11c5ec529fecfb657bca96eab236d816_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

11c5ec529fecfb657bca96eab236d816_JaffaCakes118
Size

531KB
MD5

11c5ec529fecfb657bca96eab236d816
SHA1

febeddde24a8f24aa8a546f23bf1c2ca59c8d3bc
SHA256

1d0939991d948c774901f15449f912fce96006aa3f7be85e9d96d77220d59683
SHA512

be8159f9422c0b2962104934d27b2770591cf309a42e662fe2657d01e61c0985cf05bbdbb1ebf5988ffe28d0d64bed228bbc8ffaef6a7579ddff050a3491cf94
SSDEEP

12288:qAInROTUpOeMeFelJAr8IwKZTtWze3wDEeE9:jUpfq2wISeR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11c5ec529fecfb657bca96eab236d816_JaffaCakes118

Files

11c5ec529fecfb657bca96eab236d816_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9036a08a0a6af4467dc95d0c4c492537

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

SQLAGENT.pdb

Imports

msvcr80

_controlfp_s
_invoke_watson
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__winitenv
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_callnewh
wcsncmp
??_V@YAXPAX@Z
??3@YAXPAX@Z
_vsnwprintf_l
_wcsupr_l
_itow
_wcsnicmp_l
_wcsupr_s
memmove
_errno
_wfopen
ftell
fputc
fseek
fgetc
printf
_ltow
memset
wcslen
wcsncat_s
wcsrchr
_wsystem
_wcsupr
wcscmp
_wtol
_wsplitpath_s
_wmakepath_s
_resetstkoflw
_beginthreadex
_wcsicmp
_wcslwr
_msize
malloc
realloc
free
fflush
fwprintf
fprintf
_vsnprintf
_vsnwprintf
memcmp
_purecall
_endthreadex
labs
memcpy
wcsncpy_s
atof
wcsstr
__CxxFrameHandler3
abs
wcschr
fclose
_wrename
_wcsrev
wprintf

advapi32

GetSecurityInfo
OpenThreadToken
OpenProcessToken
GetTokenInformation
EqualSid
AllocateAndInitializeSid
FreeSid
RegConnectRegistryW
RegOpenKeyExW
LogonUserW
DuplicateTokenEx
OpenSCManagerW
EnumServicesStatusW
CloseServiceHandle
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
RegSetValueExW
RegQueryValueExW
RegCloseKey
CryptDecrypt
CryptReleaseContext
CryptDestroyKey
CryptAcquireContextW
CryptGenKey
CryptExportKey
OpenEventLogW
NotifyChangeEventLog
RegisterEventSourceW
ReportEventW
GetOldestEventLogRecord
GetNumberOfEventLogRecords
CloseEventLog
DeregisterEventSource
ReadEventLogW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CryptImportKey

kernel32

GetConsoleOutputCP
SystemTimeToFileTime
GetCurrentThread
FindNextFileW
GetCurrentThreadId
DuplicateHandle
ReleaseSemaphore
GetStartupInfoW
CreateFileMappingW
OpenFileMappingW
UnmapViewOfFile
GetLocalTime
FormatMessageW
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
InterlockedDecrement
WriteConsoleInputW
GetDateFormatW
GetTimeFormatW
WideCharToMultiByte
SetLastError
LocalFree
ResetEvent
GetTickCount
CreateFileMappingA
MapViewOfFile
WriteFile
GetExitCodeProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
UnhandledExceptionFilter
InterlockedExchange
InterlockedCompareExchange
MultiByteToWideChar
GetFileType
SetProcessWorkingSetSize
GetSystemDefaultLangID
ReleaseMutex
CreateMutexW
OpenMutexW
GetSystemDefaultLCID
CreateProcessW
lstrcatW
lstrcpyW
SetEnvironmentVariableW
GetEnvironmentVariableW
CompareStringW
HeapAlloc
HeapFree
HeapReAlloc
GetProcessHeap
lstrlenW
LoadLibraryA
RaiseException
VirtualFree
HeapCreate
VirtualQuery
ReadProcessMemory
SetHandleInformation
GetThreadPriority
InterlockedIncrement
Sleep
GetUserDefaultLCID
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WaitForSingleObject
GetLastError
GetModuleFileNameW
SetProcessShutdownParameters
AllocConsole
GetProcAddress
GetSystemInfo
SetConsoleCtrlHandler
InitializeCriticalSection
GetComputerNameW
SetUnhandledExceptionFilter
GetModuleHandleW
LoadLibraryW
GetSystemDirectoryW
TerminateProcess
GetCurrentProcess
FlushFileBuffers
CloseHandle
SetEvent
DebugBreak
SetConsoleTitleW
CreateSemaphoreW
CreateEventW
SetErrorMode
OpenEventW
GetCurrentProcessId
GetVersionExW
GlobalMemoryStatus
SetThreadPriority
ExitProcess
ReadConsoleInputW
FlushConsoleInputBuffer
GetStdHandle
ReadFile
CreateFileW
FindClose
DeleteFileW
FindFirstFileW

