17ff313482d51d03823b5064313af02f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

17ff313482d51d03823b5064313af02f_JaffaCakes118
Size

44KB
MD5

17ff313482d51d03823b5064313af02f
SHA1

3af1f6fd4f2dc81d835abaa7c16502266fa37471
SHA256

bac292a6e7ef92a2c6376f7187456c29d80b57d12ceb860fa1356d9a3d423165
SHA512

d0526eb6a1eea4e25430589d7fd1491b3fd8360f2467745604ff1cd37c2f05ff34fb182a6a5ca1e17873a253bfbb4764d6e64307091aebe5c812f286a51af965
SSDEEP

768:pnEezNsnjBl+xPuEOtPRfH/njBuPF+cuLqY9sP/q075CdOWPOfWN:denyuEKPRfH/0F1uLbS3p75CdOWPOfW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17ff313482d51d03823b5064313af02f_JaffaCakes118

Files

17ff313482d51d03823b5064313af02f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

384d61495428e5ec8c323607dfff3695

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFirmwareEnvironmentVariableW
WriteFile
FindNextVolumeW
Process32NextW
SetMailslotInfo
AllocConsole
ClearCommBreak
FlushInstructionCache
RegisterConsoleIME
SetComputerNameExA
EnterCriticalSection
HeapSummary
WriteConsoleOutputCharacterA
CreateIoCompletionPort
SetConsoleNlsMode
FindResourceExA
UnregisterWaitEx
LoadLibraryA
DeleteCriticalSection
Heap32ListNext
_lcreat
DebugSetProcessKillOnExit
LocalFlags
GetConsoleProcessList
GetStdHandle
Module32First
LeaveCriticalSection
DeviceIoControl
GetAtomNameW
SetLocalPrimaryComputerNameA
GetConsoleInputExeNameA
LoadResource
GetCPInfoExA
VirtualAlloc
DosPathToSessionPathW
SleepEx
CallNamedPipeW
SetLocaleInfoW
GlobalAddAtomW
FindFirstFileA
FindFirstChangeNotificationW
WaitForMultipleObjectsEx
GetPrivateProfileSectionNamesA
CreateFileMappingW
FreeResource
WriteProfileSectionW
lstrcmpW
RtlFillMemory

odbc32

SQLDriversW
SQLProcedures
SQLSetCursorNameA
SQLForeignKeys
SQLSetDescFieldA
SQLErrorW
SQLProcedureColumnsA
SQLGetCursorNameW
SQLCopyDesc
SQLGetStmtOption
SQLDataSourcesW
SQLForeignKeysW
SQLFetchScroll
SQLExecDirectW
SQLDrivers
SQLDriverConnectA
SQLNativeSql
SQLGetDiagField
SQLTransact
SQLStatistics
SQLGetConnectAttrA
SQLProceduresA
ODBCInternalConnectW
SQLGetCursorName
SQLTablePrivileges
SQLColumnPrivilegesW
SQLAllocStmt
SQLGetStmtAttrA
SQLGetDiagRecA
SQLGetConnectOptionW
SQLBindParam
SQLCancel
ODBCSetTryWaitValue
SQLGetInfoW

mprddm

DDMAdminPortReset
RasAcctProviderStartAccounting
DDMAdminInterfaceDisconnect
DDMAdminPortEnum
IfObjectInitiatePersistentConnections
RasAcctConfigChangeNotification
DDMAdminConnectionClearStats
DDMServiceInitialize
DDMTransportCreate
DDMConnectInterface
DDMAdminConnectionEnum
RasAuthProviderAuthenticateUser
IfObjectLoadPhonebookInfo
DDMServicePostListens
RasAcctProviderStopAccounting
DDMAdminServerGetInfo
DDMAdminPortDisconnect
DDMAdminInterfaceConnect
RasAuthProviderFreeAttributes
RasAcctProviderTerminate
RasAuthProviderInitialize
DDMAdminPortGetInfo
DDMDisconnectInterface
DDMRegisterConnectionNotification
RasAuthConfigChangeNotification
RasAcctProviderInterimAccounting
DDMAdminPortClearStats
DDMSendUserMessage
RasAcctProviderInitialize

crtdll

_spawnve
fputwc
_sys_errlist
_open_osfhandle
_fgetchar
_mbsnicmp
_acmdln_dll
_itow
_basemajor_dll
_mbsnbcmp
printf
_local_unwind2
__doserrno
_mbsnextc
_wcsupr
_heapmin
atof
_fsopen
_splitpath
modf
_fileno
_dup2
_abnormal_termination
_getch
_baseminor_dll
_wcslwr
_ismbbalnum
bsearch
vprintf
fscanf
_controlfp
strtol
strncpy
??3@YAXPAX@Z
_heapset
rand
strcmp
_wcsdup
_mbclen
fseek
_mbsninc
time

