ad573e238a937033d1fc92e63727d820_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ad573e238a937033d1fc92e63727d820_JaffaCakes118
Size

1.1MB
MD5

ad573e238a937033d1fc92e63727d820
SHA1

07ba14f77cfe85ca53a44667d21c12d246321487
SHA256

40c9717c0d66f2cc3b99374fe2516ab54b7541f43d4ef21989992e25db02bea6
SHA512

3fc68f08e6f1b2b397e6147934a14d8b0267b0b2d1a4059452ab99380085284caf03f09a375699264417d45e535fdd512b4e1b5c89c6e3762d71ff862a8ed354
SSDEEP

24576:TWSG3qHrjnuGKq9ScaWaHmD452Dl3PEqiItAUOumS:6SKqH3uGKcSca1RVIrP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad573e238a937033d1fc92e63727d820_JaffaCakes118

Files

ad573e238a937033d1fc92e63727d820_JaffaCakes118
.exe windows:3 windows x86 arch:x86

95d5cafec8aa7fbb3a812af3531ab0c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

CreateWindowExA
TranslateMessage
DefWindowProcA
SendMessageA
EndPaint
RegisterClassA
DestroyWindow
GetMessageA
BeginPaint
ShowWindow
DispatchMessageA
UpdateWindow

odbc32

SQLTablePrivilegesA
SQLGetDescField
SQLFetch
SQLDescribeCol
SQLErrorA
SQLColAttribute
SQLColumnPrivilegesA
SQLPutData
SQLFreeHandle
VRetrieveDriverErrorsRowCol
SQLGetDescRecA
SQLGetFunctions
SQLSetDescField
SQLColAttributes
SQLTransact
SQLSetConnectAttrA
SQLDescribeParam
SQLColumns
SQLConnectA
SQLTablesA
SQLStatisticsA
SQLExtendedFetch
SQLGetTypeInfoA
SQLSetConnectOption
SQLGetStmtAttrA
SQLSetStmtOption
SQLFreeStmt
PostComponentError
SQLSetPos
SQLError
ODBCGetTryWaitValue
ODBCSetTryWaitValue
SQLConnect
SQLAllocHandleStd
SQLSetCursorNameA
SQLBrowseConnectA
SearchStatusCode
SQLEndTran

advpack

SetPerUserSecValues
ExtractFiles
DelNodeRunDLL32
DoInfInstall

kernel32

GetProcessHeap
VirtualFree
VirtualAlloc
ReadFile
HeapDestroy
lstrcmpA
CompareStringA
GetSystemInfo
InterlockedPushEntrySList
WaitForMultipleObjects
HeapLock
CloseHandle
DisconnectNamedPipe
HeapAlloc
TransactNamedPipe
InitializeSListHead
InterlockedCompareExchange
InterlockedPopEntrySList
SetFilePointer
HeapFree
InterlockedCompareExchange
CreateFileA
GetEnvironmentStringsA
HeapCreate
GetSystemTimes
lstrcpyA
CreateNamedPipeA
ExpandEnvironmentStringsA
HeapUnlock
FreeEnvironmentStringsA
ExitProcess
ConnectNamedPipe
GetStringTypeExA

Sections

.text
Size: 667KB - Virtual size: 667KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 375KB - Virtual size: 374KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

95d5cafec8aa7fbb3a812af3531ab0c6

Headers

DLL Characteristics

File Characteristics

Imports

user32

odbc32

advpack

kernel32

Sections

.text Size: 667KB - Virtual size: 667KB

.data Size: 375KB - Virtual size: 374KB

.rsrc Size: 67KB - Virtual size: 3.2MB

.text
Size: 667KB - Virtual size: 667KB

.data
Size: 375KB - Virtual size: 374KB

.rsrc
Size: 67KB - Virtual size: 3.2MB