adac278b15a792788fc99775dfcc4338_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

adac278b15a792788fc99775dfcc4338_JaffaCakes118
Size

3.8MB
MD5

adac278b15a792788fc99775dfcc4338
SHA1

2879ef549ce57de831bc3c8261c33a2c5419ec64
SHA256

78655eb4c4be9c565fe46efcd3b6444233fdbc902afd227d93b8be95efed1ab1
SHA512

cbc538a7c050722802302ca9988213948517acdb5ebac857a782508bf2cd785a36fdbbb0bb5217cadf7abbd5d2516a4d83d5c915f9ee49bc41a07d0162234c9c
SSDEEP

24576:UUuI2/IQwUE8bjxoEppGNVsZlRDFK9TIkRNGa8dEavfUi8KxfkkfIm6:CrwXgjSEl7RaTxRJ8dEaXUFYf1Ip

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
adac278b15a792788fc99775dfcc4338_JaffaCakes118

Files

adac278b15a792788fc99775dfcc4338_JaffaCakes118
.dll windows:5 windows x86 arch:x86

d553f195315fa87f677199f1c563c047

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\pb2\build\sb_0-3198286-1302526020.59\release\libmysql\RelWithDebInfo\libmysql.pdb

Imports

kernel32

TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
GetCurrentThread
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
WriteFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize
GetLocaleInfoW
TlsSetValue
CompareStringA
CompareStringW
SetEnvironmentVariableA
CloseHandle
SetNamedPipeHandleState
WaitNamedPipeA
CreateFileA
WaitForSingleObject
SetEvent
MapViewOfFile
OpenFileMappingA
UnmapViewOfFile
OpenEventA
GetConsoleCP
FormatMessageA
LoadLibraryExA
InitializeCriticalSection
CreateEventA
GetOverlappedResult
CancelIo
ReadFile
PeekNamedPipe
DisconnectNamedPipe
WaitForMultipleObjects
GetSystemDirectoryA
GetModuleHandleA
GetWindowsDirectoryA
QueryPerformanceFrequency
GetFileAttributesA
GetFullPathNameA
ResetEvent
SetFilePointerEx
SetEndOfFile
GetFileSizeEx
DuplicateHandle
GetFileAttributesExA
FlushFileBuffers
TryEnterCriticalSection
OpenThread
TerminateThread
InterlockedCompareExchange
FindClose
FindNextFileA
FindFirstFileA
SetStdHandle
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
GetDriveTypeA
ExitThread
CreateThread
WriteConsoleW
GetModuleFileNameW
GetConsoleMode
GetCurrentDirectoryA
SetCurrentDirectoryA
SetFilePointer
LoadLibraryW
RaiseException
WriteConsoleA
GetConsoleOutputCP
GetProcessHeap
TlsAlloc
TlsGetValue
GetProcAddress
GetModuleHandleW
GetCommandLineA
GetTimeZoneInformation
GetCurrentThreadId
SetEnvironmentVariableW

advapi32

CryptReleaseContext
CryptAcquireContextA
RegOpenKeyExA
RegEnumValueA
RegCloseKey
CryptGenRandom

ws2_32

getservbyname
connect
getsockname
freeaddrinfo
closesocket
WSAGetLastError
socket
getaddrinfo
__WSAFDIsSet
select
ioctlsocket
recv
send
setsockopt
shutdown
getnameinfo
getpeername
htonl
WSACleanup
WSAStartup
WSASetLastError
ntohs

Exports

Exports

load_defaults
myodbc_remove_escape
mysql_affected_rows
mysql_autocommit
mysql_change_user
mysql_character_set_name
mysql_close
mysql_commit
mysql_data_seek
mysql_debug
mysql_dump_debug_info
mysql_embedded
mysql_eof
mysql_errno
mysql_error
mysql_escape_string
mysql_fetch_field
mysql_fetch_field_direct
mysql_fetch_fields
mysql_fetch_lengths
mysql_fetch_row
mysql_field_count
mysql_field_seek
mysql_field_tell
mysql_free_result
mysql_get_character_set_info
mysql_get_client_info
mysql_get_client_version
mysql_get_host_info
mysql_get_proto_info
mysql_get_server_info
mysql_get_server_version
mysql_get_ssl_cipher
mysql_hex_string
mysql_info
mysql_init
mysql_insert_id
mysql_kill
mysql_list_dbs
mysql_list_fields
mysql_list_processes
mysql_list_tables
mysql_more_results
mysql_next_result
mysql_num_fields
mysql_num_rows
mysql_options
mysql_ping
mysql_query
mysql_read_query_result
mysql_real_connect
mysql_real_escape_string
mysql_real_query
mysql_refresh
mysql_rollback
mysql_row_seek
mysql_row_tell
mysql_select_db
mysql_send_query
mysql_server_end
mysql_server_init
mysql_set_character_set
mysql_set_local_infile_default
mysql_set_local_infile_handler
mysql_set_server_option
mysql_shutdown
mysql_sqlstate
mysql_ssl_set
mysql_stat
mysql_stmt_affected_rows
mysql_stmt_attr_get
mysql_stmt_attr_set
mysql_stmt_bind_param
mysql_stmt_bind_result
mysql_stmt_close
mysql_stmt_data_seek
mysql_stmt_errno
mysql_stmt_error
mysql_stmt_execute
mysql_stmt_fetch
mysql_stmt_fetch_column
mysql_stmt_field_count
mysql_stmt_free_result
mysql_stmt_init
mysql_stmt_insert_id
mysql_stmt_next_result
mysql_stmt_num_rows
mysql_stmt_param_count
mysql_stmt_param_metadata
mysql_stmt_prepare
mysql_stmt_reset
mysql_stmt_result_metadata
mysql_stmt_row_seek
mysql_stmt_row_tell
mysql_stmt_send_long_data
mysql_stmt_sqlstate
mysql_stmt_store_result
mysql_store_result
mysql_thread_end
mysql_thread_id
mysql_thread_init
mysql_thread_safe
mysql_use_result
mysql_warning_count

Sections

.text
Size: 745KB - Virtual size: 745KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.9MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d553f195315fa87f677199f1c563c047

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 745KB - Virtual size: 745KB

.rdata Size: 117KB - Virtual size: 116KB

.data Size: 2.9MB - Virtual size: 3.3MB

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 1024B - Virtual size: 836B

.reloc Size: 39KB - Virtual size: 38KB

.text
Size: 745KB - Virtual size: 745KB

.rdata
Size: 117KB - Virtual size: 116KB

.data
Size: 2.9MB - Virtual size: 3.3MB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1024B - Virtual size: 836B

.reloc
Size: 39KB - Virtual size: 38KB