169df5e81d9bd7d817f1298eaa150fd3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

169df5e81d9bd7d817f1298eaa150fd3_JaffaCakes118
Size

1.1MB
MD5

169df5e81d9bd7d817f1298eaa150fd3
SHA1

c8ad87a836d51f36d76e4c6688f8144f3e4999d0
SHA256

1c69f693f47b8356a71db96f35e793ef8160c92cd8b609f1fd1cda1a14fb4cce
SHA512

5d0fb6c31dd799e758226db628267c99da3bbbf28b54591bc129365b5efbe88cdd74d552bb60306502f6d829f8b54bce95e7ebffcafdfc090af550520b0b74d9
SSDEEP

24576:Epz9/VolqaeC4mcfM1Tz2zhJEE4PXUNcqAdmr:Epclq24dEJMjH4sNcqV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
169df5e81d9bd7d817f1298eaa150fd3_JaffaCakes118

Files

169df5e81d9bd7d817f1298eaa150fd3_JaffaCakes118
.exe windows:7 windows x86 arch:x86

ce0090477853f7646e700d6be9af9832

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

DispatchMessageA
SendMessageA
DestroyWindow
BeginPaint
UpdateWindow
EndPaint
GetMessageA
TranslateMessage
CreateWindowExA
ShowWindow
RegisterClassA
DefWindowProcA

kernel32

WaitNamedPipeA
CompareStringA
IsBadStringPtrA
InterlockedExchange
FileTimeToSystemTime
GetSystemTimeAdjustment
GetFileAttributesA
GetNamedPipeHandleStateA
InitializeSListHead
HeapFree
GetFileTime
SetFirmwareEnvironmentVariableA
VirtualAlloc
ConnectNamedPipe
lstrlenA
InterlockedCompareExchange
GetLocalTime
GetSystemInfo
GetEnvironmentVariableA
ReadFile
GetStringTypeA
WaitForMultipleObjects
CreateNamedPipeA
SetFilePointer
ExitProcess
ReadFileEx
HeapCreate
GetProcessHeap
CloseHandle
HeapDestroy
GetFirmwareEnvironmentVariableA
GetSystemTime
CreateFileA
HeapReAlloc
ReadFileScatter
VirtualFree
HeapAlloc
InterlockedCompareExchange
SetFilePointerEx

advpack

FileSaveMarkNotExist
CloseINFEngine
FileSaveRestoreOnINF
RunSetupCommand
DoInfInstall
TranslateInfString
RegInstall
IsNTAdmin
ExtractFiles
NeedRebootInit

odbc32

SearchStatusCode
OpenODBCPerfData
SQLDescribeCol
LockHandle
SQLColAttributesA
ODBCSetTryWaitValue
ODBCGetTryWaitValue
CursorLibTransact
SQLConnect
SQLSetPos
SQLGetData
SQLFetchScroll
SQLNativeSql
SQLCloseCursor
SQLProcedureColumnsA
SQLFreeEnv
SQLFreeHandle
SQLAllocHandle
SQLSetDescFieldA
SQLErrorA
DllBidEntryPoint
PostODBCComponentError
SQLDriverConnect
SQLSetCursorName
SQLSetDescRec
SQLSetCursorNameA
SQLColAttributes
PostComponentError

Sections

.text
Size: 651KB - Virtual size: 651KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 383KB - Virtual size: 382KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 91KB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce0090477853f7646e700d6be9af9832

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

advpack

odbc32

Sections

.text Size: 651KB - Virtual size: 651KB

.data Size: 383KB - Virtual size: 382KB

.rsrc Size: 91KB - Virtual size: 3.2MB

.text
Size: 651KB - Virtual size: 651KB

.data
Size: 383KB - Virtual size: 382KB

.rsrc
Size: 91KB - Virtual size: 3.2MB