ab3e1998cc2363968e51c21a2ed1bfe7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ab3e1998cc2363968e51c21a2ed1bfe7_JaffaCakes118
Size

865KB
MD5

ab3e1998cc2363968e51c21a2ed1bfe7
SHA1

e46146eb83b4f2f30b59ce312442f3f13588a9b6
SHA256

4aade38cfb2573828ca42243d39d4ee505e935a9aa30bda3458d10dcc035cb56
SHA512

e2a6c3345d34690771d733deb33ba6f4f535164d2467b685d23f8a599b643294d897623fb823fa7af4207b29d0b6e6ba749afd06f6b0ff8b0b838a2ce42da488
SSDEEP

24576:2vLkt0nq+Kf+1jGcySjjCUIw2nNR6VDbVxv1XJtipNd0S6oC:AAGq0kcyCjCm2nNR6VDbVxBfifR6o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab3e1998cc2363968e51c21a2ed1bfe7_JaffaCakes118

Files

ab3e1998cc2363968e51c21a2ed1bfe7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e3e5c215ea45e7250adf6d4da3dc7f29

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

odbccr32

SQLCancel
SQLPrepare
SQLEndTran
SQLCloseCursor
SQLParamData
SQLTransact
SQLSetPos
SQLSetDescRec
SQLMoreResults
SQLRowCount
SQLSetDescField
SQLGetData
SQLFetchScroll
SQLGetStmtOption
SQLSetConnectAttr
SQLExecDirect
SQLSetStmtAttr
SQLSetStmtOption
SQLParamOptions
SQLFetch
SQLNumParams
SQLGetInfo
SQLBulkOperations
SQLPutData
SQLBindCol

mapi32

MAPIResolveName
MNLS_CompareStringW@24
FtNegFt@8
ChangeIdleRoutine@28
FGetComponentPath@20
MNLS_lstrcpyW@8
MAPILogonEx
HrDecomposeEID@28
cmc_logoff
MAPIGetDefaultMalloc@0
FPropContainsProp@12
MNLS_WideCharToMultiByte@32
PropCopyMore@16
FtSubFt@16
UlPropSize@4
UlRelease@4
BuildDisplayTable@40
BMAPIGetAddress
MAPISendMail
HrAddColumnsEx@20
ScInitMapiUtil@4
MAPIOpenFormMgr@8
HrSetOmiProvidersFlagsInvalid
OpenStreamOnFile@24
UFromSz@4
ScCopyNotifications@16
FBadEntryList@4
MAPIInitialize
OpenIMsgOnIStg@44

regapi

RegWdEnumerateW
RegPdCreateA
RegPdDeleteA
RegDefaultUserConfigQueryW
RegWinStationQueryValueW
RegPdQueryW
RegDefaultUserConfigQueryA
RegWinStationCreateA
RegWdDeleteW
RegWinStationQueryW
RegWinStationQuerySecurityW
RegWinStationEnumerateW
RegMergeUserConfigWithUserParameters
RegConsoleShadowQueryW
RegWdQueryW
WaitForTSConnectionsPolicyChanges
RegWdEnumerateA
RegUserConfigSet
RegIsTServer
RegPdDeleteW
RegCdEnumerateA
RegGetMachinePolicyEx
RegBuildNumberQuery
RegCdEnumerateW
RegWdDeleteA
RegPdCreateW
RegWinStationDeleteW
RegDenyTSConnectionsPolicy
RegSAMUserConfig
RegWinStationEnumerateA
RegUserConfigRename
RegGetUserConfigFromUserParameters
RegCloseServer
RegGetUserPolicy

kernel32

GetDefaultCommConfigA
TlsAlloc
ReadDirectoryChangesW
LoadLibraryA
SetClientTimeZoneInformation
Module32FirstW
SetPriorityClass
QueryPerformanceFrequency
_lopen
GlobalAlloc
SetLastError
FatalAppExitW
BaseCheckAppcompatCache
GetTempFileNameW
GetOEMCP
GetSystemDefaultLangID
GetProcessShutdownParameters
GetVolumeNameForVolumeMountPointA
WriteConsoleOutputCharacterW
ChangeTimerQueueTimer
GetTempPathW
DeleteFileA
PrepareTape
GetLongPathNameW
SetFileShortNameA
GetLocaleInfoW
CallNamedPipeW
SetCommState
GetACP
GetProcessIoCounters
DisconnectNamedPipe
GetSystemPowerStatus
DuplicateConsoleHandle
GetLogicalDrives
GetDiskFreeSpaceA
WriteConsoleOutputCharacterA
SetVolumeMountPointW
WriteFileGather
CreateMailslotW
FindNextVolumeMountPointW
RemoveDirectoryA
HeapSize
IsDebuggerPresent
DelayLoadFailureHook
FindVolumeClose
GetThreadContext
GetConsoleOutputCP
InitializeCriticalSection
AreFileApisANSI
WriteFileEx
CreateDirectoryExW
ReadConsoleInputExW
MulDiv
IsBadWritePtr
GetThreadLocale
FormatMessageA
ProcessIdToSessionId
LoadLibraryExA
GetVolumePathNameA
FreeEnvironmentStringsW
CopyLZFile
InterlockedFlushSList
VirtualAlloc
RegisterConsoleVDM
WriteConsoleInputW
GetPrivateProfileIntA

Sections

.text
Size: 362KB - Virtual size: 362KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 350KB - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 149KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3e5c215ea45e7250adf6d4da3dc7f29

Headers

DLL Characteristics

File Characteristics

Imports

odbccr32

mapi32

regapi

kernel32

Sections

.text Size: 362KB - Virtual size: 362KB

.rdata Size: 350KB - Virtual size: 350KB

.data Size: 149KB - Virtual size: 1.6MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 362KB - Virtual size: 362KB

.rdata
Size: 350KB - Virtual size: 350KB

.data
Size: 149KB - Virtual size: 1.6MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB