fe2b7e303abe9b9bd008ce2a727ad5a0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fe2b7e303abe9b9bd008ce2a727ad5a0_JaffaCakes118
Size

164KB
MD5

fe2b7e303abe9b9bd008ce2a727ad5a0
SHA1

2735b86ef396c7cb7bd9067fdbafd33092c15863
SHA256

37dd4924b4b9cf0a00c354d70db553b6466da6c9c2a9a78d7b6718f0cd9614f7
SHA512

606ec416c7f15e947c80185129e90756d4722894b7b7ab0123cb1a52b1deb26519796ed0c924dd1b9d3e55bb20cbcdd50734f05cd1606ef6cf2a478ad301ac56
SSDEEP

3072:+Ui5fFnlIhyDHd+KmINQpkl4iD4J3UKPgFVKrCi/lkeKDXqj:hi5frIhaHdbmIm6qy4JoKrp/UD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe2b7e303abe9b9bd008ce2a727ad5a0_JaffaCakes118

Files

fe2b7e303abe9b9bd008ce2a727ad5a0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e887cb99ee3f5bc67895604c621283ff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoW
CreateFileMappingA
VirtualAlloc
LocalFileTimeToFileTime
HeapValidate
LZCloseFile
DeactivateActCtx
GetPrivateProfileIntW
TlsAlloc
RequestDeviceWakeup
GetEnvironmentStringsW
GetOEMCP
lstrcmp
CreateProcessInternalW
WriteConsoleOutputW
WriteProfileStringW
GetHandleInformation
GetCommTimeouts
SetErrorMode
EnumUILanguagesW
HeapDestroy
LoadLibraryA
IsDebuggerPresent
LockFile
FreeEnvironmentStringsW
Heap32Next
FreeLibraryAndExitThread
UnlockFileEx
TlsSetValue
GetNumaAvailableMemoryNode
FlushConsoleInputBuffer
ReadProcessMemory
RegisterWaitForInputIdle
RemoveLocalAlternateComputerNameA

opengl32

glTexCoord3iv
glLogicOp
glPixelStoref
glLighti
glColor3iv
glMapGrid2f
glShadeModel
glColor4iv
glAlphaFunc
glNormal3iv
wglDescribeLayerPlane
glEvalCoord1f
glRasterPos4fv
glVertex3s
glBegin
glTexGeni
glPushName
glTexCoord3s
glGetIntegerv
glDeleteTextures
glIndexMask
glHint
glEndList
glDeleteLists
glGetMapdv
glTexImage2D
glClipPlane
wglShareLists
glVertex2iv
glGetTexParameteriv
glFlush
glNormal3i
glLightModelfv
glCallList

dnsapi

Dns_CloseConnection
DnsExtractRecordsFromMessage_W
DnsWriteQuestionToBuffer_W
Dns_ParseMessage
DnsAsyncRegisterHostAddrs
DnsIsAMailboxType
DnsNameCopy
Dns_ReadPacketName
NetInfo_ResetServerPriorities
DnsQuery_W
DnsValidateName_W
DnsReleaseContextHandle
DnsAcquireContextHandle_W
Dns_UpdateLib
DnsNotifyResolver
DnsCreateStringCopy
Dns_CreateSocketEx
DnsApiSetDebugGlobals
Dns_ReadPacketNameAllocate
Dns_SendAndRecvUdp
DnsWriteReverseNameStringForIpAddress
Dns_UpdateLibEx
DnsQueryConfigDword
DnsGetBufferLengthForStringCopy
DnsApiFree
DnsNameCopyAllocate
QueryDirectEx
DnsUpdateTest_W
Dns_CleanupWinsock
DnsAsyncRegisterTerm
DnsFree

odbcbcp

bcp_sendrow
bcp_done
SQLLinkedServers
bcp_collen
SQLLinkedCatalogsA
bcp_readfmtW
bcp_setcolfmt
LibMain
bcp_initW
bcp_exec
bcp_moretext
bcp_readfmtA
bcp_control
SQLCloseEnumServers
bcp_writefmtW
bcp_writefmtA
bcp_columns
bcp_colfmt
bcp_batch
SQLInitEnumServers
dbprtypeA
bcp_initA
bcp_bind
SQLGetNextEnumeration
bcp_colptr
SQLLinkedCatalogsW
bcp_getcolfmt
dbprtypeW

crypt32

CertGetIssuerCertificateFromStore
I_CryptFlushLruCache
CertAddEncodedCertificateToStore
CertNameToStrA
CertComparePublicKeyInfo
CryptStringToBinaryW
CertFindAttribute
CryptVerifyMessageSignature
CertEnumCTLsInStore
CryptEncodeObjectEx
RegOpenHKCUKeyExU
CertRemoveEnhancedKeyUsageIdentifier
I_CryptReleaseLruEntry
CertAddCertificateLinkToStore
CertSerializeCTLStoreElement
CreateFileU
CertNameToStrW
I_CryptAllocTls
I_CryptRemoveLruEntry
CertVerifyCRLTimeValidity
CryptCreateKeyIdentifierFromCSP
CertSerializeCRLStoreElement
CryptEncryptMessage
CertEnumCTLContextProperties
CryptMsgOpenToEncode
CryptMsgGetAndVerifySigner
CryptRegisterOIDFunction
CryptStringToBinaryA
CertGetValidUsages
CryptSignCertificate
CertGetStoreProperty
CryptSignAndEncodeCertificate
CertSetCRLContextProperty
RegQueryInfoKeyU
CertAddSerializedElementToStore
I_CryptInstallAsn1Module
RegDeleteValueU
CryptMsgCountersign
I_CryptEnableLruOfEntries
CryptFindOIDInfo
I_CryptGetDefaultCryptProvForEncrypt
CertAddEncodedCertificateToSystemStoreA
CryptGetKeyIdentifierProperty

