03b1cee6ea3c5c4c1699c32688c008aa_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

03b1cee6ea3c5c4c1699c32688c008aa_JaffaCakes118
Size

1.5MB
MD5

03b1cee6ea3c5c4c1699c32688c008aa
SHA1

5d926326488557731673795317d20010859dd37e
SHA256

6f8d3beac3f5cef72a9bbcca590e450221c117b0aab3ad1432ba63d356c7e118
SHA512

a2fbe877553b7420e8805ee9f5caf0e56e5cc1a721de79d53698d779eb4e92c811851a6b14ece233a08a46bf61f3c6d07d52789be8ed8fb098bb050c41d23196
SSDEEP

49152:ysSCbO3SyoGxxSvEBPA1nzB458K8kLTFPm:yXCa3SyoGxxSyzlLRe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/DSQLTools.exe

Files

03b1cee6ea3c5c4c1699c32688c008aa_JaffaCakes118
.zip
D99.mdb
DSQLTools.exe
.exe windows:4 windows x86 arch:x86

9dde4dfcd1bab35f4f8901ac8215bb58

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AddVectoredExceptionHandler
VirtualProtect
IsBadReadPtr
GetModuleHandleExA
FlushInstructionCache
WriteProcessMemory
GetCurrentProcess
Thread32Next
CloseHandle
SetThreadContext
GetThreadContext
OpenThread
GetCurrentProcessId
Thread32First
CreateToolhelp32Snapshot
ExitThread
GetModuleHandleA
WaitForSingleObject
Sleep
GetExitCodeProcess
VirtualFree
HeapAlloc
GetProcessHeap
VirtualAlloc
SizeofResource
LockResource
LoadResource
FindResourceA
GetCommandLineW
GetCommandLineA
GetModuleFileNameA
GetProcAddress
LoadLibraryA
HeapFree
FreeLibrary
ReadProcessMemory
CreateProcessA
VirtualQuery
GetSystemInfo
CreateThread
TerminateProcess
ResumeThread
VirtualProtectEx
GetCurrentDirectoryA
SetCurrentDirectoryA
ReadFile
GetFileSize
SetFilePointer
CreateFileA
EnterCriticalSection
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
RtlUnwind
HeapReAlloc
GetLastError
GetCurrentThreadId
TlsSetValue
TlsGetValue
GetStartupInfoA
GetVersion
ExitProcess
HeapSize
TlsAlloc
SetLastError
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
WriteConsoleA
IsBadWritePtr
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
WriteFile
SetUnhandledExceptionFilter
IsBadCodePtr
GetCPInfo
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetACP
GetOEMCP
SetStdHandle
GetStringTypeA
GetStringTypeW
FlushFileBuffers

ws2_32

send

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9dde4dfcd1bab35f4f8901ac8215bb58

Headers

File Characteristics

Imports

kernel32

ws2_32

Sections

.text Size: 56KB - Virtual size: 53KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 20KB

.tls Size: 4KB - Virtual size: 1KB

.rsrc Size: 2.7MB - Virtual size: 2.7MB

.text
Size: 56KB - Virtual size: 53KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 20KB

.tls
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 2.7MB - Virtual size: 2.7MB