f8896115ccea2c241007093cae69c47b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f8896115ccea2c241007093cae69c47b_JaffaCakes118
Size

869KB
MD5

f8896115ccea2c241007093cae69c47b
SHA1

290d4022481f8972975f1b1cacf5188b282199f3
SHA256

013bfd574f3afc375c330dfa27e782e1564468835efcb4a051b9369e728bc286
SHA512

008b61c03cfe9300061318a953e88e7548838b4d6f3256c12bcffa3b610c6e6efd2a92ec4ee4b7d01f58caeadb61c0a81967df940a644d9f3b23cad4eba8354e
SSDEEP

24576:nqprmjbWAzrob9mzGeRBfvVFNA88OS942QD8Hs:qpajbW3m/B1FNyNU8Hs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f8896115ccea2c241007093cae69c47b_JaffaCakes118

Files

f8896115ccea2c241007093cae69c47b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

90297dac027ab7846b15e86642faed0e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

odbc32

SQLFreeHandle
SQLNativeSqlW
SQLGetStmtAttr
SQLColumnsA
SQLError
SQLTablePrivileges
SQLPrepareW
SQLStatisticsW
SQLAllocStmt
SQLGetData
SQLGetTypeInfo
GetODBCSharedData
SQLGetDescRecA
SQLColumnPrivilegesW
SQLGetConnectOptionA
SQLGetTypeInfoW
CursorLibTransact
PostComponentError
SQLSetConnectAttrA
LockHandle
SQLPutData
SQLProceduresA
SQLBrowseConnect
SQLSpecialColumnsA
SQLBindParam
SQLNativeSql
SQLDriverConnectA
SQLSetDescFieldW
SQLGetDescFieldW
SQLPrimaryKeysW
SQLParamData
SQLCloseCursor
SQLGetInfoA
SQLSpecialColumnsW
ValidateErrorQueue
SQLAllocHandle
SQLAllocConnect
ODBCSetTryWaitValue
SQLForeignKeysA

kernel32

ExpungeConsoleCommandHistoryW
GetHandleInformation
lstrcpyA
LoadLibraryA
SetLastError
SetStdHandle
WaitForDebugEvent
BackupRead
CreateWaitableTimerA
SetComputerNameExW
GetShortPathNameA
CreateProcessInternalA
GetModuleHandleExW
MultiByteToWideChar
SetCommConfig
GetEnvironmentStringsA
SetNamedPipeHandleState
QueueUserWorkItem
IsBadWritePtr
LoadLibraryExA
FindFirstVolumeMountPointA
BaseUpdateAppcompatCache
VirtualAlloc
SetLocalTime
GlobalAlloc
GetSystemDirectoryW
GetCurrentThread
GetProcessPriorityBoost
TerminateThread
GetNumberOfConsoleInputEvents
CompareStringA
GetPrivateProfileIntW
InterlockedIncrement
RequestDeviceWakeup

msorcl32

SQLSetStmtOption
SQLProcedures
LoadByOrdinal
SQLTransact
SQLProcedureColumns
SQLGetTypeInfo
SQLGetStmtOption
SQLSetScrollOptions
SQLRowCount
SQLBindParameter
SQLSetCursorName
SQLCancel
SQLSetConnectOption
SQLColAttributes
SQLStatistics
SQLFetch
SQLGetConnectOption
SQLDriverConnect
SQLAllocEnv
SQLForeignKeys
SQLDisconnect
SQLPrepare
SQLFreeEnv
SQLSetPos
SQLColumns
SQLGetCursorName
SQLGetData
SQLFreeConnect
SQLExecute
SQLParamData
SQLNativeSql
ConfigDSN
SQLError
DllMain
SQLPutData

