be64da83e86b7c950b55f5f755b769ea_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

be64da83e86b7c950b55f5f755b769ea_JaffaCakes118
Size

444KB
MD5

be64da83e86b7c950b55f5f755b769ea
SHA1

37bba810be2fb8c2a4c50e7e12c7d364bee2dcc8
SHA256

f2ce29bcded298393a10cddcb04efec70f9be103bd5ad703315e2b58b64db65b
SHA512

c7175ce944ca0388d2d9e5c933cb22eed75d2f7e849ebc97dc13e2ea5b87965a257d12cc493a4dc7ae93aa329e852b3c91290c8e7ad4da545bd11225cff94862
SSDEEP

12288:n+GtCDrM0L7NkhfSa/tfNLdxwh1TEXjjHuskl6aByLi6JnVBvYUikLba1Cg:+GtCDrMgExQwiYnvbika1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be64da83e86b7c950b55f5f755b769ea_JaffaCakes118

Files

be64da83e86b7c950b55f5f755b769ea_JaffaCakes118
.exe windows:4 windows x86 arch:x86

78fce2d042ba2e009cb15727b0d87364

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sql

IsamAlloc
IsamFree
sql_quant_one
sql_intquant
winrint
sql_basic_language
bcopy
sql_decode_date
sql_message
IsamExecLive
getwd
SysClose
SysOpen
SysOpenMust
sql_tabula_ini
IsamSigInterrupt
SysWrite
SysSeek
sql_insert_value_lines
IsamFileRename
IsamCoreAlloc
IsamCoreFree
IsamCoreRealloc
IsamCoreEnlarge
IsamCoreAllocSpace
IsamCoreReallocSpace
MemAlloc
SysSync
SysCreat
SysExists
numstrncmp
IsamStrncmp
strncpyr
IsamFileCopySimple
IsamSigMark
IsamKillMsg
sql_signal_remove_tmpfiles
IsamTmpPath
IsamModuleCheckOK
sql_set_rows
sql_tmpfile
TabulaMessageBox
HebrewFilter
SysRead
sql_prep
OraExit
sql_daylen
WinSandGlass
bzero
sql_realquant

user32

GetSystemMetrics
TranslateMessage
DispatchMessageA
RegisterClassA
CreateWindowExA
DefWindowProcA
PeekMessageA

msvcr80

fabs
sprintf
abs
vfprintf
strcat
strlen
getenv
vsprintf
fopen
getc
strncmp
strcmp
strcpy
_time32
strrchr
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
freopen
fclose
atoi
__iob_func
_chdir
_unlink
__argc
__argv
_fmode
strncpy
_controlfp_s

kernel32

GetFileTime
CloseHandle
GetSystemTime
GetLocalTime
GetFileAttributesA
GetPrivateProfileStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
GetModuleFileNameA
CreateFileA
GetPrivateProfileIntA
GetDriveTypeA
GetVersion
SetFileTime

Sections

.text
Size: 152KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 280KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78fce2d042ba2e009cb15727b0d87364

Headers

File Characteristics

Imports

sql

user32

msvcr80

kernel32

Sections

.text Size: 152KB - Virtual size: 149KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 280KB - Virtual size: 294KB

.rsrc Size: 4KB - Virtual size: 664B

.text
Size: 152KB - Virtual size: 149KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 280KB - Virtual size: 294KB

.rsrc
Size: 4KB - Virtual size: 664B