inetcomm

MimeOleCreateMessageParts
EssMLHistoryDecodeEx
MimeOleSetBodyPropW
MimeOleSMimeCapsFromDlg
CreatePOP3Transport
MimeOleGetContentTypeExt
MimeOleSetCompatMode
EssSecurityLabelEncodeEx
MimeOleGetCodePageCharset
HrGetAttachIconByFile
MimeOleConvertEnrichedToHTML
MimeOleFileTimeToInetDate
EssSecurityLabelDecodeEx
MimeOleGetBodyPropA
MimeOleSMimeCapRelease
CreateSMTPTransport
MimeOleParseRfc822AddressW
MimeOleGetCodePageInfo
MimeOleCreateMessage
EssReceiptEncodeEx
MimeOleSetDefaultCharset
MimeOleGetCharsetInfo
MimeOleGenerateCID
MimeOleCreateHeaderTable
MimeOleClearDirtyTree
HrGetAttachIcon
MimeOleAlgNameFromSMimeCap
MimeOleGetFileInfoW
MimeOleDecodeHeader
EssKeyExchPreferenceEncodeEx
MimeOleSMimeCapAddSMimeCap
MimeOleUnEscapeStringInPlace
EssKeyExchPreferenceDecodeEx
EssReceiptDecodeEx
MimeOleCreateHashTable
MimeEditViewSource
HrGetDisplayNameWithSizeForFile
DllGetClassObject
MimeOleParseRfc822Address
MimeOleCreateBody
HrGetLastOpenFileDirectoryW
MimeOleFindCharset
MimeOleGetAllocator
HrAthGetFileName

query

FsCiShutdown
??0CEventLog@@QAE@PBG0@Z
?SetProperty@CDbPropBaseRestriction@@QAEHABVCDbColumnNode@@@Z
?UnMarshall@CDbColId@@QAEHAAVPDeSerStream@@@Z
?PutMaxValue@CValueNormalizer@@QAEXKAAKW4VARENUM@@@Z
??0CRegNotify@@QAE@PBG@Z
??0CCiRegParams@@QAE@PBG@Z
?Release@CQueryUnknown@@UAGKXZ
??1CPhraseRestriction@@QAE@XZ
BindIFilterFromStorage
??1CRangeRestriction@@QAE@XZ
?NewWordBreaker@CCiOle@@SGPAUIWordBreaker@@ABU_GUID@@@Z
??0CRequestQueue@@QAE@IIIHIIABU_GUID@@@Z
?GetCLSID@CAllocStorageVariant@@QBE?AU_GUID@@I@Z
EndCacheTransaction
?GetStringDbRestriction@@YGPAVCDbRestriction@@PBGKPAUIColumnMapper@@K@Z
?GetStartupData@CGenericCiProxy@@QAEPBEAAU_GUID@@AAK@Z
?Write@CDynStream@@QAEXPAXK@Z
?Flush@CDynStream@@QAEXXZ
??0CPropertyRestriction@@QAE@KABVCFullPropSpec@@ABVCStorageVariant@@@Z
?AddRef@CQueryUnknown@@UAGKXZ
?Skip@CEnumWorkid@@UAGJK@Z
?Release@CImpersonateRemoteAccess@@QAEXXZ
?GetDWORDParam@CCatalogAdmin@@QAEHPBGAAK@Z
??0CAllocStorageVariant@@QAE@PBU_GUID@@AAVPMemoryAllocator@@@Z
?Resume@CProcess@@QAEXXZ
?SaCreateAndCopy@@YGHAAVPMemoryAllocator@@PAUtagSAFEARRAY@@PAPAU2@@Z
?Done@CFwAsyncWorkItem@@QAEXXZ
?Disconnect@CRequestClient@@QAEXXZ
?Marshall@CDbNumeric@@QBEXAAVPSerStream@@@Z
?SetFILETIME@CStorageVariant@@QAEXU_FILETIME@@I@Z
??0CAllocStorageVariant@@QAE@AAUtagPROPVARIANT@@AAVPMemoryAllocator@@@Z
??1CDbSortSet@@QAE@XZ
?Stop@CCatalogAdmin@@QAEHXZ
?GetDouble@CMemDeSerStream@@UAENXZ
?ValidateScopeRestriction@@YGHPAVCRestriction@@@Z
??1CFullPropSpec@@QAE@XZ
?Get@CRegAccess@@QAEKPBG@Z

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e887cb99ee3f5bc67895604c621283ff

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

opengl32

dnsapi

odbcbcp

crypt32

inetcomm

query

Sections

.text Size: 75KB - Virtual size: 75KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 49KB - Virtual size: 227KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 75KB - Virtual size: 75KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 49KB - Virtual size: 227KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 1024B