2946d69ff8071e7ef92b5257ba4c45d6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2946d69ff8071e7ef92b5257ba4c45d6_JaffaCakes118
Size

132KB
MD5

2946d69ff8071e7ef92b5257ba4c45d6
SHA1

e5d435d6432cb4b8ef3f564f8e3d0741db6b2afa
SHA256

079711e7e1084dfa8d4ea009bcf264f1691a9349f873e77d00b2e8eef6e8a153
SHA512

b5cf43fcba42634964c482ad60a461bae4833b2e60423fcaac5ad5af4492a52eac7bb0de6eb088db714872992b862fc8a097cc79c87755eadc95e4f81e2ebb06
SSDEEP

1536:B6OUiNYQ9A08j9gJZ5fUhUgddS3HOy1lE82qrk45i5tEch/7pT/9QpnjLOb3HF31:B6utHDgjS3+dEvUtEc1p72jyVp9Fl8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2946d69ff8071e7ef92b5257ba4c45d6_JaffaCakes118

Files

2946d69ff8071e7ef92b5257ba4c45d6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3087c8bda8f2c3c5b04e7170c3467101

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

nddeapi

NDdeShareDelA
NDdeShareAddA
NDdeGetErrorStringA
NDdeTrustedShareEnumW
NDdeIsValidShareNameW
NDdeGetShareSecurityW
NDdeIsValidAppTopicListW
NDdeSetTrustedShareW
NDdeShareSetInfoW
NDdeShareGetInfoA
NDdeShareGetInfoW
NDdeSetShareSecurityA
NDdeIsValidShareNameA
NDdeGetTrustedShareA
NDdeSpecialCommandA
NDdeTrustedShareEnumA
NDdeGetErrorStringW
NDdeShareAddW
NDdeSetTrustedShareA
NDdeShareDelW

odbctrac

TraceSQLStatisticsW
TraceSQLSetConnectOptionW
TraceSQLBindParameter
TraceSQLNativeSqlW
TraceSQLTablesW
TraceSQLSpecialColumns
TraceSQLSetEnvAttr
TraceSQLFetch
TraceReturn
TraceSQLGetDiagRecW
TraceSQLGetCursorName
TraceSQLFreeConnect
TraceSQLColumnPrivilegesW
TraceCloseLogFile
TraceSQLFreeHandle
TraceSQLColumnPrivileges

kernel32

LocalAlloc
IsWow64Process
GetDateFormatW
ExitProcess
LoadLibraryA
ReadConsoleInputA
FindAtomW
SetTimeZoneInformation
GetConsoleAliasW
FindResourceW
EnumCalendarInfoExW
GetConsoleCommandHistoryW
SetConsoleMode
DebugActiveProcess
LeaveCriticalSection
MapViewOfFileEx
GetEnvironmentStringsW
AllocConsole
VirtualAlloc

sqlsrv32

SQLTablePrivilegesW
SQLFreeStmt
SQLAllocHandle
SQLColumnPrivilegesW
SQLSetEnvAttr
SQLFetch
SQLSetConnectAttrW
BCP_sendrow
ConfigDSNW
BCP_setcolfmt
BCP_control
SQLGetDescRecW
SQLDescribeColW
SQLParamData
BCP_readfmt
SQLGetFunctions
SQLConnectW
SQLForeignKeysW
SQLPutData
SQLProcedureColumnsW
BCP_collen
SQLStatisticsW
SQLGetDiagRecW
SQLBrowseConnectW

samlib

SamConnect
SamSetInformationUser
SamRidToSid
SamLookupNamesInDomain
SamChangePasswordUser3
SamDeleteUser
SamDeleteAlias
SamChangePasswordUser2
SamShutdownSamServer
SamEnumerateDomainsInSamServer
SamRemoveMemberFromForeignDomain
SamFreeMemory
SamiSetDSRMPassword
SamOpenGroup
SamSetSecurityObject
SamLookupDomainInSamServer
SamChangePasswordUser

Sections

.text
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3087c8bda8f2c3c5b04e7170c3467101

Headers

DLL Characteristics

File Characteristics

Imports

nddeapi

odbctrac

kernel32

sqlsrv32

samlib

Sections

.text Size: 74KB - Virtual size: 74KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 52KB - Virtual size: 162KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 344B

.text
Size: 74KB - Virtual size: 74KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 52KB - Virtual size: 162KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 344B