03557d78978e5cbd5178c6856da5e349_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

03557d78978e5cbd5178c6856da5e349_JaffaCakes118
Size

132KB
MD5

03557d78978e5cbd5178c6856da5e349
SHA1

937bd182087670cdc3a1f2069aab176c0c8914f5
SHA256

b0ac10e7dcee0930f05487b04757e3c5b43bdb7fdc5d38034bd40b0fbaf7fcbf
SHA512

8b296b711c814dbf5d39d2ce4cbc1aa158f3e0276088a12493091e2c826c07ef72dc843294a186fed9eff53255b27f3843394f65a61c77f51085985a1eaff843
SSDEEP

3072:xUQzSUNzlB3X+pUsYCv6v7EcAoYo0XcblZXeKRd7lJisbzJyaFgDtpVZC:alU5lUGsYCvQjAoY7ud9bE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03557d78978e5cbd5178c6856da5e349_JaffaCakes118

Files

03557d78978e5cbd5178c6856da5e349_JaffaCakes118
.exe windows:4 windows x86 arch:x86

55bba954f7a1dd399d85e79b38e0279d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

imagehlp

SymFunctionTableAccess
SymInitialize
SymGetModuleInfo
StackWalk
SymGetModuleBase
SymCleanup
SymSetOptions
SymGetSymFromAddr
SymUnDName

odbc32

ord51
ord2
ord150
ord16
ord5
ord12
ord107
ord145
ord3
ord141
ord139
ord1
ord14
ord9
ord23
ord110
ord111
ord119
ord72
ord29
ord4
ord13
ord15
ord43

sqlunirl

_LoadString@16
_GetUserName@8
_FormatMessage@28
_GetUnicodeRedirectionLayer@0
_GetProcAddress_@8
_LoadLibrary@4
_GetVersionEx@4
_GetComputerName@8
_CreateFile@28

atl

ord21
ord22
ord23
ord20
ord17
ord18
ord30
ord58
ord32
ord16

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

GetLocalTime
ReadProcessMemory
lstrlenA
EnterCriticalSection
FreeLibrary
lstrcatA
LoadLibraryA
GetModuleHandleA
GlobalMemoryStatus
QueryPerformanceFrequency
CreateFileA
GetEnvironmentVariableA
GetProcessHeap
HeapAlloc
FlushFileBuffers
HeapFree
GetCommandLineA
GetCurrentThreadId
AllocConsole
SetConsoleCtrlHandler
GetConsoleScreenBufferInfo
SetConsoleScreenBufferSize
GetCurrentProcess
ExpandEnvironmentStringsA
lstrcpyA
GetSystemDefaultLCID
FormatMessageA
InterlockedIncrement
WaitForSingleObject
GetQueuedCompletionStatus
GlobalLock
GlobalUnlock
GlobalFree
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
LeaveCriticalSection
GlobalAlloc
GetModuleFileNameA
GetLastError
Sleep
CreateIoCompletionPort
MultiByteToWideChar
CloseHandle
SetEvent
PostQueuedCompletionStatus
InterlockedDecrement
WriteFile
SetFilePointer
GetSystemInfo
TerminateThread
ResetEvent
GetTickCount
WaitForMultipleObjects
CreateEventA
ExitProcess
GetStdHandle
ReleaseMutex
ReadFile
CreateFileMappingA
GetFileSize
GetSystemDefaultLangID
UnmapViewOfFile
MapViewOfFile

user32

wsprintfA
MessageBoxA

advapi32

SetSecurityDescriptorDacl
OpenProcessToken
ReportEventA
QueryServiceStatus
CloseServiceHandle
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
MakeSelfRelativeSD
RegisterEventSourceA
GetSecurityDescriptorLength
DeregisterEventSource
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetLengthSid
CopySid
InitializeSecurityDescriptor

ole32

CoUninitialize
CoInitializeSecurity
CoTaskMemFree
CoTaskMemRealloc
CoInitializeEx

oleaut32

LoadRegTypeLi
SysStringLen
SysFreeString

msvcrt

_adjust_fdiv
__p__commode
__p__fmode
__setusermatherr
__set_app_type
__dllonexit
_onexit
time
localtime
iswspace
_wsplitpath
_initterm
_wtoi
wcsrchr
_purecall
_wcsnicmp
_wcsdup
wcsncmp
free
_iob
freopen
printf
strchr
_controlfp
fclose
_strnicmp
malloc
_stricmp
sprintf
strncpy
_wstrdate
memmove
swscanf
_endthreadex
_beginthreadex
wcsncat
_strrev
wcschr
wcscat
wcsstr
swprintf
_vsnwprintf
wcscmp
_wcsicmp
wcslen
wcsncpy
??2@YAPAXI@Z
wcscpy
??3@YAXPAX@Z
wprintf
_wcslwr
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
asctime
_wstrtime
_except_handler3

Sections

.text
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.WYCao
Size: 6KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55bba954f7a1dd399d85e79b38e0279d

Headers

File Characteristics

Imports

imagehlp

odbc32

sqlunirl

atl

version

kernel32

user32

advapi32

ole32

oleaut32

msvcrt

Sections

.text Size: 96KB - Virtual size: 93KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 16KB - Virtual size: 19KB

.WYCao Size: 6KB - Virtual size: 20KB

.text
Size: 96KB - Virtual size: 93KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 16KB - Virtual size: 19KB

.WYCao
Size: 6KB - Virtual size: 20KB