be50583744ce9504c408849cbadf9276_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

be50583744ce9504c408849cbadf9276_JaffaCakes118
Size

42KB
MD5

be50583744ce9504c408849cbadf9276
SHA1

a2ebaea5e1682afbe87bfadcef5c7016c185fed4
SHA256

750a0f7677ddedb1cebb51dbc1cfffa57f136fc862a25099edfd481497316c6a
SHA512

df4ba204b286d5b65389439ca586dedcfce54f12a65004f102a57ee1f0e6de339f9be94ce4b401ae93fe33d5ee188ae20ede283218ce0a514a6c2650fd93451f
SSDEEP

768:Rh2oG8eNiMpc4VmlwgeNX1b/Tm/602r7GKYwfn9aKtsk3snER3UqM8Ux:C1HNvlqwg8b/T6AGKJ9xtsSsnER3Uqz+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be50583744ce9504c408849cbadf9276_JaffaCakes118

Files

be50583744ce9504c408849cbadf9276_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6176e1423f32db43fd3de9f21fffb3f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesExW
GetConsoleCommandHistoryW
WriteProfileSectionW
SetUserGeoID
LoadLibraryA
GetConsoleAliasExesLengthA
_hread
HeapFree
VerSetConditionMask
GetConsoleCP
OpenConsoleW
FindFirstChangeNotificationW
GetDiskFreeSpaceW
GetModuleHandleExA
SetConsoleLocalEUDC
GetShortPathNameA
LZInit
CloseProfileUserMapping
IsValidLanguageGroup
VirtualAlloc
_lwrite
CreateMemoryResourceNotification
HeapAlloc
LocalCompact
WriteProfileStringA
GetConsoleOutputCP
FlushViewOfFile
SetProcessAffinityMask
GetModuleHandleA
SwitchToFiber
GetStartupInfoA
EnumDateFormatsExA

query

?GetGlobalStaticPropertyList@@YGPAVCStaticPropertyList@@XZ
??1CRestriction@@QAE@XZ
??0CDbColId@@QAE@ABV0@@Z
?Add@CDbSortSet@@QAEHABVCDbColId@@KI@Z
?SetUI4@CStorageVariant@@QAEXKI@Z
?VT_VARIANT_GT@@YGHABUtagPROPVARIANT@@0@Z
?SetSortProp@CCatState@@QAEXPBGW4SORTDIR@@I@Z
??0CSvcQuery@@QAE@PBGPAUIDBProperties@@@Z
??0CLocalGlobalPropertyList@@QAE@K@Z
?NotifyWriteRead@CRequestClient@@QAEHPAX0K0KAAK@Z
?Copy@CDbParameter@@QAEHABUtagDBPARAMETER@@@Z
?SetBSTR@CStorageVariant@@QAEXPAGI@Z
??1CNodeRestriction@@QAE@XZ
?ReportEventW@CEventLog@@QAEXAAVCEventItem@@@Z
??0CStandardPropMapper@@QAE@XZ
?BorrowNewBuffer@CPhysStorage@@QAEPAKK@Z
?Release@CEnumString@@UAGKXZ
?CIShutdown@@YGXXZ
?EnumVServers@CMetaDataMgr@@QAEXAAVCMetaDataVirtualServerCallBack@@@Z
?SkipLong@CMemDeSerStream@@UAEXXZ
?ReadProperty@CPropertyStore@@QAEHAAVCPropRecordNoLock@@KPAUtagPROPVARIANT@@PAI@Z
?Marshall@CDbParameter@@QBEXAAVPSerStream@@@Z
??0CFullPropSpec@@QAE@ABV0@@Z
??0CDbColId@@QAE@ABU_GUID@@PBG@Z
?GetLPWSTR@CAllocStorageVariant@@QBEPAGI@Z
?AddScope@CCatalogAdmin@@QAEXPBG0H00@Z

msvcrt40

??_Eifstream@@UAEPAXI@Z
_wcsrev
?width@ios@@QAEHH@Z
?rdbuf@ifstream@@QBEPAVfilebuf@@XZ
??0istream@@IAE@XZ
?flush@@YAAAVostream@@AAV1@@Z
_heapchk
_chdrive
wcstok
pow
?sh_read@filebuf@@2HB
?attach@ofstream@@QAEXH@Z
_mbsninc
??_Dostrstream@@QAEXXZ
?floatfield@ios@@2JB
??0logic_error@@QAE@ABV0@@Z
is_wctype
_acmdln
??0stdiobuf@@QAE@PAU_iobuf@@@Z
_initterm
_execlpe
_wfsopen

ntdll

RtlCompareUnicodeString
ZwAccessCheckByTypeResultList
RtlFormatCurrentUserKeyPath
CsrCaptureMessageBuffer
vDbgPrintEx
RtlDeleteTimer
RtlpNotOwnerCriticalSection
RtlActivateActivationContext
RtlLogStackBackTrace
ZwOpenEventPair
RtlDeNormalizeProcessParams
RtlInitializeCriticalSectionAndSpinCount
ZwSetLdtEntries
atol
RtlVerifyVersionInfo
RtlDumpResource
RtlCopyString
RtlNumberOfSetBits
ZwCompactKeys
__toascii

acledit

SedTakeOwnership
EditAuditInfo
SedSystemAclEditor
EditPermissionInfo
EditOwnerInfo
FMExtensionProcW
SedDiscretionaryAclEditor
DllMain

msi

MsiInstallMissingComponentW
MsiSetMode
MsiNotifySidChangeA
MsiGetTargetPathW
MsiInstallMissingComponentA
MsiViewGetColumnInfo
MsiConfigureProductExW
MsiGetUserInfoA
MsiGetPatchInfoW
MsiSummaryInfoSetPropertyW
MsiEnumPatchesW
MsiDatabaseApplyTransformA
MsiGetLastErrorRecord
MsiDatabaseMergeA
MsiConfigureFeatureW
MsiAdvertiseScriptA
MsiGetSourcePathA
MsiDatabaseApplyTransformW
MsiConfigureProductA
MsiSetExternalUIA

rpcrt4

NdrTypeSize
RpcErrorSaveErrorInfo
RpcBindingInqAuthClientExA
RpcSmSetClientAllocFree
NdrProxyFreeBuffer
CStdStubBuffer_DebugServerQueryInterface
RpcSsGetThreadHandle
NdrDllUnregisterProxy
NDRSContextUnmarshall
tree_size_ndr
NdrComplexArrayBufferSize
I_RpcParseSecurity
NdrUserMarshalBufferSize
I_RpcBindingInqDynamicEndpoint
DceErrorInqTextA
NdrpGetTypeFormatString
NdrVaryingArrayMemorySize
RpcServerUseProtseqIfA
NdrComplexStructFree
RpcSmSwapClientAllocFree
I_RpcServerInqAddressChangeFn
I_RpcReceive

Sections

.text
Size: 1024B - Virtual size: 790B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6176e1423f32db43fd3de9f21fffb3f1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

query

msvcrt40

ntdll

acledit

msi

rpcrt4

Sections

.text Size: 1024B - Virtual size: 790B

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 15KB - Virtual size: 97KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 512B - Virtual size: 68B

.text
Size: 1024B - Virtual size: 790B

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 15KB - Virtual size: 97KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 512B - Virtual size: 68B