362fcf3671e5c2d39739e9cd74790230_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

362fcf3671e5c2d39739e9cd74790230_JaffaCakes118
Size

868KB
MD5

362fcf3671e5c2d39739e9cd74790230
SHA1

088054ffd113fae1aff536699893c43bdd7d609a
SHA256

9b7c13731056645c0327edae5726c31506a37acbb9d39d3c3731fbca30db023a
SHA512

6f4a673b3cfe5a2475a646e7a21cf4399512ddb91fcb5c56726e8dcff22480487b75b9170ff4ae8a70a32710270c907b7e64bcc821907e4e9b1d010571b06e45
SSDEEP

24576:QqdSSl1ExD1GgfK69QpXyLM91+qjyUpcRE3Ky61RAxrLl16mWHVez:RlER9PIoM/+trRE381RAxrLF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
362fcf3671e5c2d39739e9cd74790230_JaffaCakes118

Files

362fcf3671e5c2d39739e9cd74790230_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8af6cc7d4a486a54ad5c41d9351ded1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

esent

JetPrepareUpdate
JetSetIndexRange
JetBeginTransaction
JetInit3
JetEndExternalBackupInstance2
JetGotoBookmark
JetOpenDatabase
JetOpenTable
JetGetAttachInfo
JetRestoreInstance
JetGetLogInfoInstance
JetCreateIndex
JetRollback@8
JetDupCursor
JetSnapshotStop
JetCreateIndex2
JetDeleteColumn2
JetGetCursorInfo
JetExternalRestore2
JetCreateTable
JetSetLS
JetPrepareUpdate@12
JetPrepareToCommitTransaction
JetExternalRestore
JetMakeKey
JetOpenTempTable
JetCompact
JetRetrieveColumn
JetGetInstanceInfo
JetDelete
JetCloseFileInstance
JetRenameTable

kernel32

VDMOperationStarted
LocalAlloc
GetLargestConsoleWindowSize
GetCommandLineW
GetFileAttributesExA
LocalLock
ClearCommError
GetSystemDefaultUILanguage
SetLastError
GlobalAlloc
LZCreateFileW
SetFileAttributesA
VerLanguageNameA
GetLogicalDriveStringsW
PrivCopyFileExW
CompareStringA
IsDBCSLeadByteEx
GlobalGetAtomNameW
CreateWaitableTimerW
Toolhelp32ReadProcessMemory
GetFileAttributesW
EnumDateFormatsA
InterlockedPopEntrySList
GetLocaleInfoW
QueueUserAPC
GetThreadTimes
GlobalAddAtomW
IsValidLocale
OutputDebugStringA
CreateFileW
SetConsoleCtrlHandler
LocalSize
EnumUILanguagesA
GetSystemTimeAdjustment
GetVolumePathNameW
HeapReAlloc
GetBinaryType
GetSystemDefaultLangID
FreeConsole
Heap32ListFirst
GetConsoleWindow
GetOEMCP
FindResourceA
RemoveDirectoryW
RtlUnwind
AreFileApisANSI
IsWow64Process
RemoveDirectoryA
WaitForSingleObjectEx
FreeEnvironmentStringsW
_lcreat
SetSystemPowerState
Module32First
DeviceIoControl
FindFirstVolumeMountPointW
LoadLibraryA
GetCurrentActCtx
FreeLibrary
PeekConsoleInputW
FlushConsoleInputBuffer
GetExitCodeThread
OpenWaitableTimerW
GetACP
SetThreadExecutionState
GetProcAddress
GetConsoleOutputCP
CancelWaitableTimer
WritePrivateProfileStructW
WriteFileGather
Module32FirstW
TzSpecificLocalTimeToSystemTime
VirtualAlloc
BuildCommDCBW
WTSGetActiveConsoleSessionId
WritePrivateProfileSectionA
GetSystemInfo
FileTimeToSystemTime
GetModuleHandleExW
LockFileEx
OpenSemaphoreW
OpenProcess
FindResourceExW
GetConsoleInputExeNameA
GetCommConfig
HeapCompact
GetSystemWindowsDirectoryW
DeleteFileA

odbcjt32

SQLSpecialColumnsW
SQLAllocHandle
SQLColAttributeW
SQLSetEnvAttr
SQLFreeEnv
ConfigDSNW
SQLFreeConnect
SQLFetch
SQLGetCursorNameW
SQLExecDirectW
SQLDisconnect
SQLTablesW
SQLEndTran
SQLSetCursorNameW
SQLGetDescRecW
SelectIndexDlgProc
SQLParamData
SQLDescribeColW
SQLCancel
ConfigDSN
SQLStatisticsW
SQLPutData
SelectUIdxDlgProc
ConfigDialogProc
SQLGetDiagFieldW
SQLDriverConnectW
AdvancedDialogProc
SQLExecute
SQLGetStmtAttrW
SQLSetPos
SQLRowCount
SQLNativeSqlW
SQLNumParams
InvisibleSelectDb
SQLAllocStmt
SQLGetDescFieldW
SQLGetInfoW
SQLBindCol
SQLSetConnectAttrW
SQLSetDescFieldW
SQLGetTypeInfoW
SQLSetScrollOptions
SQLGetFunctions
SQLBulkOperations
SQLFreeStmt

crtdll

_utime
ungetwc
gets
is_wctype
floor
_ismbcl0
swscanf
_ecvt
_execvp
_lfind
_osminor_dll
_tzset
_filelength
_abnormal_termination
_fsopen
wcscoll
wcsspn
_swab
_stricoll
??2@YAPAXI@Z
_fpreset
_mbclen
ftell
_onexit
_popen
fseek
_wcsnicmp
iswctype
_ismbbgraph
_mbctype
wprintf
getc
_expand
_spawnv
cos
iswcntrl
fputc
atol
strlen
realloc
_ismbblead
fclose
strstr
_acmdln_dll
_finite
_fpclass
__dllonexit
_lseek
_strninc
_toupper
_rmdir
_heapchk
_snwprintf
_mbsupr
getenv
_hypot
__toascii
fmod
_mbsnextc
_spawnl
setlocale
_spawnvpe
srand
fwprintf
vprintf
_getdcwd
_ftime
_ismbstrail
_global_unwind2
isspace
_y0
_putw
_cscanf
sscanf
_cabs
vswprintf
_execlp
atoi
_wtol
abs
fgetwc
_ismbchira
_environ_dll
sin
_fpieee_flt
cosh
tolower
_y1
_ismbslead

sxs

SxsGenerateActivationContext
CreateAssemblyCache
SxsBeginAssemblyInstall
SxsProbeAssemblyInstallation
SxsQueryManifestInformation
SxsEndAssemblyInstall
SxsRunDllInstallAssembly
SxsRunDllInstallAssemblyW
CreateAssemblyNameObject
SxsOleAut32RedirectTypeLibrary
SxsUninstallW
SxsInstallW
SxsOleAut32MapReferenceClsidToConfiguredClsid
SxspGenerateManifestPathOnAssemblyIdentity

Sections

.text
Size: 379KB - Virtual size: 379KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 344KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 141KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8af6cc7d4a486a54ad5c41d9351ded1f

Headers

DLL Characteristics

File Characteristics

Imports

esent

kernel32

odbcjt32

crtdll

sxs

Sections

.text Size: 379KB - Virtual size: 379KB

.rdata Size: 344KB - Virtual size: 344KB

.data Size: 141KB - Virtual size: 1.6MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 379KB - Virtual size: 379KB

.rdata
Size: 344KB - Virtual size: 344KB

.data
Size: 141KB - Virtual size: 1.6MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB