8c3c2f9e8f7843d466a4f156951ee8d7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8c3c2f9e8f7843d466a4f156951ee8d7_JaffaCakes118
Size

296KB
MD5

8c3c2f9e8f7843d466a4f156951ee8d7
SHA1

7bb492c5aac90543bafee3b25ec9a795bdf19fe3
SHA256

1f8b2a354cae742c9f832e0d66a375763c02f4d3f27645374beb3940aba2a35e
SHA512

b0090e70e8cdc19f94e99cb322018ec8b440146386bfd3972075c27b767bd86316ae5c27753ddc572a857a553f66e7e955e416594dcd142bd8b7b3473d7784e7
SSDEEP

6144:A0jDCczw2mtj4TYOV9qq40USi3nxGB44cnuRt7Wu:7t53V9q10zi30cnuK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8c3c2f9e8f7843d466a4f156951ee8d7_JaffaCakes118

Files

8c3c2f9e8f7843d466a4f156951ee8d7_JaffaCakes118
.dll windows:5 windows x86 arch:x86

ed31784917be50287025a6b71f588b52

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

odbc32.pdb

Imports

msvcrt

_adjust_fdiv
malloc
_initterm
free
_vsnwprintf
_ultow
wcsstr
_splitpath
_snprintf
_wtol
_ltow
_except_handler3
strncpy
wcstoul
_snwprintf
_wmakepath
wcsncat
sprintf
_wstat
_stat
_waccess
_access
_errno
swprintf
wcsncmp
_wcsnicmp
wcscpy
wcsrchr
wcscat
_wsplitpath
wcscmp
_wcsicmp
wcsncpy
wcslen
_winmajor

comctl32

ImageList_Create
ImageList_ReplaceIcon
PropertySheetW
PropertySheetA

shell32

SHGetFileInfoA
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetMalloc

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
EnterCriticalSection
TerminateProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
ReleaseSemaphore
Sleep
CreateSemaphoreW
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
FreeLibrary
GetProcAddress
LoadLibraryA
FindClose
FindNextFileW
FindFirstFileW
GetLogicalDriveStringsW
OutputDebugStringW
GetLastError
LoadLibraryExA
LoadLibraryExW
GetSystemDirectoryA
GetSystemDirectoryW
GetTempPathA
GetTempPathW
WritePrivateProfileStringA
WritePrivateProfileStringW
CreateDirectoryA
CreateDirectoryW
DeleteFileA
DeleteFileW
OpenFileMappingA
OpenFileMappingW
CreateFileMappingA
CreateFileMappingW
GetPrivateProfileStringA
GetPrivateProfileStringW
SetErrorMode
CloseHandle
GetCurrentProcess
GetCurrentThread
GetTickCount
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
SetLastError
IsBadCodePtr
lstrcpynA
ExpandEnvironmentStringsA
GetFullPathNameA
GetDriveTypeA
SearchPathA
lstrlenA
OutputDebugStringA
GetModuleFileNameA
WaitForSingleObject
SetEvent
UnmapViewOfFile
FreeLibraryAndExitThread
WaitForMultipleObjects
MapViewOfFile
CreateThread
CreateEventW
DisableThreadLibraryCalls
GetVersionExA
DeleteCriticalSection
FormatMessageW
HeapDestroy
LeaveCriticalSection
HeapCompact
HeapSize
HeapReAlloc
HeapFree
InitializeCriticalSection
HeapAlloc
GetSystemInfo
GetModuleHandleA
HeapCreate
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
GetProcessHeap
ReleaseMutex
GetCurrentProcessId
OpenMutexA
CreateMutexA
GetVersionExW
lstrcpynW
IsBadReadPtr
GetCurrentThreadId
RaiseException
LocalFree

advapi32

RegEnumValueA
RegisterEventSourceW
ReportEventW
DeregisterEventSource
EqualSid
IsValidSid
CopySid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetLengthSid
InitializeAcl
AddAccessAllowedAce
AllocateAndInitializeSid
FreeSid
RegNotifyChangeKeyValue
OpenThreadToken
OpenProcessToken
GetTokenInformation
RegCloseKey
RegEnumKeyExW
RegEnumKeyExA
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegQueryValueExA
RegDeleteKeyW
RegDeleteKeyA
RegSetValueExW
RegSetValueExA
RegDeleteValueW
RegDeleteValueA
RegCreateKeyExW
RegCreateKeyExA
RegOpenKeyExA

user32

GetSystemMetrics
GetWindowRect
GetParent
GetDlgCtrlID
GetDesktopWindow
MessageBoxA
GetWindowLongA
SendMessageW
SetWindowLongA
GetDlgItem
SetCursor
LoadCursorA
SendMessageA
EnableWindow
LoadIconA
MessageBoxW
MoveWindow
GetWindowTextA
GetWindowTextW
LoadStringA
LoadStringW
IsWindow
LoadCursorW
GetClientRect
LoadBitmapA
ChildWindowFromPoint
ScreenToClient
GetMessagePos
SetFocus

