15d24cf7aeb7cd95a77afaf9a84bbe74_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

15d24cf7aeb7cd95a77afaf9a84bbe74_JaffaCakes118
Size

133KB
MD5

15d24cf7aeb7cd95a77afaf9a84bbe74
SHA1

bd709afd3d943b108f084f52729e6fb7d1e41459
SHA256

1c1ef7e333e52724a4aa633d017751e8f5fd549d22226423d678fc96aa98ea2b
SHA512

4df3c189b8c1b0bac9d40f35e292c98b5aa2ae12a2df899d809e545a869923982c7dd891c2908a31065562647f92849e8a5deac2d7fbdb17ad5511faca185839
SSDEEP

3072:JcK4iWWiHOlSVtPBAlTkDoucPJEBj3O1bKLbh3gXrUtbhXE:JChL4SVtalTkURJF1SkrUtd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15d24cf7aeb7cd95a77afaf9a84bbe74_JaffaCakes118

Files

15d24cf7aeb7cd95a77afaf9a84bbe74_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c23549dc85bfca9c16a3cd5950c0f41d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

odbccr32

SQLSetConnectAttr
SQLBindCol
SQLCloseCursor
SQLParamData
SQLSetStmtAttr
SQLTransact
SQLParamOptions
SQLCancel
SQLGetDescRec
SQLSetScrollOptions
SQLNumParams
SQLSetConnectOption
SQLFreeStmt
SQLFreeHandle
SQLSetPos
SQLBindParameter
SQLBulkOperations
SQLSetDescRec
SQLExtendedFetch
SQLPutData
SQLGetStmtAttr
SQLSetStmtOption

kernel32

BackupRead
SetEnvironmentVariableA
lstrcpyA
AttachConsole
GlobalAlloc
GlobalFindAtomA
CreateFileW
GetConsoleTitleW
FindAtomA
GetConsoleInputExeNameW
GetConsoleCursorMode
OutputDebugStringA
GetCalendarInfoA
LoadLibraryA
CreateMailslotA
ReadConsoleOutputCharacterA
GlobalSize
Process32NextW
IsBadReadPtr
GetVersionExW
IsBadHugeReadPtr
GetCurrentProcessId
GetTimeFormatA
SetConsoleIcon
VirtualAlloc
DosPathToSessionPathW
DuplicateConsoleHandle
OpenEventA

msoert2

FIsValidFileNameCharW
CchFileTimeToDateTimeW
PszSkipWhiteA
HrStreamToByte
CreateNotify
HrCreatePhonebookEntry
UnlocStrEqNW
PszDupA
CleanupFileNameInPlaceW
PszAllocA
_MSG
FIsSpaceA
HrGetCertKeyUsage
HrLPSZToBSTR
DeleteTempFile
OpenFileStreamWithFlagsW

userenv

RegisterGPNotification
LeaveCriticalPolicySection
ProcessGroupPolicyCompleted
DestroyEnvironmentBlock
ExpandEnvironmentStringsForUserA
RsopResetPolicySettingStatus
FreeGPOListW
RsopFileAccessCheck
RefreshPolicy
DeleteProfileA
ExpandEnvironmentStringsForUserW
EnterCriticalPolicySection
ProcessGroupPolicyCompletedEx
UnloadUserProfile
WaitForUserPolicyForegroundProcessing
DeleteProfileW
UnregisterGPNotification
WaitForMachinePolicyForegroundProcessing
GetDefaultUserProfileDirectoryW
GetPreviousFgPolicyRefreshInfo
GetAppliedGPOListA
GetAllUsersProfileDirectoryA

msorcl32

SQLBrowseConnect
SQLBindParameter
SQLTables
SQLForeignKeys
SQLStatistics
SQLMoreResults
SQLNativeSql
SQLGetCursorName
SQLSetCursorName
SQLFetch
SQLNumResultCols
SQLAllocEnv
SQLDescribeCol
SQLRowCount
LoadByOrdinal
SQLBindCol
SQLFreeStmt
ConfigDSN
SQLPrepare
SQLSetScrollOptions
SQLFreeEnv
SQLParamData
SQLExtendedFetch
SQLColumns
SQLExecute

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 54KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c23549dc85bfca9c16a3cd5950c0f41d

Headers

DLL Characteristics

File Characteristics

Imports

odbccr32

kernel32

msoert2

userenv

msorcl32

Sections

.text Size: 34KB - Virtual size: 33KB

Size: 42KB - Virtual size: 41KB

Size: 54KB - Virtual size: 211KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 236B

.text
Size: 34KB - Virtual size: 33KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 236B