opengl32

glColor3fv
glTexCoord4f
glNormal3sv
glIsEnabled
wglGetCurrentContext
glEvalCoord1fv
glEvalCoord1dv
glColor4i
glPushAttrib
glCopyTexImage1D
glIndexf
glRasterPos4d
glVertex2fv
glColor3b
glFogiv
glFogfv
glPolygonMode
glLightModelfv
glVertex4fv
glVertex2dv
glIndexPointer
glCullFace
glTexSubImage2D
glTexGend
glVertex4s
glClearStencil
glEndList
glTexCoord3f
glRotated
glTexCoord2fv

setupapi

SetupInitializeFileLogW
CM_Get_DevNode_Custom_Property_ExA
SetupIterateCabinetW
pSetupInstallCatalog
SetupDiGetCustomDevicePropertyA
SetupGetFieldCount
SetupDiEnumDriverInfoW
CM_Register_Device_Interface_ExW
SetupDiClassNameFromGuidExW
CM_Add_Res_Des_Ex
SetupRemoveFromDiskSpaceListW
CM_Query_Arbitrator_Free_Data
SetupGetBinaryField
CM_Register_Device_Interface_ExA
CM_Setup_DevNode_Ex
SetupAddInstallSectionToDiskSpaceListA
CM_Get_Device_ID_List_ExW
pSetupConcatenatePaths
pSetupVerifyCatalogFile
pSetupStringTableEnum
CM_Set_DevNode_Problem_Ex
CM_Get_Next_Res_Des_Ex
CM_Get_HW_Prof_FlagsA
SetupDiSetSelectedDriverA
SetupDiGetDriverInstallParamsA
SetupDiDestroyDriverInfoList
SetupDiSetDriverInstallParamsA
pSetupGetGlobalFlags
SetupDiClassNameFromGuidExA
SetupDiEnumDeviceInterfaces
pSetupMakeSurePathExists
CM_Get_HW_Prof_Flags_ExA
CM_Delete_Class_Key_Ex
CM_Move_DevNode_Ex
CM_Get_Device_IDA
CM_Delete_DevNode_Key_Ex
CM_Get_Next_Log_Conf
SetupDiGetHwProfileListExW
CM_Disable_DevNode_Ex
CM_Free_Res_Des
SetupSetSourceListW

rasman

RasGetUserCredentials
RasRPCBind
RasRpcRemoteRasDeleteEntry
RasPortFree
RasRpcDeleteEntry
RasSecurityDialogReceive
RasRegisterPnPEvent
RasDeviceConnect
RasPortEnum
RasPortReceiveEx
RasGetInfo
RasProtocolEnum
RasPortClearStatistics
RasPortSetFraming
RasCompressionGetInfo
RasRpcRemoteGetUserPreferences
RasSetCommSettings
RasRpcDisconnectServer
RasRpcGetSystemDirectory
RasFindPrerequisiteEntry
RasGetPortUserData
RasGetDevConfig
RasRpcDeviceEnum
RasPortStoreUserData
RasCreateConnection
RasPortOpenEx
RasRpcSetUserPreferences
RasGetHConnFromEntry
RasStartRasAutoIfRequired
RasRpcGetErrorString
RasPortListen
RasRegisterRedialCallback
RasReferenceCustomCount
RasLinkGetStatistics

msvcrt40

fgetc
_wfdopen
_wspawnlpe
?sh_none@filebuf@@2HB
_heapmin
_adj_fpatan
?get@istream@@QAEAAV1@AAE@Z
?basefield@ios@@2JB
?_query_new_mode@@YAHXZ
_findnext
_waccess
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
__iscsymf
?fd@filebuf@@QBEHXZ
_mbslwr
??0strstreambuf@@QAE@XZ
_mbsicoll
??8type_info@@QBEHABV0@@Z
??7ios@@QBEHXZ
__set_app_type
??0strstream@@QAE@XZ
_wcsrev
_rotr
?setlock@ios@@QAAXXZ
??0ifstream@@QAE@XZ
?put@ostream@@QAEAAV1@D@Z
gmtime
_CIcos
_fcloseall
localeconv
?putback@istream@@QAEAAV1@D@Z
??0__non_rtti_object@@QAE@ABV0@@Z
??6ostream@@QAEAAV0@F@Z
getwchar
?seekg@istream@@QAEAAV1@JW4seek_dir@ios@@@Z
??6ostream@@QAEAAV0@G@Z

msvcrt

exit

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

384d61495428e5ec8c323607dfff3695

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

odbc32

mprddm

crtdll

opengl32

setupapi

rasman

msvcrt40

msvcrt

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 10KB - Virtual size: 68KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 976B

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 10KB - Virtual size: 68KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 976B