67547ed836da9638e57fe7c9da605eac_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

67547ed836da9638e57fe7c9da605eac_JaffaCakes118
Size

863KB
MD5

67547ed836da9638e57fe7c9da605eac
SHA1

0ee1bf6fe7626db6daab953e9cb9f180af1cc085
SHA256

fa5e3b699963499a7db6c9b7300e2c7c48f2a5c45fa6a8cf26e173fd3887f065
SHA512

5ba1b47e60043e27e5afd6d38dc7d09cc1a52ad75b74a91047d71f4ff350b2c6e89d707f7d361182d4beaf6dc58379b7c1d28c758eb19ea7bd39dce8a7219af2
SSDEEP

24576:LNF5cqwpVAZ8jGRZ6w5U6AKmt+LGUnvlExqRzoxDS+M2D:LNF5/wjASj+JmtrKlSqRFa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
67547ed836da9638e57fe7c9da605eac_JaffaCakes118

Files

67547ed836da9638e57fe7c9da605eac_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d2ffaad330119b32d589e800f82ad38e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

odbc32

SQLSetConnectOption
SQLDataSourcesW
SQLGetTypeInfoA
SQLColumns
SQLNativeSqlW
GetODBCSharedData
SQLPrepare
SQLGetCursorNameA
SQLColAttribute
SQLConnect
SQLBrowseConnectA
SQLBulkOperations
SQLGetDiagRecA
SQLForeignKeysW
SQLGetDescFieldA
SQLGetTypeInfoW
CursorLibLockDesc
SQLDescribeColW
SQLGetDiagRecW
ODBCGetTryWaitValue
VRetrieveDriverErrorsRowCol
SQLProceduresA
SQLEndTran
SQLColAttributesW
SQLPrepareW
SQLGetCursorNameW
ODBCInternalConnectW
SQLAllocHandleStd
SQLConnectA
SQLPrimaryKeys
SQLDescribeParam
SQLTablePrivilegesA
SQLColumnPrivileges
CloseODBCPerfData
SQLGetDescRecA
SQLSetConnectAttrA
SQLGetDiagRec
SQLCloseCursor
SQLForeignKeys

kernel32

GetCommState
GetStringTypeA
SetConsoleMode
EnumResourceNamesA
EnumDateFormatsW
GetCommProperties
GetConsoleCursorMode
GetLongPathNameA
LocalShrink
GetDiskFreeSpaceA
QueryPerformanceCounter
GetEnvironmentStringsW
FindNextVolumeW
GlobalLock
FindNextFileW
Toolhelp32ReadProcessMemory
GetProfileIntW
LZOpenFileA
VirtualAlloc
WritePrivateProfileStructA
GetFirmwareEnvironmentVariableA
ClearCommBreak
ReadFileScatter
Process32FirstW
GetProcessAffinityMask
GetProfileSectionA
GetThreadSelectorEntry
WriteProfileSectionA
SetDefaultCommConfigA
GlobalMemoryStatusEx
WTSGetActiveConsoleSessionId
OpenJobObjectA
GetUserGeoID
EnumDateFormatsExW
CallNamedPipeW
LoadLibraryA
DebugBreak
GetStringTypeExW
GetTapePosition
EnumCalendarInfoExA
GetPrivateProfileStructW
InitializeCriticalSectionAndSpinCount
EnumResourceTypesA
GlobalSize
GetVolumeNameForVolumeMountPointW
GetConsoleFontInfo
FindFirstFileW
CreateSemaphoreA
GetSystemWow64DirectoryW
GetCurrentThread
GetVolumeInformationW
RemoveDirectoryA
RequestDeviceWakeup
EnumDateFormatsExA
FileTimeToSystemTime
FillConsoleOutputCharacterW
LocalAlloc
DefineDosDeviceW
HeapSetInformation
LockFile
lstrlenA
OpenFileMappingW
SetLocaleInfoA
LocalFlags
RegisterConsoleOS2
CommConfigDialogA
CreateSemaphoreW
MoveFileExA
LocalUnlock
SetCommTimeouts
TzSpecificLocalTimeToSystemTime
ExpandEnvironmentStringsW
FreeUserPhysicalPages
GetConsoleCursorInfo
SetComputerNameW
FindResourceExA

msvcrt

_wtmpnam
_amsg_exit
strchr
??_7bad_cast@@6B@
_putwch
?name@type_info@@QBEPBDXZ
_mbsnicmp
_findfirst64
_i64tow
wcslen
$I10_OUTPUT
_execlpe
_open_osfhandle
_mbsnbicmp
srand
_mbscspn
_strrev
_execv
sprintf
_wfdopen
_wcmdln
_findfirsti64
_ungetch
_mbsncpy
iswalnum
__wcserror
__getmainargs
_snwprintf
_aligned_malloc
_wspawnle
_setmode

advapi32

RegQueryInfoKeyW
RegUnLoadKeyA
SetEntriesInAccessListA
WmiQueryGuidInformation
MD5Update
WmiFreeBuffer
ElfOldestRecord
SystemFunction005
WmiNotificationRegistrationW
GetSidSubAuthorityCount
GetAuditedPermissionsFromAclW
SetPrivateObjectSecurity
RegEnumValueA
AbortSystemShutdownA
CredProfileLoaded
DeregisterEventSource
WmiQueryAllDataW
GetExplicitEntriesFromAclW
GetNamedSecurityInfoExA
LsaOpenSecret
GetExplicitEntriesFromAclA
MapGenericMask
TraceEvent
LsaGetRemoteUserName
ObjectDeleteAuditAlarmA
CopySid

crtdll

_strset
_execlpe
_c_exit
raise
_ctype
_chgsign
mblen
wcsrchr
_mbsnccnt
cos
_ismbslead
gmtime
_splitpath
strlen
_setmode
_purecall
rewind
_mbctype
_mbctolower
_ismbbkalnum
_CIatan2
_cputs
_spawnlpe
fread
_sopen
_strnset
iswgraph
towlower
_lseek
_putch
_flsbuf
abort
__argc_dll
_wcsrev
_getche
frexp
mbstowcs
strcpy
_toupper
_mbsrev
fputwc

Sections

.text
Size: 344KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 318KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 199KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2ffaad330119b32d589e800f82ad38e

Headers

DLL Characteristics

File Characteristics

Imports

odbc32

kernel32

msvcrt

advapi32

crtdll

Sections

.text Size: 344KB - Virtual size: 344KB

.rdata Size: 318KB - Virtual size: 318KB

.data Size: 1024B - Virtual size: 1.6MB

.rsrc Size: 199KB - Virtual size: 199KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 344KB - Virtual size: 344KB

.rdata
Size: 318KB - Virtual size: 318KB

.data
Size: 1024B - Virtual size: 1.6MB

.rsrc
Size: 199KB - Virtual size: 199KB

.reloc
Size: 1024B - Virtual size: 1024B