F:\pb2\build\sb_0-3888882-1315589913.23\release\client\RelWithDebInfo\mysqlimport.pdb
Static task
static1
Behavioral task
behavioral1
Sample
c9169a67afa19ef9712a3f89a2e0ba09_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
c9169a67afa19ef9712a3f89a2e0ba09_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
c9169a67afa19ef9712a3f89a2e0ba09_JaffaCakes118
-
Size
3.8MB
-
MD5
c9169a67afa19ef9712a3f89a2e0ba09
-
SHA1
3cba96b8fce7115e9a9a1acde204d9de6178ce8f
-
SHA256
2f524283c4bfa7ad8373cbfc54c3462c4440ce711a4ef268015870529fa11b05
-
SHA512
cf413266f1423169fec31445683a1a73e1922c9a976faf017f7daf9ec03ddd91487d1a53f4c73fc5b0a818afb2d627ca81e1259fddc2f3afd60b19b0a627f3fb
-
SSDEEP
24576:teKhwF1gIz0BeU5bpiqThDIN5je/9T90RNGaNPYabffI78KJfkWfOmq:4iwEIUSeDw5mT90RJNPYaTIo8fLOd
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource c9169a67afa19ef9712a3f89a2e0ba09_JaffaCakes118
Files
-
c9169a67afa19ef9712a3f89a2e0ba09_JaffaCakes118.exe windows:5 windows x86 arch:x86
7a722563bd09944c55aa0060ba7b31a2
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
secur32
GetUserNameExW
FreeCredentialsHandle
DeleteSecurityContext
AcquireCredentialsHandleA
FreeContextBuffer
CompleteAuthToken
InitializeSecurityContextW
kernel32
GetSystemDirectoryA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
CloseHandle
SetNamedPipeHandleState
WaitNamedPipeA
GetLastError
CreateFileA
WaitForSingleObject
SetEvent
MapViewOfFile
OpenFileMappingA
UnmapViewOfFile
OpenEventA
GetConsoleCP
QueryPerformanceCounter
GetSystemTimeAsFileTime
QueryPerformanceFrequency
TryEnterCriticalSection
OpenThread
TerminateThread
Sleep
InterlockedCompareExchange
InitializeCriticalSection
DeleteCriticalSection
TlsGetValue
TlsFree
TlsSetValue
GetCurrentThreadId
TlsAlloc
InterlockedIncrement
CreateEventA
GetFileAttributesA
GetFullPathNameA
FindClose
FindNextFileA
FindFirstFileA
FreeLibrary
FormatMessageA
LoadLibraryExA
ReadFile
WriteFile
SetFilePointerEx
SetEndOfFile
GetStdHandle
GetFileSizeEx
DuplicateHandle
GetCurrentProcess
GetFileAttributesExA
FlushFileBuffers
ResetEvent
WaitForMultipleObjects
GetOverlappedResult
CancelIo
PeekNamedPipe
DisconnectNamedPipe
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleW
ExitProcess
GetCommandLineA
GetLocaleInfoA
HeapFree
HeapReAlloc
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
SetConsoleCtrlHandler
GetTimeZoneInformation
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FileTimeToSystemTime
FileTimeToLocalFileTime
SetEnvironmentVariableW
CreateThread
SetStdHandle
GetFileType
GetFileInformationByHandle
GetDriveTypeA
WriteConsoleW
GetModuleFileNameW
SetHandleCount
GetStartupInfoA
SetLastError
InterlockedDecrement
GetCurrentThread
FatalAppExitA
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
GetTickCount
GetCurrentProcessId
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
SetFilePointer
RtlUnwind
GetCurrentDirectoryA
SetCurrentDirectoryA
HeapSize
LoadLibraryW
GetLocaleInfoW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
CompareStringA
CompareStringW
SetEnvironmentVariableA
RaiseException
GetProcessHeap
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
ExitThread
advapi32
IsValidSid
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
GetTokenInformation
LookupAccountNameW
EqualSid
RegEnumValueA
RegCloseKey
RegOpenKeyExA
ws2_32
getsockname
freeaddrinfo
closesocket
WSAGetLastError
socket
getaddrinfo
ntohs
connect
WSACleanup
WSAStartup
ioctlsocket
__WSAFDIsSet
select
recv
send
setsockopt
shutdown
getnameinfo
getpeername
htonl
WSASetLastError
getservbyname
Sections
.text Size: 774KB - Virtual size: 773KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 123KB - Virtual size: 122KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2.9MB - Virtual size: 3.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 836B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