ce199adaa3d220ad2e3a1f4ac37a874e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ce199adaa3d220ad2e3a1f4ac37a874e_JaffaCakes118
Size

64KB
MD5

ce199adaa3d220ad2e3a1f4ac37a874e
SHA1

e1e78d8276ef016b1efebff91a3f5842896c4bb7
SHA256

9362172c45300b2cab09ac78e943f2c84f030db3a0bc9cdc2a825b81477eb984
SHA512

8bc52025bad379a3a99fa2bfa89bb912538d3d305063510a9b522a980de0680fe6f3ebf384bd9093b954a124d15802dead51b65932c2f402023a8a57e4141aee
SSDEEP

1536:jrPdlpLYQvua+Usdu19UPKUBR4OkBBiVKzFXF3JTm484:jZlFYFaRsXK+iBBiKF5Ti4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ce199adaa3d220ad2e3a1f4ac37a874e_JaffaCakes118

Files

ce199adaa3d220ad2e3a1f4ac37a874e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

82322973cd5d9faf0c1f0c1f8b3cce07

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

odbctrac

TraceSQLStatistics
TraceSQLProcedureColumns
TraceReturn
TraceSQLColumnPrivilegesW
TraceSQLAllocStmt
TraceSQLSetStmtOption
TraceSQLGetDiagRecW
TraceSQLGetDescRec
TraceSQLGetConnectOption
TraceSQLDescribeParam
TraceSQLFetchScroll
TraceSQLGetDescFieldW
TraceSQLBrowseConnectW
TraceSQLFreeStmt
TraceSQLGetCursorNameW
TraceSQLGetTypeInfoW
TraceSQLPrimaryKeysW
TraceSQLAllocHandleStd
TraceSQLAllocEnv
TraceSQLExecDirect
TraceSQLBrowseConnect
TraceSQLPrimaryKeys
TraceSQLGetInfoW
TraceSQLErrorW
TraceSQLError
TraceSQLParamOptions

rpcrt4

NdrUserMarshalSimpleTypeConvert
NdrCorrelationFree
NdrNonConformantStringBufferSize
NdrClearOutParameters
RpcSmGetThreadHandle
UuidFromStringW
NdrCreateServerInterfaceFromStub
NdrDllUnregisterProxy
NdrMesSimpleTypeEncode
data_from_ndr
CreateStubFromTypeInfo
NdrClientInitializeNew
RpcMgmtInqStats
NdrNonEncapsulatedUnionUnmarshall
NdrFixedArrayFree
RpcAsyncInitializeHandle
NdrRpcSsEnableAllocate
NdrNsSendReceive
NdrPointerMemorySize
IUnknown_Release_Proxy
NdrpGetProcFormatString
NdrComplexStructMemorySize
RpcServerUnregisterIf
RpcStringBindingParseW
I_RpcTransDatagramFree
pfnUnmarshallRoutines
RpcServerUseProtseqEpExA
TowerConstruct
RpcRevertToSelf
RpcBindingSetAuthInfoExW
NdrVaryingArrayUnmarshall
NdrProxyInitialize
NdrConformantVaryingArrayBufferSize
NdrMesProcEncodeDecode
tree_into_ndr
NdrInterfacePointerFree
RpcStringFreeA
RpcServerUseProtseqEpW
RpcServerInqDefaultPrincNameW
RpcRevertToSelfEx
I_RpcBindingHandleToAsyncHandle
RpcServerInqDefaultPrincNameA
NdrRpcSmClientAllocate
I_RpcAllocate
RpcMgmtInqServerPrincNameW
NdrFullPointerFree
NdrPartialIgnoreServerInitialize
NdrComplexArrayUnmarshall
NdrSimpleTypeUnmarshall
I_RpcConnectionSetSockBuffSize
NdrClientContextUnmarshall
SimpleTypeMemorySize
NdrGetSimpleTypeBufferAlignment
RpcSsGetThreadHandle
NdrByteCountPointerFree
RpcEpRegisterNoReplaceW

advapi32

IdentifyCodeAuthzLevelW
WmiNotificationRegistrationA
QueryRecoveryAgentsOnEncryptedFile
GetNamedSecurityInfoExW
RegCreateKeyExA
LockServiceDatabase
AccessCheck
AccessCheckByTypeAndAuditAlarmA
LsaCreateSecret
LsaOpenSecret
ElfOpenEventLogA
SaferRecordEventLogEntry
StartServiceCtrlDispatcherA
GetSecurityInfoExW
GetSidLengthRequired
WmiQueryAllDataW
GetSidSubAuthority
SystemFunction010
GetPrivateObjectSecurity
ConvertStringSidToSidA
SystemFunction020
GetServiceDisplayNameA

sqlsrv32

BCP_done
SQLGetData
SQLParamOptions
SQLNativeSqlW
SQLSetDescFieldW
SQLBindCol
SQLGetConnectAttrW
SQLColumnPrivilegesW
SQLBindParameter
SQLPutData
BCP_collen
SQLBulkOperations
BCP_bind
WizIntSecurityDlgProc
LibMain
SQLGetCursorNameW
SQLNumResultCols
SQLGetDiagFieldW
SQLRowCount
BCP_init

oleaut32

QueryPathOfRegTypeLib
LHashValOfNameSysA
VarUI2FromI8
OleCreatePropertyFrameIndirect
SysReAllocString
VarUI4FromI2
VarBstrFromCy
VariantClear
VarI4FromR4
VarR4FromI8
SysAllocStringByteLen
VarI8FromCy
VarUI1FromBool
VarFormatPercent
VarDecAdd
BSTR_UserFree
VarBoolFromI4
VarCyInt
VarUI1FromR4
VarUI4FromDec
VarBstrFromR4
VarUI1FromI1
SafeArrayDestroyData
SafeArrayAllocDescriptor

kernel32

RtlZeroMemory
DefineDosDeviceW
BindIoCompletionCallback
GetSystemTime
GetProcAddress
SetStdHandle
FillConsoleOutputCharacterA
GetCurrentThreadId
MoveFileA
Process32First
WritePrivateProfileSectionW
SetLocalTime
GetTickCount
PostQueuedCompletionStatus
GetCurrentProcessId
VirtualAlloc
GlobalHandle
LoadLibraryA
GetModuleHandleW
CallNamedPipeW
QueryPerformanceCounter
SetCurrentDirectoryA
GetStartupInfoW
SetHandleInformation
GetFileAttributesExA
GetVersionExA
LoadLibraryW
lstrlenA
GetConsoleAliasExesW
CreateWaitableTimerA

wldap32

ldap_delete_ext_s
ldap_compare_extA
ldap_create_sort_control
ldap_set_dbg_flags
ldap_msgfree
ldap_modrdn2_sA
ldap_next_attributeW
ldap_free_controlsA
ldap_extended_operation
ldap_start_tls_sA
ldap_add_sA
ldap_controls_free
ldap_memfreeA
ldap_modrdn2
ldap_rename_ext_sA
ldap_search_sW
ldap_count_entries
ldap_simple_bind_sA
ldap_create_page_controlA
ldap_parse_page_control

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

82322973cd5d9faf0c1f0c1f8b3cce07

Headers

DLL Characteristics

File Characteristics

Imports

odbctrac

rpcrt4

advapi32

sqlsrv32

oleaut32

kernel32

wldap32

Sections

.text Size: 9KB - Virtual size: 8KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 14KB - Virtual size: 97KB

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: 512B - Virtual size: 360B

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 14KB - Virtual size: 97KB

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 512B - Virtual size: 360B