5ee4a6243bf83b5ceef413694e270404_JaffaCakes118

General

Target

5ee4a6243bf83b5ceef413694e270404_JaffaCakes118
Size

103KB
MD5

5ee4a6243bf83b5ceef413694e270404
SHA1

2dde1b49646aa73275e20c76fd599dfe3a852f4c
SHA256

7687af3040b88c8ae5d353019cb2281aa94922f4b6f0dd4164a5e2bc320c0e07
SHA512

eab6574b6a404ba8189248c68469b2ce2f043882878b6fd2726007a75ed51aee88f2a0552bdfd3bf65c046dc7d03cd5762ad22cc70787211b71471d9b7e2445e
SSDEEP

1536:9fHQXIcIw1BYBG4QtrlrZ5XAf1Pu3y8/lCdnDUDtgEsjaWON0SjqCVMdMY++srks:upAfyZxAftuR/g9DotMaWONhjqDj+7k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ee4a6243bf83b5ceef413694e270404_JaffaCakes118

Files

5ee4a6243bf83b5ceef413694e270404_JaffaCakes118
.exe windows:6 windows x86 arch:x86

bb13659e774cfc4308446a9b2f99e4bc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

HeapCreate
InitializeCriticalSection
FreeEnvironmentStringsA
VirtualAlloc
GetEnvironmentStringsA
HeapSetInformation
CreateFileA
ReadFile
OpenEventA
lstrcpyA
CreateEventA
ConnectNamedPipe
GetVersionExA
HeapAlloc
GetNamedPipeHandleStateA
GetCurrentThreadId
SetEnvironmentVariableA
InterlockedFlushSList
VirtualFree
CompareStringA
SetEvent
HeapFree
FileTimeToDosDateTime
WaitForMultipleObjects
SetNamedPipeHandleState
HeapDestroy
EnterCriticalSection
WaitNamedPipeA
GetFileTime
ReadFileScatter
GetStringTypeExA
GetLastError
CreateNamedPipeA
CloseHandle
WriteFile
GetSystemTimes
SetFilePointer

odbc32

SQLForeignKeys
SQLDrivers
SQLColAttributeA
OpenODBCPerfData
SQLExtendedFetch
SQLError
SQLPrepare
SQLPrepareA
SQLSetCursorName
SQLDescribeParam
GetODBCSharedData
SQLSetEnvAttr
SQLColAttributesA
SQLSetConnectAttrA
SQLSetStmtAttr
SQLStatisticsA
SQLGetEnvAttr
SQLSetConnectOption
ValidateErrorQueue
VFreeErrors
SQLSetConnectOptionA
SQLExecDirect
SQLBindParameter
SQLColumnPrivilegesA
SQLProcedureColumnsA
SQLGetFunctions
SQLProceduresA

advpack

RebootCheckOnInstall
OpenINFEngine
IsNTAdmin
AdvInstallFile
DelNodeRunDLL32
GetVersionFromFile
RegSaveRestoreOnINF
ExecuteCab

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb13659e774cfc4308446a9b2f99e4bc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

odbc32

advpack

Sections

.text Size: 60KB - Virtual size: 60KB

.data Size: 5KB - Virtual size: 5KB

.rsrc Size: 35KB - Virtual size: 36KB

.reloc Size: 512B - Virtual size: 4KB

.text
Size: 60KB - Virtual size: 60KB

.data
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 35KB - Virtual size: 36KB

.reloc
Size: 512B - Virtual size: 4KB