c0798c46391df354ad37f73c9cb9c5d9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c0798c46391df354ad37f73c9cb9c5d9_JaffaCakes118
Size

152KB
MD5

c0798c46391df354ad37f73c9cb9c5d9
SHA1

90f8f7b8cfbfb01faef4c29ddc81267cddaf6476
SHA256

41b1e9219c53973c944a9f7a77bd4699b930e93ed32d2d2dfa43d57ab79332e2
SHA512

c2610210c28dd451a9cfb71aa351d5b6988e6248474d9c035f8b3673829f81797c90c29c8186132cca8b6d4d48482daab53bae3c473b95b36bae0875990b5f0e
SSDEEP

3072:nMEqWlhLnv2UMaP/On/ZTNHC6yQ/DZ5PP4P/JAwt4GqPNFGnkuf9pD:dlpnvP/O/ZZiYrZ6P/ywt4G4jGR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0798c46391df354ad37f73c9cb9c5d9_JaffaCakes118

Files

c0798c46391df354ad37f73c9cb9c5d9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9744d95b8ed7f4fc441b67b9152a5828

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcirt

??1ostream_withassign@@UAE@XZ
??5istream@@QAEAAV0@AAE@Z
??_Estreambuf@@UAEPAXI@Z
??_Eistream@@UAEPAXI@Z
?sync_with_stdio@ios@@SAXXZ
??0iostream@@IAE@XZ
?bitalloc@ios@@SAJXZ
??_Distream@@QAEXXZ
?rdbuf@stdiostream@@QBEPAVstdiobuf@@XZ
?setf@ios@@QAEJJ@Z
??4filebuf@@QAEAAV0@ABV0@@Z
?setp@streambuf@@IAEXPAD0@Z
?eback@streambuf@@IBEPADXZ
?setbuf@filebuf@@UAEPAVstreambuf@@PADH@Z
?attach@ifstream@@QAEXH@Z
??4ostream@@IAEAAV0@PAVstreambuf@@@Z
??_7logic_error@@6B@
??1Iostream_init@@QAE@XZ
?gptr@streambuf@@IBEPADXZ
??5istream@@QAEAAV0@AAI@Z
?write@ostream@@QAEAAV1@PBDH@Z
?sh_read@filebuf@@2HB
?floatfield@ios@@2JB
?pbase@streambuf@@IBEPADXZ
??0istream_withassign@@QAE@PAVstreambuf@@@Z
?binary@filebuf@@2HB
?rdbuf@fstream@@QBEPAVfilebuf@@XZ
?cout@@3Vostream_withassign@@A
?setbuf@strstreambuf@@UAEPAVstreambuf@@PADH@Z
?is_open@filebuf@@QBEHXZ
??0fstream@@QAE@PBDHH@Z
?osfx@ostream@@QAEXXZ
??_8ostream_withassign@@7B@
??0istream@@IAE@ABV0@@Z
??0fstream@@QAE@XZ
?unbuffered@streambuf@@IAEXH@Z
??0istrstream@@QAE@PAD@Z
?clrlock@streambuf@@QAEXXZ
?eof@ios@@QBEHXZ
??_Gofstream@@UAEPAXI@Z
??_Efstream@@UAEPAXI@Z
?get@istream@@IAEAAV1@PADHH@Z
?pword@ios@@QBEAAPAXH@Z
?seekoff@filebuf@@UAEJJW4seek_dir@ios@@H@Z
?peek@istream@@QAEHXZ

odbc32

SQLSetConnectOptionW
CursorLibTransact
SQLAllocStmt
SQLGetData
SQLPrepareW
SQLPrimaryKeysW
SQLProcedureColumnsW
OpenODBCPerfData
SQLCopyDesc
SQLCancel
SQLSetStmtOption
SQLGetConnectAttr
SQLSpecialColumnsW
SQLStatistics
SQLCloseCursor
SQLGetConnectOptionA
SQLProcedures
SQLNativeSqlW
SQLColumnPrivilegesA
ODBCGetTryWaitValue
SQLColAttributesA
SQLSetConnectOption
SQLGetDiagRecW
SQLSetConnectAttr
SQLSetConnectOptionA

