69384b751edf25926b00f5f2756bd43f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

69384b751edf25926b00f5f2756bd43f_JaffaCakes118
Size

87KB
MD5

69384b751edf25926b00f5f2756bd43f
SHA1

25f790576b303840936d28b32b81e898a1203435
SHA256

2718aff3c113600143a03e514a01ed0c6ae6b2da9bf6de762b0be6eb224ee0a6
SHA512

d599b428b20b397b82b495f22f50e2d6b883901da0c1edb0b53020fb87342ed4c49481efbe5e08886809dd59c10e42c15d531ad8a5771e91c8395f91aaf925e6
SSDEEP

1536:U77FUH4B0VW38a/7JVjhCf1C8pWjF4RyEHvFWuOWMMiV5gp8p8p8p/f:M7uKlNzjhCZWjF4RfJ4Micooo3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
69384b751edf25926b00f5f2756bd43f_JaffaCakes118

Files

69384b751edf25926b00f5f2756bd43f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c82ee6385311cb895162ce3f2ed1597a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryPerformanceCounter
GetCurrentThreadId
EnterCriticalSection
SetSystemTime
BaseFlushAppcompatCache
FindResourceExA
LoadLibraryA
GetFileAttributesExA
lstrcpyA
MapViewOfFileEx
UnlockFileEx
HeapUnlock
AddAtomW
WritePrivateProfileStructW
GetTickCount
GetModuleHandleW
GetProcessWorkingSetSize
HeapCreate
GetProcAddress
GetDiskFreeSpaceW
VirtualAlloc
GetSystemTimeAsFileTime
GetCurrentProcessId
MapUserPhysicalPages
LZCreateFileW

resutils

ResUtilGetSzValue
ResUtilFindExpandSzProperty
ResUtilGetResourceName
ResUtilSetResourceServiceEnvironment
ResUtilSetSzValue
ResUtilFreeEnvironment
ClusWorkerStart
ClusWorkerCheckTerminate
ResUtilFindLongProperty
ResUtilSetPropertyTableEx
ResUtilFreeParameterBlock
ResUtilGetResourceNameDependency
ResUtilStopResourceService
ResUtilGetEnvironmentWithNetName

odbc32

SQLGetStmtOption
VRetrieveDriverErrorsRowCol
ValidateErrorQueue
SQLNativeSqlW
SQLConnectA
SQLGetConnectOptionA
SQLCancel
SQLSetCursorNameW
SQLSetPos
SQLSpecialColumnsW
CursorLibLockDesc
SQLSetScrollOptions
SQLConnectW
SQLExecute
CollectODBCPerfData
CursorLibLockStmt
SQLSetConnectOption

adsldpc

AdsTypeToLdapTypeCopyGeneralizedTime
PathName
LdapGetSyntaxOfAttributeOnServer
ReallocADsStr
BuildLDAPPathFromADsPath2
BuildADsPathFromParent
SchemaGetClassInfo
ReadSecurityDescriptorControlType
ADsCreateClassDefinition
LdapTypeFreeLdapObjects
ADSIOpenDSObject
ADsWriteClassDefinition
?GetNextToken@CLexer@@QAEJPAGPAK@Z

gdi32

CreatePatternBrush
DdEntry51
FontIsLinked
SetRelAbs
GdiAddGlsBounds
GetFontUnicodeRanges
GdiStartPageEMF
DeviceCapabilitiesExA
GetROP2
DeviceCapabilitiesExW
SelectBrushLocal

activeds

ADsGetLastError
SecurityDescriptorToBinarySD
ADsFreeEnumerator
ADsGetObject
ADsSetLastError
AdsFreeAdsValues
FreeADsMem
PropVariantToAdsType
AllocADsMem
BinarySDToSecurityDescriptor
AdsTypeToPropVariant2

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c82ee6385311cb895162ce3f2ed1597a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

resutils

odbc32

adsldpc

gdi32

activeds

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 21KB - Virtual size: 53KB

.rsrc Size: 22KB - Virtual size: 21KB

.reloc Size: 512B - Virtual size: 304B

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 21KB - Virtual size: 53KB

.rsrc
Size: 22KB - Virtual size: 21KB

.reloc
Size: 512B - Virtual size: 304B