0207e291516c177da6e2306a5cf4bc85_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0207e291516c177da6e2306a5cf4bc85_JaffaCakes118
Size

60KB
MD5

0207e291516c177da6e2306a5cf4bc85
SHA1

4136bf0d3c2c1d3d52aa1cd42f062c5592631cbb
SHA256

f857adcf5ccc448b7a19324ccbec83b72dc31ba5470ee6dd46d408e05fc5cd36
SHA512

f2270aa746e883af85af54573f11b802624021f344ee3717fce0f610461352ab3bd7d273b064ffbda887f56a53c6f84251002e3d9e2a303a1da962563c0b1745
SSDEEP

1536:aSE1rT/uVRVDUp0gTBYggdNJjpej2u2+B19h:aSCzuV7Qy2BYvdNGj24

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0207e291516c177da6e2306a5cf4bc85_JaffaCakes118

Files

0207e291516c177da6e2306a5cf4bc85_JaffaCakes118
.exe windows:5 windows x86 arch:x86

68a2078c7ce57b48052da89a187c04dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sqlunirl

_CreateMailslot_@16
_ExtractIcon_@12
_WritePrivateProfileStruct_@20
_CallMsgFilter_@8
_VerQueryValue_@16
newMultiByteFromWideCharSize
_SearchPath_@24
_GetMetaFile_@4
_PeekMessage@20
_SetWindowText@8
_RegDeleteKey_@8
_DialogBoxIndirectParam_@20
_DlgDirListComboBox_@20
_SendMessage@16
_RegDeleteValue_@8
_CharToOem_@8
_PageSetupDlg_@4
_IsCharUpper_@4
_BackupEventLog_@8
__lopen_@8

kernel32

CreateTimerQueueTimer
QueryPerformanceCounter
GetVolumePathNameW
GetCurrentProcessId
CreateMutexA
Sleep
EnumResourceLanguagesA
SetFilePointer
SetStdHandle
GetModuleHandleW
AssignProcessToJobObject
GetTickCount
FreeEnvironmentStringsA
RtlCaptureStackBackTrace
ConnectNamedPipe
ResumeThread
EnumResourceTypesW
GetCalendarInfoA
SetMailslotInfo
GetProcAddress
LoadLibraryW
SetThreadPriority
GetCurrentThreadId
GetFileType
lstrlen
SetErrorMode
GetStartupInfoW
VirtualAlloc
GetConsoleKeyboardLayoutNameW
DnsHostnameToComputerNameW
PrivCopyFileExW
EnumerateLocalComputerNamesA
LoadLibraryA
RegisterWowBaseHandlers
CreateIoCompletionPort

msvcrt

_winminor
_mbsnbicmp
??3@YAXPAX@Z
_searchenv
_mbsbtype
_ismbclegal
_mbslwr
_lseeki64
??1bad_typeid@@UAE@XZ
_mbcasemap
wcsrchr
_gcvt
_amsg_exit
_Gettnames
_logb
_heapchk
_safe_fprem
_wfindfirst
wprintf
_c_exit
putwchar
_wspawnl
_getche
_wcsset
__RTtypeid

user32

PostQuitMessage
RegisterClassA
DefWindowProcA

msvcrt40

_cwait
??_8istrstream@@7B@
??4strstream@@QAEAAV0@AAV0@@Z
_cputs
_fputchar
?sgetn@streambuf@@QAEHPADH@Z
_ismbclower
_kbhit
_getdllprocaddr
_unloaddll
?x_statebuf@ios@@0PAJA
?get@istream@@QAEAAV1@AAVstreambuf@@D@Z
?tie@ios@@QAEPAVostream@@PAV2@@Z
_getw
getwc
?osfx@ostream@@QAEXXZ
??0ostream@@IAE@XZ
_mbstok
??4ios@@IAEAAV0@ABV0@@Z
??1filebuf@@UAE@XZ
_ismbckata
?unexpected@@YAXXZ
cos
??0__non_rtti_object@@QAE@PBD@Z

wintrust

TrustIsCertificateSelfSigned
CryptSIPGetInfo
CryptCATAdminAcquireContext
SoftpubInitialize
AddPersonalTrustDBPages
CryptCATCDFEnumMembers
WVTAsn1SpcStatementTypeDecode
WVTAsn1SpcSigInfoDecode
SoftpubDefCertInit
CryptSIPRemoveSignedDataMsg
WintrustSetRegPolicyFlags
WTHelperCertIsSelfSigned
DriverCleanupPolicy
CryptCATAdminPauseServiceForBackup
WintrustGetRegPolicyFlags
WVTAsn1CatNameValueEncode
CryptCATAdminRemoveCatalog
WVTAsn1CatMemberInfoEncode
WintrustAddDefaultForUsage
CryptCATPutAttrInfo
CryptCATPutCatAttrInfo
MsCatFreeHashTag
SoftpubAuthenticode
WVTAsn1SpcLinkEncode
WTHelperGetProvPrivateDataFromChain
WTHelperOpenKnownStores
SoftpubFreeDefUsageCallData
WTHelperGetAgencyInfo
CryptCATAdminEnumCatalogFromHash

efsadu

EfsDetail

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

68a2078c7ce57b48052da89a187c04dd

Headers

DLL Characteristics

File Characteristics

Imports

sqlunirl

kernel32

msvcrt

user32

msvcrt40

wintrust

efsadu

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 14KB - Virtual size: 75KB

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: 512B - Virtual size: 308B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 14KB - Virtual size: 75KB

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 512B - Virtual size: 308B