comdlg32

GetSaveFileNameA
GetSaveFileNameW

Exports

Exports

CloseODBCPerfData
CollectODBCPerfData
CursorLibLockDbc
CursorLibLockDesc
CursorLibLockStmt
CursorLibTransact
DllBidEntryPoint
GetODBCSharedData
LockHandle
MpHeapAlloc
MpHeapCompact
MpHeapCreate
MpHeapDestroy
MpHeapFree
MpHeapReAlloc
MpHeapSize
MpHeapValidate
ODBCGetTryWaitValue
ODBCInternalConnectW
ODBCQualifyFileDSNW
ODBCSetTryWaitValue
OpenODBCPerfData
PostComponentError
PostODBCComponentError
PostODBCError
SQLAllocConnect
SQLAllocEnv
SQLAllocHandle
SQLAllocHandleStd
SQLAllocStmt
SQLBindCol
SQLBindParam
SQLBindParameter
SQLBrowseConnect
SQLBrowseConnectA
SQLBrowseConnectW
SQLBulkOperations
SQLCancel
SQLCloseCursor
SQLColAttribute
SQLColAttributeA
SQLColAttributeW
SQLColAttributes
SQLColAttributesA
SQLColAttributesW
SQLColumnPrivileges
SQLColumnPrivilegesA
SQLColumnPrivilegesW
SQLColumns
SQLColumnsA
SQLColumnsW
SQLConnect
SQLConnectA
SQLConnectW
SQLCopyDesc
SQLDataSources
SQLDataSourcesA
SQLDataSourcesW
SQLDescribeCol
SQLDescribeColA
SQLDescribeColW
SQLDescribeParam
SQLDisconnect
SQLDriverConnect
SQLDriverConnectA
SQLDriverConnectW
SQLDrivers
SQLDriversA
SQLDriversW
SQLEndTran
SQLError
SQLErrorA
SQLErrorW
SQLExecDirect
SQLExecDirectA
SQLExecDirectW
SQLExecute
SQLExtendedFetch
SQLFetch
SQLFetchScroll
SQLForeignKeys
SQLForeignKeysA
SQLForeignKeysW
SQLFreeConnect
SQLFreeEnv
SQLFreeHandle
SQLFreeStmt
SQLGetConnectAttr
SQLGetConnectAttrA
SQLGetConnectAttrW
SQLGetConnectOption
SQLGetConnectOptionA
SQLGetConnectOptionW
SQLGetCursorName
SQLGetCursorNameA
SQLGetCursorNameW
SQLGetData
SQLGetDescField
SQLGetDescFieldA
SQLGetDescFieldW
SQLGetDescRec
SQLGetDescRecA
SQLGetDescRecW
SQLGetDiagField
SQLGetDiagFieldA
SQLGetDiagFieldW
SQLGetDiagRec
SQLGetDiagRecA
SQLGetDiagRecW
SQLGetEnvAttr
SQLGetFunctions
SQLGetInfo
SQLGetInfoA
SQLGetInfoW
SQLGetStmtAttr
SQLGetStmtAttrA
SQLGetStmtAttrW
SQLGetStmtOption
SQLGetTypeInfo
SQLGetTypeInfoA
SQLGetTypeInfoW
SQLMoreResults
SQLNativeSql
SQLNativeSqlA
SQLNativeSqlW
SQLNumParams
SQLNumResultCols
SQLParamData
SQLParamOptions
SQLPrepare
SQLPrepareA
SQLPrepareW
SQLPrimaryKeys
SQLPrimaryKeysA
SQLPrimaryKeysW
SQLProcedureColumns
SQLProcedureColumnsA
SQLProcedureColumnsW
SQLProcedures
SQLProceduresA
SQLProceduresW
SQLPutData
SQLRowCount
SQLSetConnectAttr
SQLSetConnectAttrA
SQLSetConnectAttrW
SQLSetConnectOption
SQLSetConnectOptionA
SQLSetConnectOptionW
SQLSetCursorName
SQLSetCursorNameA
SQLSetCursorNameW
SQLSetDescField
SQLSetDescFieldA
SQLSetDescFieldW
SQLSetDescRec
SQLSetEnvAttr
SQLSetParam
SQLSetPos
SQLSetScrollOptions
SQLSetStmtAttr
SQLSetStmtAttrA
SQLSetStmtAttrW
SQLSetStmtOption
SQLSpecialColumns
SQLSpecialColumnsA
SQLSpecialColumnsW
SQLStatistics
SQLStatisticsA
SQLStatisticsW
SQLTablePrivileges
SQLTablePrivilegesA
SQLTablePrivilegesW
SQLTables
SQLTablesA
SQLTablesW
SQLTransact
SearchStatusCode
VFreeErrors
VRetrieveDriverErrorsRowCol
ValidateErrorQueue
g_hHeapMalloc

Sections

.text
Size: 220KB - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdbid
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed31784917be50287025a6b71f588b52

Headers

File Characteristics

PDB Paths

Imports

msvcrt

comctl32

shell32

kernel32

advapi32

user32

comdlg32

Exports

Exports

Sections

.text Size: 220KB - Virtual size: 217KB

.data Size: 4KB - Virtual size: 3KB

.sdbid Size: 56KB - Virtual size: 52KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 220KB - Virtual size: 217KB

.data
Size: 4KB - Virtual size: 3KB

.sdbid
Size: 56KB - Virtual size: 52KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB