5addc2b022d936029b5d8462b06e04b4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5addc2b022d936029b5d8462b06e04b4_JaffaCakes118
Size

124KB
MD5

5addc2b022d936029b5d8462b06e04b4
SHA1

9213ce7df71c04d9e229345aade60e194b6511b2
SHA256

36ae468d7c69ef904bd75beffbd84b0cf9d30b0d1907936784e500391e80aa1a
SHA512

be5788d89876b063a39e4a83c806022e4f8a90faed0812b1def513340cb9239bc9f6280fa6706f052a62000a76ec4056dc3d3d1d5d336eb43fbd3a3d0102a5e0
SSDEEP

1536:qLLAhU5WpdXcGIqohcuCPk+LDtqjqczt62aZyCXgtrK8LO0c3xeG:sLAs+gqpLPk+LZkzt62+wfMeG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5addc2b022d936029b5d8462b06e04b4_JaffaCakes118

Files

5addc2b022d936029b5d8462b06e04b4_JaffaCakes118
.dll windows:5 windows x86 arch:x86

9b9d21af99bc18de76331a00a7f685c7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ODBCCU32.pdb

Imports

mfc42u

ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3396
ord3825
ord3826
ord3820
ord3074
ord4075
ord4616
ord1089
ord3733
ord561
ord815
ord5746
ord4078
ord1824
ord1853
ord600
ord1240
ord1173
ord1165
ord1571
ord6466
ord1250
ord1248
ord1563
ord1194
ord342
ord1179
ord1570
ord1568
ord1115
ord269
ord826
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord353
ord1258
ord5579
ord1863
ord268
ord1257
ord350
ord3121
ord5647
ord823
ord825
ord3658
ord1560
ord4418

msvcrt

_except_handler3
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
free
_wcsicmp
_wcsnicmp
wcscpy
wcscat
_CxxThrowException
__CxxFrameHandler
wcscmp
malloc

user32

IsCharAlphaW
MessageBoxA

odbc32

ord176
ord108
CursorLibLockStmt
ord106
ord111
ord68
ord162
CursorLibLockDbc
ord119
ord12
ord48
ord49
ord16
ord24
ord3
ord51
ord13
ord43
ord18
ord63
ord72
ord26
ord64
ord20
ord4
ord31
CursorLibLockDesc
CursorLibTransact
ord145
ord61
ord46
ord150
ord139
ord74
VRetrieveDriverErrorsRowCol
ValidateErrorQueue
SearchStatusCode
PostODBCError
ord28
PostODBCComponentError
VFreeErrors
ord117
ord134
ord133
ord138
LockHandle
ord173

kernel32

VirtualAlloc
GetTempFileNameW
GetTempPathW
lstrlenW
LoadLibraryA
FreeLibrary
lstrcpynW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
LocalFree
LocalAlloc
VirtualFree

Exports

Exports

ReleaseCLStmtResources
SQLBindCol
SQLBindParameter
SQLBulkOperations
SQLCancel
SQLCloseCursor
SQLEndTran
SQLExecDirect
SQLExecute
SQLExtendedFetch
SQLFetch
SQLFetchScroll
SQLFreeHandle
SQLFreeStmt
SQLGetData
SQLGetDescField
SQLGetDescRec
SQLGetInfo
SQLGetStmtAttr
SQLGetStmtOption
SQLMoreResults
SQLNativeSql
SQLNumParams
SQLParamData
SQLParamOptions
SQLPrepare
SQLPutData
SQLRowCount
SQLSetConnectAttr
SQLSetConnectOption
SQLSetDescField
SQLSetDescRec
SQLSetPos
SQLSetScrollOptions
SQLSetStmtAttr
SQLSetStmtOption
SQLTransact

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b9d21af99bc18de76331a00a7f685c7

Headers

File Characteristics

PDB Paths

Imports

mfc42u

msvcrt

user32

odbc32

kernel32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 44KB

.data Size: 64KB - Virtual size: 68KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 48KB - Virtual size: 44KB

.data
Size: 64KB - Virtual size: 68KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 2KB