a64663d43ed18823dd6383420bc5a7c6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a64663d43ed18823dd6383420bc5a7c6_JaffaCakes118
Size

383KB
MD5

a64663d43ed18823dd6383420bc5a7c6
SHA1

277f95ec29c4a01cebfff72d2fadecb3bdcb0962
SHA256

c540cd890a5f47a2f80f4ef14a34ea3e7d0602a3e5f71138b1dede990f96c39c
SHA512

3ceea5a001d8c8305bfb269a99f96b211e84c43b7c3d68577e75a41fb89e257b89d88814d87e057fa330f65467e4000574ebf274d83acd07fefc77d8de6e82c2
SSDEEP

6144:OutMj3ZkoyEndODAXLzK9hMSAzUFk4HU/udXC+HD6QaYLA69yBiB5UU/pNhfc:IZkoyEndOkLzKjMVUFk4Hs2C+Hd9Xzju

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a64663d43ed18823dd6383420bc5a7c6_JaffaCakes118

Files

a64663d43ed18823dd6383420bc5a7c6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5ff91e62322507b09ae5b6679d41c247

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

oraclient8

upidpr
kpusvcrh
OCIHandleFree
OCIDateTimeToText
upidsc
upigml
upibrn
OCIServerAttach
OCISessionBegin
OCIBindByName
OCIBindByPos
OCIPasswordChange
OCIDefineByPos
OCIDefineObject
OCIDescribeAny
OCIServerDetach
OCIStmtExecute
OCIStmtFetch
OCIDescriptorFree
upivsn
OCIAttrGet
OCIStmtGetBindInfo
OCIDescriptorAlloc
OCIErrorGet
OCIHandleAlloc
OCIParamGet
OCIStmtGetPieceInfo
OCIEnvInit
OCILobGetLength
OCILobRead
OCILobIsTemporary
OCILobFreeTemporary
OCIInitialize
OCIStmtPrepare
OCIResultSetToStmt
OCIAttrSet
OCIStmtSetPieceInfo
OCISessionEnd
OCITransCommit
OCITransRollback
upiarc
OCILogon
OCILogoff
upista8
upidbg
upisto
upiosd
upibnn
upial7
upicom
upiefn
upiver
kpusvc2hst
OCIIntervalToText
upiopn
upiosq
upidfn
upiexe
upifch
upicls
upih2o
upicpr

oracore8

ldxsto
ldxmxsz
lcvb24
lsf3olp
ldxmdsz
lstcpn
lcvb2w
lstup
lnxcpn
lnxscn
ldxstd
lnxfcn
lstcprs
lnxpfl
lmxconpar
lcvw2b
lnxsub
lstclo
lcv42b
lpminit
lpmdelete
lnxnfn
lnxnuc
lnxgfs
lctbnam
lnxnur
lnxadd
lnxmul
ldxini
sldxgd
ldxsti
ldxdts
lnxmin
slzgetevar
lstss
lnxsqr
lnxdiv
lpmterm
lsfini
lpmloadpkg
lstrtb
lnxsni

oran8

osnsui
osncui

oranls8

lxgratio
lxicmi
lxnchar
lxmcpl
lxncmp
lxi42b
lxscop
lxscat
lxscmp
lxwc2lx
lxipdd
lxncpl
lxmpuc
lxmlowx
lxisch
lxicds
lxicdp
lxmcpbx
lxicop
lxmc2wx
lxm2wlx
lxncpu
lxmalnx
lxmr2w
lxnbyte
lxncat
lxncps
lxrcpu
lxntrn
lxiskip
lxndssp
lxndisp
lxmcpen
lxmalpx
lxmdigx
lxmctex
lxhnlangid
lxscpu
lxhcnv
lxncop
lxhcsn
lxhnmod
lxscml
lxlinit
lxinitc
lxlterm
lmsagbf
lmsatrm
lxhcurrlangid
lmsaip
lmsacin
lmsacbn
lxmdssln
lxmdspx
lxmblax
lxt24s
lxicps
lxmcpcx
lxmopen
lxmspax
lxmfwdx
lxhlod
lxhlinfo
lxhnsize

oracommon8

slsprom
slfnp
OCITypeElemExtTypeCode
sldext
slspool

orageneric8

OCITypeAttrNext
OCITypeCollTypeCode
OCIObjectUnpin
OCIRefHexSize
OCIRefToHex
OCIStringSize
OCIStringPtr
OCIDateToText
OCINumberToText
OCIRawPtr
OCIRawSize
slgfn
OCITypeByName
OCITypeName
OCITypeTypeCode
OCIIterDelete
OCITypeIterFree
OCITypeElemName
OCIIterCreate
OCITypeIterNew
OCITypeAttrs
OCITypeCollSize
OCIIterNext
OCITypeCollElem
OCITypeElemLength
OCITypeElemType
OCITypeElemTypeCode
OCIObjectMarkDelete
OCIObjectGetAttr

orasql8

sqlrcn
sqlglm
sqlnul
sqlprc
sqlclu
sqlghp
sqlcxt
sqlald
sqlfcn

kernel32

CreateProcessA
WaitForSingleObject
CloseHandle
lstrcmpiA
ExitProcess

user32

MessageBoxA

msvcrt

_adjust_fdiv
_initterm
_strdup
__setusermatherr
_onexit
_strupr
_controlfp
_except_handler3
__dllonexit
__p__fmode
__p__commode
__set_app_type
perror
__p__iob
malloc
free
fprintf
sprintf
fopen
strchr
strcspn
_setjmp3
longjmp
strtol
fflush
printf
vfprintf
vsprintf
realloc
fclose
strncpy
_errno
strstr
fgets
strncat
memchr
strncmp
strtok
_itoa
_vsnprintf
_ftime
getenv
getc
clearerr
_exit
_XcptFilter
exit
__p___initenv
__getmainargs

Sections

.text
Size: 331KB - Virtual size: 331KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xqgnaoj
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5ff91e62322507b09ae5b6679d41c247

Headers

File Characteristics

Imports

oraclient8

oracore8

oran8

oranls8

oracommon8

orageneric8

orasql8

kernel32

user32

msvcrt

Sections

.text Size: 331KB - Virtual size: 331KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 39KB - Virtual size: 56KB

.idata Size: 7KB - Virtual size: 34KB

xqgnaoj Size: - Virtual size: 4KB

.text
Size: 331KB - Virtual size: 331KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 39KB - Virtual size: 56KB

.idata
Size: 7KB - Virtual size: 34KB

xqgnaoj
Size: - Virtual size: 4KB