bae905da4ee51ea0be52de95bff8163a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bae905da4ee51ea0be52de95bff8163a_JaffaCakes118
Size

108KB
MD5

bae905da4ee51ea0be52de95bff8163a
SHA1

e61c0823e05492afaedd01946c02307bb9b1c17b
SHA256

43a2ada6534b007e8332832c061e6f35d3a79991054077da6f282283d4d61fb4
SHA512

bde64c44e0a36df0bf1b8170e4f4ee739d5e08bee5acff368f148482cd43766b220bdf73b42c679bfd86ceb20b6756d2d9f463a0af1e0325874b68d1830d8d3e
SSDEEP

3072:L4g+AyOtwke55sSAisigJ/5jvrzrtSBSCsLs+yd148kDuWQez7Q:L4gNDwkSOSAiw3DuWQe4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bae905da4ee51ea0be52de95bff8163a_JaffaCakes118

Files

bae905da4ee51ea0be52de95bff8163a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2a0c7f8389affccb7626c67ee6702ea9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

sqlwoa

_MessageBox@16
_SendMessage@16
_MAKEINTRESOURCE@4
_FindResource@12
_SetWindowText@8
_CreateFontIndirect@4
_LoadLibrary@4
_GetComputerName@8
_LoadString@16
_DefWindowProc@16
_CreateFile@28

sqlwid

GetProcAddress_

sqlswa

?_WriteFileS@@YAHPAXPBXKPAKPAU_OVERLAPPED@@@Z

kernel32

WideCharToMultiByte
CreateThread
GetVersion
FreeLibrary
SetErrorMode
lstrcpynW
HeapAlloc
GetModuleFileNameW
WriteFile
GetPrivateProfileStringW
GetCommandLineW
LoadLibraryW
lstrcatW
lstrcpyW
GetProcAddress
lstrlenW
CreateFileW
WaitForSingleObject
lstrlenA
LoadLibraryA
LockResource
CreateEventA
OpenEventA
UnmapViewOfFile
MapViewOfFile
SetLastError
GetLastError
LoadResource
DeleteFileW
GetShortPathNameW
CopyFileW
GetModuleHandleA
LocalFree
FormatMessageA
LoadLibraryExA
lstrcatA
GetModuleFileNameA
GlobalFree
GlobalAlloc
GetVersionExA
SetFilePointer
SetStdHandle
FlushFileBuffers
GetLocaleInfoW
GetLocaleInfoA
GetFileType
GetStringTypeA
IsBadCodePtr
IsBadWritePtr
IsBadReadPtr
SetUnhandledExceptionFilter
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
Sleep
GetExitCodeThread
CloseHandle
HeapFree
GetProcessHeap
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryA
GetStringTypeW
GetStdHandle
SetHandleCount
GetOEMCP
GetACP
GetCPInfo
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LCMapStringW
LCMapStringA
MultiByteToWideChar
InterlockedDecrement
ExitProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetCommandLineA
GetStartupInfoA
InterlockedIncrement
RtlUnwind

user32

TranslateMessage
wsprintfA
wsprintfW
GetDesktopWindow
GetClientRect
ClientToScreen
MoveWindow
GetWindowRect
GetSystemMetrics
SetWindowPos
DestroyWindow
PostQuitMessage
SetWindowTextA
GetDlgItem
ShowWindow
UpdateWindow
LoadIconA
LoadCursorA
RegisterClassExA
MessageBoxA

gdi32

DeleteObject

advapi32

FreeSid
OpenSCManagerW
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
QueryServiceConfigW
ChangeServiceConfigW
CreateServiceW
EnumDependentServicesW
StartServiceW
ControlService
DeleteService
QueryServiceStatus
AllocateAndInitializeSid
LookupAccountSidW
OpenServiceW
CloseServiceHandle

odbc32

ord75
ord145
ord23
ord150
ord135
ord136
ord9
ord111
ord31
ord24
ord141

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 32KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rrdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2a0c7f8389affccb7626c67ee6702ea9

Headers

File Characteristics

Imports

sqlwoa

sqlwid

sqlswa

kernel32

user32

gdi32

advapi32

odbc32

Sections

.text Size: 52KB - Virtual size: 50KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 32KB - Virtual size: 37KB

.rsrc Size: 8KB - Virtual size: 5KB

.rrdata Size: 4KB - Virtual size: 4KB

.text
Size: 52KB - Virtual size: 50KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 32KB - Virtual size: 37KB

.rsrc
Size: 8KB - Virtual size: 5KB

.rrdata
Size: 4KB - Virtual size: 4KB