user32

MessageBoxW
LoadStringW

ws2_32

WSACleanup
gethostbyname
WSAStartup
WSAGetLastError

secur32

GetUserNameExW

odbc32

ord72
ord16

sqlresourceloader

_LoadResourceLibraryWithName@8
_LoadResourceLibrary@4
_FreeResourceLibrary@4

sqlsvc

QSQLColumnType
QNetPing
QScheduleTimeModify
QScheduleConvertValToTimeStruct
QSQLConvertLength
SHRecMemInsert
QScheduleCalcNextOccurrence
QSQLLogonExWithErrorHandling
QSQLColumnName
QSQLRowsAffected
QSQLColumns
QSQLRowType
QSQLSetProperty
QSQLExecDirectAsync
QSQLNextRowAsync
QSQLMoreResultsAsync
QSQLCancelQuery
QSQLColumnData
QScheduleSecToHourFormat
QSQLPurgeResults
QSQLGetUserData
QSQLSetUserData
QSQLCancel
QSQLIsConnDead
QSQLResults
QSQLNextRow
QSQLLogonEx
SQLSCMControl
SQLSCMGetServiceState
QSQLExecDirect
QSQLBind
QScheduleConvertValToDateStruct
SQLSvcExit
SHRecMemInit
SQLSvcInit
QScheduleGetCurDateTime
QScheduleConvertTimeStructToVal
QScheduleGetTimeDelta
QScheduleConvertDateToString
QScheduleConvertTimeToString
SHMemCleanUp
SHMemFreeFromHeapWithInfo
SHMemReAllocFromHeapWithInfo
SHRecMemBSLocate
SHMemAllocFromHeapWithInfo
SHRecMemBSInsert
SHMemInit
SHRecMemAdd
SHRecMemLock
SHRecMemDelete
QSQLLogoff
QSQLGetProperty
CreateCrossServiceSA
SHRecMemFree
FreeCrossServiceSA
QSQLPurgeExec

semmap

SFMapi1Logoff
SFMapi1ResolveName
SFMapi1GetNumProfiles
SFMapi1GetProfiles
SFMapi0GetProfiles
SFMapi1TestProfile
SFMapi0TestProfile
SFMapi1SendMail
SFMapi1GetMapiVerInfo
SFMapi1CanUseMAPI
SFMapi1Initialize
SFMapi1Logon
SFMapi1GetLastError
SFMapi1DeInitialize
SFMapi1Version

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString
VariantChangeType

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateInstance

batchparser

?SetRecognizeOnlyVariables@Parser@BatchParser@@QAEX_N@Z
?SetBatchSource@Parser@BatchParser@@QAEXPAUIBatchSource@2@@Z
?SetVariableResolver@Parser@BatchParser@@QAEXPAUIVariableResolver@2@@Z
?SetCommandExecuter@Parser@BatchParser@@QAEXPAUICommandExecuter@2@@Z
?Parse@Parser@BatchParser@@QAE?AVParserState@2@_N@Z
??1Parser@BatchParser@@QAE@XZ
?GetStatus@ParserState@BatchParser@@QBE?AW4Status@12@XZ
?GetInfo@ParserState@BatchParser@@QBEPBGXZ
?GetLine@ParserState@BatchParser@@QBEHXZ
?GetErrorType@ParserState@BatchParser@@QBE?AW4ErrorType@12@XZ
??0Parser@BatchParser@@QAE@XZ

Exports

Exports

DmpGetClientExport
DmpRemoteDumpRequest

Sections

.text
Size: 327KB - Virtual size: 327KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 176KB - Virtual size: 472KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9036a08a0a6af4467dc95d0c4c492537

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr80

advapi32

kernel32

user32

ws2_32

secur32

odbc32

sqlresourceloader

sqlsvc

semmap

oleaut32

ole32

batchparser

Exports

Exports

Sections

.text Size: 327KB - Virtual size: 327KB

.data Size: 6KB - Virtual size: 64KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 18KB - Virtual size: 18KB

.vmp0 Size: 176KB - Virtual size: 472KB

.text
Size: 327KB - Virtual size: 327KB

.data
Size: 6KB - Virtual size: 64KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 18KB - Virtual size: 18KB

.vmp0
Size: 176KB - Virtual size: 472KB