48d48bcf9882e7bf0bc4239fb3a396aa_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

48d48bcf9882e7bf0bc4239fb3a396aa_JaffaCakes118
Size

1.1MB
MD5

48d48bcf9882e7bf0bc4239fb3a396aa
SHA1

040726f87169b1307dd694222f8da1d75e94c8cd
SHA256

579b2d790a5f5a4f522833198ef8a4bf33f8d1fae2c759c70e9876d787fa8617
SHA512

c9b8dc40ef8c4c5101ef8f29f92ffcfb7ecf16327f1c5bc8819f28aa6f12a472fcff94df149af09da089e0e0f2fac34d11b5e8e3b90004671c24be3b46f985da
SSDEEP

24576:D/4YO8MZqBwFU8NlIiQ20ONV85jnIjMkwldVbzurY7GdZh:DIgW1bAsMkeiaGdZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48d48bcf9882e7bf0bc4239fb3a396aa_JaffaCakes118

Files

48d48bcf9882e7bf0bc4239fb3a396aa_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8b28459b5ecee531f8a26cf682dc4d71

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

odbc32

SQLFreeEnv
SQLColumnPrivileges
SQLAllocStmt
SQLConnectA
SQLAllocHandleStd
SQLBindParam
SQLProcedures
SQLGetInfoA
SQLSetDescFieldA
SQLSetParam
SQLSpecialColumns
SQLSetCursorName
SQLPutData
SQLGetDescRec
SQLGetDiagFieldA
SQLSetEnvAttr
SQLGetDescField
PostComponentError
SQLTransact
PostODBCError
SQLPrepareA
CursorLibLockStmt
SQLExecute
SQLDriversA
CursorLibLockDbc
SQLSetStmtOption
CloseODBCPerfData
SQLSetPos
SQLBulkOperations
SQLEndTran
SQLCloseCursor
SQLParamData
SQLDescribeParam
SQLPrepare
SQLTablePrivileges
SQLSetCursorNameA
SQLSetScrollOptions
SQLCancel

kernel32

GetSystemTimeAsFileTime
lstrcmpA
VirtualAlloc
HeapCreate
GetCurrentProcessId
GetSystemTime
SetFilePointer
SetFirmwareEnvironmentVariableA
HeapFree
PeekNamedPipe
CreateFileA
CloseHandle
VirtualFree
ConnectNamedPipe
CreateEventA
HeapAlloc
SetEvent
HeapSetInformation
GetCurrentThreadId
GetSystemTimes
GetStringTypeA
ExpandEnvironmentStringsA
WaitForMultipleObjects
InterlockedExchange
GetLastError
InterlockedPopEntrySList
GetEnvironmentStringsA
ReadFileScatter
InterlockedIncrement
ExitProcess
FileTimeToSystemTime
FreeEnvironmentStringsA
HeapDestroy
WriteFileEx
OpenEventA
InterlockedPushEntrySList
InterlockedDecrement
CreateNamedPipeA
ReadFile
TryEnterCriticalSection
lstrlenA
CompareStringA
GetFileTime
InitializeCriticalSectionAndSpinCount

user32

EndPaint
SendMessageA
DestroyWindow
GetMessageA
RegisterClassA
ShowWindow
UpdateWindow
DispatchMessageA
CreateWindowExA
BeginPaint
TranslateMessage
DefWindowProcA

Sections

.text
Size: 727KB - Virtual size: 727KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 414KB - Virtual size: 413KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8b28459b5ecee531f8a26cf682dc4d71

Headers

DLL Characteristics

File Characteristics

Imports

odbc32

kernel32

user32

Sections

.text Size: 727KB - Virtual size: 727KB

.data Size: 414KB - Virtual size: 413KB

.rsrc Size: 33KB - Virtual size: 3.1MB

.text
Size: 727KB - Virtual size: 727KB

.data
Size: 414KB - Virtual size: 413KB

.rsrc
Size: 33KB - Virtual size: 3.1MB