msvcirt

?in_avail@streambuf@@QBEHXZ
??_7istrstream@@6B@
??0ostrstream@@QAE@XZ
??6ostream@@QAEAAV0@P6AAAVios@@AAV1@@Z@Z
?openprot@filebuf@@2HB
??1logic_error@@UAE@XZ
??_7ios@@6B@
?read@istream@@QAEAAV1@PACH@Z
??4logic_error@@QAEAAV0@ABV0@@Z
?get@istream@@QAEAAV1@AAD@Z
?unbuffered@streambuf@@IBEHXZ
??_7ostream_withassign@@6B@
?close@ifstream@@QAEXXZ
?get@istream@@QAEAAV1@PAEHD@Z
?setb@streambuf@@IAEXPAD0H@Z
?osfx@ostream@@QAEXXZ
?flags@ios@@QBEJXZ
??5istream@@QAEAAV0@AAH@Z
?sputn@streambuf@@QAEHPBDH@Z
??0ios@@IAE@XZ
??6ostream@@QAEAAV0@M@Z
?pbackfail@stdiobuf@@UAEHH@Z
?putback@istream@@QAEAAV1@D@Z
??4ofstream@@QAEAAV0@ABV0@@Z
?is_open@filebuf@@QBEHXZ
??4iostream@@IAEAAV0@AAV0@@Z
?setmode@ifstream@@QAEHH@Z
??4ostream_withassign@@QAEAAVostream@@PAVstreambuf@@@Z
?sputbackc@streambuf@@QAEHD@Z
??4ostrstream@@QAEAAV0@ABV0@@Z
??1istream@@UAE@XZ
?tie@ios@@QAEPAVostream@@PAV2@@Z
??0iostream@@IAE@ABV0@@Z
??0logic_error@@QAE@ABQBD@Z
?dec@@YAAAVios@@AAV1@@Z
??_8iostream@@7Bistream@@@
??6ostream@@QAEAAV0@PBE@Z

ntdll

RtlLocalTimeToSystemTime
RtlTimeToSecondsSince1980
NtSystemDebugControl
RtlpNtCreateKey
RtlCompactHeap
NtAllocateUuids
RtlGetElementGenericTable
RtlFindCharInUnicodeString
ZwReplyPort
ZwMapViewOfSection
RtlDecompressBuffer
LdrFindResource_U
ZwGetContextThread
RtlHashUnicodeString
ZwRestoreKey
_wcsicmp
NtDelayExecution
ZwReleaseMutant
LdrDisableThreadCalloutsForDll
RtlAppendAsciizToString
ZwLoadKey2
NtCreatePort
NtWaitForDebugEvent
ZwQueryIoCompletion
NtOpenEvent
ZwAlertResumeThread
NtQueryBootOptions
RtlIsNameLegalDOS8Dot3
RtlCopyUnicodeString
RtlInitializeContext
NtSetInformationFile
RtlIsTextUnicode
tolower

olecli32

OleLoadFromStream
DibEnumFormat
ErrCopyFromLink
LeObjectConvert
OleLockServer
OleQueryOpen
LeSetBounds
GenSaveToStream
LeSetHostNames
ErrSetUpdateOptions
OleCopyFromLink
DefCreateFromClip
LeCreateInvisible
BmClone
OleRequestData
LeRelease
PbCreate
LeGetData
DibGetData
GenEqual
OleCopyToClipboard
OleEqual
OleUnlockServer
OleQueryReleaseStatus
ObjQueryName
PbQueryBounds
MfRelease
LeDraw
BmDraw
PbCreateFromClip
DefCreateFromTemplate
LeQueryType
DibSaveToStream
OleQueryClientVersion
PbCreateFromTemplate
OleDraw
SrvrWndProc
LeQueryBounds
MfEqual
ErrSetHostNames

rsaenh

CPDuplicateHash
CPEncrypt
CPImportKey
CPExportKey
CPDeriveKey
CPGetUserKey
CPSetKeyParam
CPHashSessionKey
CPDecrypt
CPGenRandom
CPCreateHash
CPGetHashParam
CPGetKeyParam
CPSignHash
CPDestroyKey
CPReleaseContext
CPDestroyHash
CPGetProvParam
CPAcquireContext
CPDuplicateKey
CPHashData
CPSetProvParam
CPGenKey
CPVerifySignature
CPSetHashParam

Sections

.text
Size: 215KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 411KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 240KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90297dac027ab7846b15e86642faed0e

Headers

DLL Characteristics

File Characteristics

Imports

odbc32

kernel32

msorcl32

msvcirt

ntdll

olecli32

rsaenh

Sections

.text Size: 215KB - Virtual size: 216KB

.rdata Size: 411KB - Virtual size: 412KB

.data Size: 512B - Virtual size: 1.7MB

.rsrc Size: 240KB - Virtual size: 244KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 215KB - Virtual size: 216KB

.rdata
Size: 411KB - Virtual size: 412KB

.data
Size: 512B - Virtual size: 1.7MB

.rsrc
Size: 240KB - Virtual size: 244KB

.reloc
Size: 1024B - Virtual size: 4KB