fe57cb8e84597a2c51eb2c8c9766b8a7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fe57cb8e84597a2c51eb2c8c9766b8a7_JaffaCakes118
Size

50KB
MD5

fe57cb8e84597a2c51eb2c8c9766b8a7
SHA1

2e9fbf289abe1dc4f8db594d0aa239d23a2c8b7f
SHA256

cf9bec13d0404004bbe09669988504e18dc615f4ec2bb99dc8b45b965a7233d9
SHA512

52d74a48aa786287e23a2df8e13d98f55587ce27fd22879d47f24f9a514e69c65ee5c467877e44f3c180f8c80414361f902851faeb1c95dbd87af68bae72475a
SSDEEP

1536:0UDS4xoquRAXg7AUrb02oz9hbqJPxm8i:oquGUAAb4hbqrY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe57cb8e84597a2c51eb2c8c9766b8a7_JaffaCakes118

Files

fe57cb8e84597a2c51eb2c8c9766b8a7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5317fe38133fabb72fd61fee424485f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sqlunirl

_strerror_@4
_RegQueryInfoKey_@48
_RegQueryMultipleValues_@20
_OpenService_@12
_IsCharAlpha_@4
_GetFileAttributesEx_@12
_GetCharacterPlacement_@24
_tsystem
_GetNamedPipeHandleState_@28
_AccessCheckAndAuditAlarm_@44
_FindFirstFile_@8
_FindText_@4
_GetGlyphOutline_@28
_CreateFile@28
_CreateFont@56
_StartServiceCtrlDispatcher_@4
newWideCharFromMultiByte
_BackupEventLog_@8
_GetComputerName@8
_EnumDesktops_@12
_NDdeSetShareSecurity_@16
_GetClassInfoEx_@12
_DrawText@20
_DefDlgProc_@16
_GetCharWidth_@16
_CharLower@4
_GetProp@8
_CallMsgFilter_@8

crtdll

_mbsncmp
_CIasin
_wcsupr
__GetMainArgs
_execvpe
_filbuf
_mbccpy
_execlp
_expand
_mbscmp
_execve
_wcslwr
_execlpe
_rotr
_y0
wcscpy
isprint
_CIpow
__argv_dll
_spawnlp
_ismbcl2
_beginthread
_strcmpi
_daylight_dll
_setmode
_loaddll
_mbsspn
strcpy
_mbschr
strncmp
_mbsnbset
wcsncpy
abort
fwprintf
ungetwc
putc
_mbsnbcnt
_ecvt
_strrev
fopen
wcsspn
vfwprintf

olecli32

OleQueryCreateFromClip
MfEnumFormat
OleRename
BmRelease
ErrActivate
DibEnumFormat
GetTaskVisibleWindow
OleQueryReleaseStatus
OleGetData
LeShow
LeSetBounds
DefCreateLinkFromFile
PbDraw
DibChangeData
OleCreateFromFile
LeQueryType
SetNetName
OleIsDcMeta
DibClone
MfQueryBounds
ErrReconnect
LeQueryOutOfDate
LeClose
DibSaveToStream
OleEnumObjects
DocWndProc
DefCreateLinkFromClip
OleCopyFromLink
LeSetData
DefCreateFromTemplate
BmClone
OleCreateLinkFromFile
ErrShow
OleCreateFromClip
ErrQueryOutOfDate
OleSavedClientDoc
ErrExecute

rasapi32

DDMGetPhonebookInfo
RasClearConnectionStatistics
RasEnumDevicesW
RasGetEapUserIdentityW
RasScriptInit
RasDialA
RasDeleteSubEntryW
RasSetEntryDialParamsW
RasGetEntryDialParamsW
RasSetAutodialAddressA
UnInitializeRAS
RasEnumAutodialAddressesA
RasGetEntryPropertiesW
RasDeleteSubEntryA
RasGetAutodialAddressW
RasEnumConnectionsW
RasSetSubEntryPropertiesA
RasConnectionNotificationA
RasGetEapUserDataW
RasScriptTerm
RasDeleteEntryA
RasCreatePhonebookEntryA
RasSetEapUserDataW
RasScriptGetIpAddress
RasEnumEntriesW
RasSetOldPassword
RasGetSubEntryPropertiesA
RasGetHport
RasSetAutodialEnableA
RasGetCustomAuthDataW
RasInvokeEapUI
RasGetCredentialsA
RasSetEntryPropertiesW
RasSetAutodialParamW
RasEditPhonebookEntryA
RasHangUpW
RasValidateEntryNameA

rasmontr

RutlCloseDumpFile
RutlGetOsVersion
RutlAssignmentFromTokens
RutlAlloc
RutlCreateDumpFile
RutlIsHelpToken
RutlDwordDup
RutlGetTagToken
RutlStrDup
RutlParse
RutlAssignmentFromTokenAndDword
RutlFree
InitHelperDll

kernel32

WaitForMultipleObjects
SetLocaleInfoW
DeleteFileA
FindNextVolumeA
LZDone
GetThreadContext
GetProcessId
SetFileApisToANSI
SetCommConfig
GetDriveTypeW
GetConsoleProcessList
GetLongPathNameA
VirtualAlloc
SetCurrentDirectoryW
ReleaseSemaphore
WaitNamedPipeW
GetConsoleAliasesLengthA
GetTimeFormatA
GetCurrentProcessId
WriteProcessMemory
IsValidCodePage
GetVolumeNameForVolumeMountPointW
TryEnterCriticalSection
WriteFileEx
IsValidLocale
IsBadReadPtr
LoadLibraryExW
_lread
DeleteTimerQueue
LoadLibraryA
EnumUILanguagesW
QueryDosDeviceW
GetModuleHandleA
ShowConsoleCursor
GetUserGeoID

clbcatq

GetSimpleTableDispenser
DowngradeAPL
SetupOpen
GetCatalogObject
SetupSave
UpdateFromComponentChange
SetSetupSave
GetCatalogObject2
CLSIDFromStringByBitness
CoRegCleanup
DllGetClassObject
OpenComponentLibraryEx
ServerGetApplicationType
GetComputerObject
SetSetupOpen
ActivatorUpdateForIsRouterChanges
CheckMemoryGates
OpenComponentLibraryOnMemEx
ComPlusMigrate
UpdateFromAppChange
DeleteAllActivatorsForClsid
InprocServer32FromString
OpenComponentLibraryOnStreamEx
CreateComponentLibraryEx

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5317fe38133fabb72fd61fee424485f9

Headers

DLL Characteristics

File Characteristics

Imports

sqlunirl

crtdll

olecli32

rasapi32

rasmontr

kernel32

clbcatq

Sections

.text Size: 39KB - Virtual size: 39KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 2KB - Virtual size: 34KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 39KB - Virtual size: 39KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 2KB - Virtual size: 34KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B