ae0bc90cc0acb579afeed8bcccda27b9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ae0bc90cc0acb579afeed8bcccda27b9_JaffaCakes118
Size

868KB
MD5

ae0bc90cc0acb579afeed8bcccda27b9
SHA1

07be2b02a76f95a4fb10eec0c1e49c4bb60b0637
SHA256

a4dda2db2d52760d9123bc9709ddc6e3caf9443115327da9dbb9790975264ba8
SHA512

74c3e10dbaad7dcd3109a090a3e37cbbd4f56478227155f158fa432612f9b0412130a464ac119ba8acb4dece76a506d7574d4c6bd635c17888deed6d9d394033
SSDEEP

24576:e4zZvl1Y7RxcEa3wW4gXTB9ZftOjgFE/oeHTF:d9DYtxcEHHeXgEEwez

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ae0bc90cc0acb579afeed8bcccda27b9_JaffaCakes118

Files

ae0bc90cc0acb579afeed8bcccda27b9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b01f8d840756b7f4a225b984a599a817

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

TabbedTextOutA
LoadIconW
SetUserObjectInformationW
DefWindowProcW
RegisterClipboardFormatA
BroadcastSystemMessageExW
GetClipboardFormatNameA
DdeFreeStringHandle
GetLayeredWindowAttributes
EnumClipboardFormats
RemovePropA
CallNextHookEx
IsServerSideWindow
IsChild
DragDetect
GetQueueStatus
SendInput
CopyImage
TranslateMDISysAccel
GetLastInputInfo
CreateDialogIndirectParamAorW
GetDlgCtrlID
ChangeDisplaySettingsExA
FlashWindowEx
SetRect
GetInputDesktop
DragObject
UserClientDllInitialize
BroadcastSystemMessageW
DispatchMessageW
IMPSetIMEW
SetWindowStationUser
IsCharAlphaNumericW
ValidateRgn
GetTabbedTextExtentA
DdeFreeDataHandle
IsWindowUnicode
GetShellWindow
SetClipboardData
OemToCharA
EnumDisplayMonitors

odbcjt32

SQLCopyDesc
SQLSetCursorNameW
SQLGetInfoW
OpenDirHook
SQLTablesW
SQLPutData
SQLFetch
ConfigDSN
LoginDialogProc
SQLGetFunctions
SQLNumResultCols
SQLFetchScroll
SQLDisconnect
SQLBindParameter
SQLDescribeColW
SQLColumnsW
SQLConnectW
SQLFreeConnect
SQLSetEnvAttr
ConfigDSNExW
SQLSetDescRec
SQLSpecialColumnsW
SQLSetStmtAttrW
SQLSetPos
SQLGetDescRecW
SQLGetDiagRecW
SQLSetConnectAttrW
ConfigDialogProc
AdvancedDialogProc
SQLExecDirectW
SQLFreeStmt
SQLGetTypeInfoW
SQLBulkOperations
SQLProcedureColumnsW
SQLGetConnectAttrW

sqlunirl

_GetAtomName_@12
_GetLogicalDriveStrings_@8
_RegisterClassEx_@4
_RegConnectRegistry_@12
_GetDlgItemText@16
_EnumPropsEx_@12
_GetVersionEx@4
_ObjectDeleteAuditAlarm_@12
_GetSystemDirectory_@8
_CreateWindowEx@48
_DialogBoxIndirectParam_@20
_GlobalFindAtom_@4
_RegLoadKey_@12
_OemToCharBuff_@12
_RegSetValueEx_@24
_OemToChar_@8
_LoadIcon@8
_ExtTextOut@32
_CreatePropertySheetPage_@4
_GlobalGetAtomName_@12
_BuildCommDCB_@8
_CreateDialogParam_@20
_GetFileSecurity_@20
_DrawState_@40
_UnregisterClass_@8
_lstrcmp_@8
_CreateSemaphore_@16
_CompareString_@24
_GetKerningPairs_@12
_GetCharWidth_@16
_GetFileVersionInfoSize_@8
_MapVirtualKey_@8
_ChooseColor_@4
_GetMenuItemInfo_@16
_GetDateFormat_@24
_WinHelp@16
_NDdeSetShareSecurity_@16
_NDdeShareGetInfo_@28
AbortSystemShutdown_
_SetCurrentDirectory_@4
_GetTextExtentExPoint_@28

kernel32

TerminateThread
Heap32ListFirst
ResumeThread
LZInit
VirtualAlloc
GetCurrentThread
GlobalUnWire
WriteProfileSectionW
SetConsoleLocalEUDC
CancelDeviceWakeupRequest
OpenConsoleW
GetCurrentConsoleFont
IsDBCSLeadByteEx
ReadConsoleA
UTUnRegister
GlobalAlloc
GetConsoleCursorInfo
GetConsoleCursorMode
CreateNamedPipeA
EnumResourceLanguagesW
EnumSystemCodePagesA
FindNextFileA
GetLocaleInfoW
_lopen
UnregisterConsoleIME
GetConsoleFontInfo
SetProcessShutdownParameters
VirtualFree
OpenSemaphoreW
SetEnvironmentVariableW
SetProcessWorkingSetSize
FreeConsole
EnumLanguageGroupLocalesW
EnumResourceTypesW
LoadLibraryA
SetFileShortNameA
VirtualQueryEx
QueryPerformanceFrequency
SetLastError
CreateActCtxA
SetConsoleNlsMode
GetConsoleAliasExesA
GetEnvironmentStringsA
GetNumaNodeProcessorMask

wsnmp32

SnmpGetRetransmitMode
SnmpStrToEntity
SnmpFreeContext
SnmpSetRetry
SnmpGetTimeout
SnmpSetRetransmitMode
SnmpOidToStr
SnmpStrToContext
SnmpDecodeMsg
SnmpEncodeMsg
SnmpCancelMsg
SnmpFreeEntity
SnmpFreePdu
SnmpDuplicatePdu
SnmpCreateSession
SnmpDeleteVb
SnmpFreeVbl
SnmpSetPduData
SnmpStartup
SnmpRecvMsg
SnmpCreateVbl
SnmpSetTranslateMode
SnmpCleanup
SnmpFreeDescriptor
SnmpGetLastError
SnmpGetPduData
SnmpContextToStr
SnmpStrToOid
SnmpOidCompare
SnmpCountVbl
SnmpCreatePdu
SnmpOpen
_SnmpConveyAgentAddress@4
SnmpGetVendorInfo
SnmpRegister
SnmpSetVb
SnmpListen
SnmpClose
SnmpDuplicateVbl
SnmpSetTimeout
_SnmpSetAgentAddress@4
SnmpSetPort
SnmpGetVb

Sections

.text
Size: 183KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 393KB - Virtual size: 396KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 290KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b01f8d840756b7f4a225b984a599a817

Headers

DLL Characteristics

File Characteristics

Imports

user32

odbcjt32

sqlunirl

kernel32

wsnmp32

Sections

.text Size: 183KB - Virtual size: 184KB

.rdata Size: 393KB - Virtual size: 396KB

.data Size: 512B - Virtual size: 1.7MB

.rsrc Size: 290KB - Virtual size: 292KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 183KB - Virtual size: 184KB

.rdata
Size: 393KB - Virtual size: 396KB

.data
Size: 512B - Virtual size: 1.7MB

.rsrc
Size: 290KB - Virtual size: 292KB

.reloc
Size: 1024B - Virtual size: 4KB