wow32

W32HungAppNotifyThread
WOWGlobalLock16
WOWCallback16
WOWGlobalAlloc16
GetCommShadowMSR
WOWYield16
WOWGetVDMPointer
WOWGlobalFree16
WOWHandle32
W32Dispatch
W32Init
WOWGetVDMPointerFix
WOWFreeMetafile
WOW32ResolveHandle
WOWGlobalUnlock16
WOWGetVDMPointerUnfix
WOWHandle16
GetCommHandle
WOWDirectedYield16
WOW32ResolveMemory
WOWUseMciavi16
WOWGlobalUnlockFree16
CopyDropFilesFrom32
WOWGlobalLockSize16
WOWCallback16Ex
WOWGlobalAllocLock16
CopyDropFilesFrom16
WOW32DriverCallback

ntdll

RtlExtendedLargeIntegerDivide
ZwCreateWaitablePort
ZwQueryInstallUILanguage
RtlpUnWaitCriticalSection
RtlLargeIntegerSubtract
NtOpenFile
NtCreateDirectoryObject
NtResumeThread
NtSetSystemEnvironmentValue
_allmul
RtlInterlockedPushListSList
NtTraceEvent
NtAreMappedFilesTheSame
RtlAddAttributeActionToRXact
NtPrivilegedServiceAuditAlarm
ZwWaitForMultipleObjects
RtlZeroMemory
NtTerminateJobObject
ZwAccessCheckAndAuditAlarm
RtlActivateActivationContext
RtlCopySid
KiRaiseUserExceptionDispatcher
ZwCreateEvent
ZwPlugPlayControl
LdrFindResource_U
RtlDeactivateActivationContext

sqlsrv32

SQLBindParameter
FinishDlgProc
SQLProceduresW
SQLSpecialColumnsW
SQLNativeSqlW
SQLGetDiagFieldW
SQLTablePrivilegesW
SQLDescribeColW
SQLSetPos
SQLAllocHandle
TestDlgProc
SQLExecDirectW
ConnectDlgProc
SQLGetData
SQLNumParams
SQLTablesW
SQLBrowseConnectW
BCP_moretext
SQLCancel
SQLColAttributeW
SQLGetEnvAttr
SQLGetDescRecW
SQLBindCol
SQLEndTran
SQLDriverConnectW
SQLGetInfoW
SQLForeignKeysW
SQLDescribeParam
SQLSetConnectAttrW
SQLPutData
SQLSetCursorNameW
ConfigDriverW
SQLExecute
SQLDebug
SQLDisconnect
SQLConnectW
SQLNumResultCols
SQLGetDiagRecW
BCP_readfmt
BCP_done
BCP_control
SQLStatisticsW
BCP_init

kernel32

SetThreadUILanguage
GlobalAddAtomA
GetModuleHandleExW
CancelIo
DeleteCriticalSection
EnumTimeFormatsA
VirtualAlloc
FindCloseChangeNotification
GetNumaProcessorNode
GetConsoleCommandHistoryLengthW
GetAtomNameA
GetProcAddress
FindNextVolumeA
VerLanguageNameW
BuildCommDCBA
LeaveCriticalSection
CloseHandle
SetCommMask
SetCurrentDirectoryA
GetSystemDefaultLCID
GetModuleHandleW
ResetEvent
WritePrivateProfileSectionA
SetFirmwareEnvironmentVariableW
LoadLibraryA
ExitProcess
OpenWaitableTimerA
EnterCriticalSection
GetNumberOfConsoleMouseButtons
EnumResourceNamesA
RemoveLocalAlternateComputerNameW
ReleaseSemaphore
GetFileSizeEx

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9744d95b8ed7f4fc441b67b9152a5828

Headers

DLL Characteristics

File Characteristics

Imports

msvcirt

odbc32

wow32

ntdll

sqlsrv32

kernel32

Sections

.text Size: 33KB - Virtual size: 32KB

.rdata Size: 39KB - Virtual size: 39KB

.data Size: 78KB - Virtual size: 263KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 33KB - Virtual size: 32KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 78KB - Virtual size: 263KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB