b3e4bd2bcd05db8c128232a481aff949_JaffaCakes118

General

Target

b3e4bd2bcd05db8c128232a481aff949_JaffaCakes118
Size

616KB
MD5

b3e4bd2bcd05db8c128232a481aff949
SHA1

2c66945c28ab6ef8c9317268199685135c9885e8
SHA256

e65895c6b3669b5125b345a8b859e6570f6278e35b8ca9537f5b8f7dc79cdf65
SHA512

7c46dceb71933729d2dceeece0250a150c1770d6ace29e54a5ad8c883ac4be0a158348a87de223fe763a6abae85ffd2addfe89f98926f61b3a196a26dd85acc2
SSDEEP

12288:cRS8/OCFSPrEBFIEdBovlS3Fpj7Y0yx9VrFrY1jnDE:cVXmh9S1pj7fsHFeo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3e4bd2bcd05db8c128232a481aff949_JaffaCakes118

Files

b3e4bd2bcd05db8c128232a481aff949_JaffaCakes118
.exe windows:5 windows x86 arch:x86

de2907b331a341b89915c2d3d5e5b0f2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Imports

rtm

BestMatchInTable

odbc32

SQLGetDescRec
SQLGetDescRecA
SQLGetDescRecW
SQLGetDiagField
SQLGetDiagFieldA
SQLGetDiagFieldW
SQLGetDiagRec
SQLGetDiagRecA
SQLGetDiagRecW
SQLGetEnvAttr
SQLGetFunctions
SQLGetInfo
SQLGetInfoA
SQLGetInfoW
SQLGetStmtAttr
SQLGetStmtAttrA
SQLGetStmtAttrW
SQLGetStmtOption
SQLGetTypeInfo
SQLGetTypeInfoA
SQLGetTypeInfoW
SQLMoreResults
SQLNativeSql
SQLNativeSqlA
SQLNativeSqlW
SQLNumParams
SQLParamData
SQLParamOptions
SQLPrepare
SQLPrepareA
SQLPrepareW

kernel32

ReadFile
GetLastError
GetEnvironmentVariableA
RtlUnwind
GetConsoleDisplayMode
GetConsoleFontInfo
GetConsoleFontSize
SetCommMask
Process32First
GetWriteWatch
CreateFileA

duser

AddGadgetMessageHandler
AttachWndProcA
AttachWndProcW
AutoTrace
DUserBuildGadget
DUserCastClass
DUserCastDirect
DUserCastHandle
DUserDeleteGadget
DUserFindClass
DUserRegisterStub
DUserBuildGadget
DUserCastClass
DUserCastDirect
DUserCastHandle
DUserDeleteGadget
DUserFindClass

dsprop

ErrMsg
ErrMsg
ErrMsg
ErrMsg
ErrMsg
ErrMsg
ErrMsg
ErrMsg
ErrMsg
ErrMsg
ErrMsg
ErrMsg
ErrMsg
ErrMsg
ErrMsg
ErrMsg
ErrMsg
ErrMsg
ErrMsg
ErrMsg
ErrMsg
ErrMsg
ErrMsg
ErrMsg
ErrMsg
ErrMsg
ErrMsg

Sections

.text
Size: 28KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 194KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 561KB - Virtual size: 564KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

de2907b331a341b89915c2d3d5e5b0f2

Headers

File Characteristics

Imports

rtm

odbc32

kernel32

duser

dsprop

Sections

.text Size: 28KB - Virtual size: 35KB

.data Size: 14KB - Virtual size: 194KB

.rsrc Size: 561KB - Virtual size: 564KB

.text
Size: 28KB - Virtual size: 35KB

.data
Size: 14KB - Virtual size: 194KB

.rsrc
Size: 561KB - Virtual size: 564KB