1bee333deee4c075636d7cc2852b407f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1bee333deee4c075636d7cc2852b407f_JaffaCakes118
Size

86KB
MD5

1bee333deee4c075636d7cc2852b407f
SHA1

124385368202d2cdb30cb6ee30312d2b6399694c
SHA256

03ded9b9e226b87945425d761d63b436760790c98a55bc2dc0286cae8e645b3c
SHA512

50ddcf2e9ad542abddce2e457990b633f1acb426cd198d573fb7a2afe8763d7b8f12de1f863df98ae45b6fe49d81cc948ff7d2d1734c0387aba40d97907c5329
SSDEEP

1536:ZT+q3QGmvMluiJPbd+REdi8tcel8e6A1S5ChQ+H4Uc2kERgRyik5tNmwwye2Mxmg:ZTpDZdwEdi8een6A7xnRgIHqVjPWuu2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1bee333deee4c075636d7cc2852b407f_JaffaCakes118

Files

1bee333deee4c075636d7cc2852b407f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

cc58885a5a9c123f22285d5b4497ff5f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
FindActCtxSectionStringW
SetHandleCount
UnhandledExceptionFilter
InterlockedExchange
GetModuleHandleW
FlushConsoleInputBuffer
GetCurrentProcessId
OpenConsoleW
ZombifyActCtx
LoadLibraryA
GetSystemTimeAsFileTime
VDMConsoleOperation
WriteConsoleOutputA
CreateActCtxW
GetProcAddress
GlobalUnlock
QueryPerformanceCounter
WritePrivateProfileSectionW
GlobalAddAtomA
EnumDateFormatsW
SetComputerNameExW
VirtualAlloc
GlobalDeleteAtom

odbccp32

SQLCreateDataSource
SQLValidDSN
SQLGetAvailableDrivers
SelectTransDlg
SQLInstallDriver
SQLInstallDriverManagerW
SQLRemoveTranslatorW
SQLRemoveDefaultDataSource
SQLGetInstalledDriversW
SQLPostInstallerErrorW
SQLInstallTranslatorEx
SQLRemoveDriver
SQLConfigDriver
SQLRemoveDSNFromIniW
SQLCreateDataSourceExW
SQLInstallTranslator
SQLGetTranslator

expsrv

__vbaPutFxStr3
rtcMidBstr
rtcInputCharCount
rtcVarFromError
rtCyFromErrVar
_adj_fprem
__vbaLateIdNamedCall
rtcStrConvVar2
__vbaR4ForNextCheck
__vbaNextEachCollVar
rtcGetObject
__vbaI2Var
rtI2FromErrVar
__vbaNew2
__vbaVargObjAddref
_adj_fdivr_m32i
rtcGetDateVar
__vbaForEachCollObj
__vbaVarNot

wininet

InternetWriteFile
FindCloseUrlCache
InternetInitializeAutoProxyDll
InternetShowSecurityInfoByURLA
FtpCommandA
DeleteIE3Cache
InternetQueryFortezzaStatus
SetUrlCacheGroupAttributeW
FindFirstUrlCacheEntryExA
InternetGetPerSiteCookieDecisionA
FindNextUrlCacheGroup
LoadUrlCacheContent
InternetLockRequestFile
HttpEndRequestA
DeleteUrlCacheContainerW
PrivacySetZonePreferenceW
UnlockUrlCacheEntryFile
InternetHangUp
RetrieveUrlCacheEntryStreamW
FtpRemoveDirectoryW

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc58885a5a9c123f22285d5b4497ff5f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

odbccp32

expsrv

wininet

Sections

.text Size: 34KB - Virtual size: 33KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 19KB - Virtual size: 44KB

.rsrc Size: 21KB - Virtual size: 21KB

.reloc Size: 512B - Virtual size: 356B

.text
Size: 34KB - Virtual size: 33KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 19KB - Virtual size: 44KB

.rsrc
Size: 21KB - Virtual size: 21KB

.reloc
Size: 512B - Virtual size: 356B