQLColumnPrivileges
SQLDataSourcesW
SQLNativeSql
SQLBindCol
SQLNativeSqlW
SQLDriverConnect
SQLProceduresW
SQLTransact
SQLStatistics

msvcrt20

??_Eostream@@UAEPAXI@Z
signal
ungetc
?sputc@streambuf@@QAEHH@Z
_snprintf
_mbsncoll
__doserrno
_winminor
_tcsicmp
??_Gostream@@UAEPAXI@Z
??_Gostrstream@@UAEPAXI@Z
wctomb
?rdbuf@fstream@@QBEPAVfilebuf@@XZ
?_set_new_mode@@YAHH@Z
__p__pgmptr
?ends@@YAAAVostream@@AAV1@@Z
iswupper
_vsnprintf
??0iostream@@IAE@XZ
_snwprintf
_tell
?allocate@streambuf@@IAEHXZ
_scalb
_waccess
swprintf
?delbuf@ios@@QAEXH@Z
?setmode@filebuf@@QAEHH@Z
??_Giostream@@UAEPAXI@Z

gdi32

GetCurrentObject
EnumObjects
bMakePathNameW
GetPixel
DdEntry35
SetMapMode
DdEntry41
GdiSetAttrs
CreateEnhMetaFileA
GetDeviceGammaRamp
GetTextExtentExPointI
GetKerningPairsW
DdEntry45
GdiCreateLocalEnhMetaFile
UpdateICMRegKeyA
SetRelAbs
GdiPlayScript
CopyMetaFileW
CreateDIBitmap
ScaleViewportExtEx
StartPage

kernel32

SetCommMask
CreateIoCompletionPort
DnsHostnameToComputerNameW
CloseConsoleHandle
LoadLibraryA
HeapCreate
CreateNamedPipeW
GetThreadPriority
SetTermsrvAppInstallMode
GetCommTimeouts
BuildCommDCBW
FatalExit
VirtualProtect
VirtualAlloc
GetCurrentConsoleFont
GetNumaProcessorNode
GetModuleHandleW
_lwrite
AddAtomA
GlobalAddAtomW
GetTempFileNameW
DefineDosDeviceW
FindFirstFileExW
NlsGetCacheUpdateCount
HeapCompact
EnumSystemGeoID
SetCommTimeouts
GetNumaNodeProcessorMask
CreateMutexW
DeleteFileW
ReadConsoleInputW
GetMailslotInfo

glmf32

glsNumuiv
glsNums
glsGetHeaderiv
glsEndObj
glsGetStreamReadName
glsGetCurrentTime
glsRequireExtension
glsGetContextListubz
glsHeaderLayerf
__glsString_init
glsNuml
glsHeaderi
__glsString_assign
glsNumi
glsGetHeaderi
glsCopyStream
glsBlock
glsGetContexti
glsHeaderLayeri
glsCommandFunc
glsUCS4toUTF8
glsNumb
glsFlush
glsLongHigh
glsLong
glsIsContext
glsNullCommandFunc
glsGetConstubz

ntshrui

GetNetResourceFromLocalPath
GetNetResourceFromLocalPathW
IsFolderPrivateForUser
DllCanUnloadNow
IsPathSharedA
GetLocalPathFromNetResourceW
GetLocalPathFromNetResourceA
DllGetClassObject
IsPathSharedW
GetLocalPathFromNetResource
SetFolderPermissionsForSharing
IsPathShared
GetNetResourceFromLocalPathA

advapi32

AdjustTokenPrivileges
CreateTraceInstanceId
LsaNtStatusToWinError
LogonUserExA
LsaOpenTrustedDomain
SaferIdentifyLevel
CryptSetKeyParam
OpenEncryptedFileRawA
InitializeAcl
I_ScSetServiceBitsW
CredRenameW
RegSaveKeyA
ConvertSDToStringSDRootDomainW
LsaSetSecurityObject
OpenServiceA
AllocateAndInitializeSid
LsaSetSecret
SaferiRecordEventLogEntry
StartServiceA
CloseServiceHandle
GetNamedSecurityInfoW
TreeResetNamedSecurityInfoA
ControlTraceA
CredDeleteW
RegQueryInfoKeyA
LsaGetUserName
ImpersonateNamedPipeClient

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b9b739287d72bddcce13b16e34be20b1

Headers

DLL Characteristics

File Characteristics

Imports

mprapi

odbc32

msvcrt20

gdi32

kernel32

glmf32

ntshrui

advapi32

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 18KB - Virtual size: 110KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 224B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 18KB - Virtual size: 110KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 224B