07323052e50f5006c5f44f235d0ad729_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

07323052e50f5006c5f44f235d0ad729_JaffaCakes118
Size

88KB
MD5

07323052e50f5006c5f44f235d0ad729
SHA1

54584f8c2b16326911703bce51bdfe7ce8b7e0d7
SHA256

cd6bb98d5d7cff2b4139b2f868a39a57f2a586f08968ca17e4faefae133700ed
SHA512

394db98ac4a898b2adcca6cd03f16672b49960ea72f3bf4e8c18ec4bb8f2f4c8b730ea0a6265d10db51fe3a386c6b0dc57403109e8ccca363dbe15a962e47ec3
SSDEEP

1536:oqhEBSQ+LOdt5gu8E0Vo/mb0Gv9JotvCJmg9+ecj+yd142JBkDuWQezhm:HWByGTgREkAttqJmg9zs+yd148kDuWQT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07323052e50f5006c5f44f235d0ad729_JaffaCakes118

Files

07323052e50f5006c5f44f235d0ad729_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a377c187a6c8398d829d694dbb71bc22

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Imports

sqlwoa

_LoadIcon@8
_LoadString@16
_GetDlgItemText@16
_SetWindowText@8
_PostMessage@16
_CreateFile@28
_DefWindowProc@16
_TranslateAccelerator@12
_LoadCursor@8
_GetProp@8
_GetWindowLong@8
_GetModuleFileName@12
_WinHelp@16
_SetDlgItemText@12
_SetWindowLong@12
_MAKEINTRESOURCE@4
_IsDialogMessage@8
_CreateFont@56
_LoadBitmap@8
_SendMessage@16
_LoadMenu@8
_MessageBox@16
_CallWindowProc@20
_SetProp@12
_CreateWindowEx@48

sqlwid

GetProcAddress_

sqlresld

SQLUIUnloadResourceDLL
SQLUILoadResourceDLL

gdi32

GetStockObject
DeleteObject

kernel32

VirtualAlloc
UnhandledExceptionFilter
GetProcAddress
LocalFree
HeapCreate
LCMapStringA
VirtualFree
GetStringTypeW
LCMapStringW
GetLastError
GetModuleHandleW
GetStartupInfoW
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
RtlUnwind
HeapFree
HeapAlloc
SetFilePointer
GetModuleFileNameW
FlushFileBuffers
SetStdHandle
lstrlenW
GetUserDefaultLCID
Sleep
GetTickCount
WriteFile
CloseHandle
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GetWindowsDirectoryA
LoadLibraryA
FreeLibrary
GetSystemDirectoryA
FindClose
MultiByteToWideChar
CreateSemaphoreA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
CreateFileMappingA
CreateMutexA
FreeEnvironmentStringsA
GetStringTypeA
FormatMessageA
LoadLibraryExA
lstrcatA
GetModuleFileNameA
GlobalFree
GlobalAlloc
lstrlenA
GetVersionExA
HeapDestroy
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW

user32

IsZoomed
wsprintfA
MessageBoxA
FindWindowA
SetForegroundWindow
EnumChildWindows
GetSystemMenu
SendMessageA
GetMenuState
DeleteMenu
GetMenuItemCount
GetTopWindow
GetWindow
GetParent
MessageBeep
SetCursor
IsWindow
SetFocus
EnableMenuItem
IsIconic
GetWindowRect
GetClientRect
MoveWindow
DestroyWindow
PostQuitMessage
GetSubMenu
UpdateWindow
TranslateMDISysAccel
TranslateMessage
GetDlgItem
ShowWindow
EnableWindow
BeginPaint
GetSysColor
EndPaint
EndDialog
GetSystemMetrics
DestroyMenu
GetMenuItemID
GetKeyState

advapi32

RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey

shell32

DragAcceptFiles

sqlgui

SQLGUIGetOS
SubClsMsgGrabberSet
BltColorableBitmap
SQLGUIMeasureMenuItem
DoSysColorChange
QSQLConnect
VerifySQLLogin
SQLGUIHandleWM_MENUCHAR
CenterDlg
SQLUIDialogBoxParam
GetTextExtentFont
SQLGUIDrawMenuItem
SQLUIGetStdFontInfo
SQLGUIFreeMenuItems
SQLGUISetMenuOwnDraw
SQLGUIPrepareMenuItem
SQLGUISetMenuIcon
DEditGetInsertMode

sqlsvc

SHRecMemDelete
SQLSvcInit
SHRecMemInsert
SHRecMemFree
SHRecMemLock
SetTaskApplicationWindow
TaskApplicationWindow
SHRecMemAdd
SQLSvcExit
SHRecMemInit
SetTaskName
QSQLCopyConnStruct

sqlqry

GetFileConfigData
GetLoginTOValue
ShowISQLWFileConfigureDialog
QueryValidateClosure
ShowISQLWManageWindowsDialog

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

winmm

PlaySoundW

ole32

OleUninitialize
OleInitialize

msvcrt

_beginthread
_endthread

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a377c187a6c8398d829d694dbb71bc22

Headers

File Characteristics

Imports

sqlwoa

sqlwid

sqlresld

gdi32

kernel32

user32

advapi32

shell32

sqlgui

sqlsvc

sqlqry

version

winmm

ole32

msvcrt

Sections

.text Size: 48KB - Virtual size: 46KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 24KB - Virtual size: 38KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 48KB - Virtual size: 46KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 24KB - Virtual size: 38KB

.rsrc
Size: 4KB - Virtual size: 2KB