d00224bea2079e49513574e9158eb976_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d00224bea2079e49513574e9158eb976_JaffaCakes118
Size

196KB
MD5

d00224bea2079e49513574e9158eb976
SHA1

b11e85e8eb68aae22e89a85066960fdbe9666123
SHA256

3467bb654581160ab9dd234f97504019a8388dd1cf766a44c895df4574de6e0c
SHA512

e815d330ae86cb9c7ef40bfd6ecd1967a15908ba21c94024f9321be3eb267639db3e63ecaed945bfaf9c14138dd20b043bb922847d3dcb96118d98e8d95c11cd
SSDEEP

6144:vmNDEM4z+CVYzBM2CYbrToHDf0BFE9z9RD:veDpCWzBM2CMToHosvRD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d00224bea2079e49513574e9158eb976_JaffaCakes118

Files

d00224bea2079e49513574e9158eb976_JaffaCakes118
.dll windows:6 windows x86 arch:x86

d74d46aeb31fc0a7f2be10cf22c99c22

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ODBCCU32.pdb

Imports

mfc42u

ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5710
ord5285
ord5303
ord4692
ord4074
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord815
ord5746
ord2980
ord1824
ord1853
ord2385
ord600
ord1571
ord6466
ord1250
ord1248
ord1563
ord1194
ord1240
ord342
ord1179
ord1570
ord1568
ord1173
ord1115
ord269
ord826
ord1165
ord3076
ord2971
ord3396
ord3825
ord3826
ord3820
ord3074
ord4075
ord4616
ord4418
ord3733
ord561
ord1863
ord353
ord1258
ord5579
ord268
ord1257
ord5647
ord3121
ord350
ord823
ord825
ord3658
ord1560
ord4078

msvcrt

_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
??1type_info@@UAE@XZ
_amsg_exit
free
malloc
_XcptFilter
_wcsicmp
_vsnwprintf
_wcsnicmp
memcpy
??_V@YAXPAX@Z
memset
??_U@YAPAXI@Z
_CxxThrowException
__CxxFrameHandler3
_initterm

user32

IsCharAlphaW
MessageBoxW

odbc32

CursorLibLockStmt
ord106
ord111
ord68
ord162
CursorLibLockDbc
ord119
ord12
ord48
ord49
ord16
ord24
ord3
ord51
ord13
ord43
ord18
ord63
ord72
ord26
ord64
ord20
ord4
ord31
CursorLibLockDesc
CursorLibTransact
ord145
ord61
ord46
ord150
ord139
ord176
VRetrieveDriverErrorsRowCol
ValidateErrorQueue
SearchStatusCode
PostODBCError
ord28
PostODBCComponentError
VFreeErrors
ord117
ord134
ord133
ord138
LockHandle
ord173
ord74
ord108

kernel32

VirtualAlloc
GetTempFileNameW
GetTempPathW
lstrlenW
VirtualQuery
GetVersion
FreeLibrary
LoadLibraryA
LocalFree
LocalAlloc
InterlockedExchange
Sleep
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
VirtualProtect
UnhandledExceptionFilter
SetUnhandledExceptionFilter
VirtualFree

Exports

Exports

DllGetClassObject
SQLBindCol
SQLBindParameter
SQLBulkOperations
SQLCancel
SQLCloseCursor
SQLEndTran
SQLExecDirect
SQLExecute
SQLExtendedFetch
SQLFetch
SQLFetchScroll
SQLFreeHandle
SQLFreeStmt
SQLGetData
SQLGetDescField
SQLGetDescRec
SQLGetInfo
SQLGetStmtAttr
SQLGetStmtOption
SQLMoreResults
SQLNativeSql
SQLNumParams
SQLParamData
SQLParamOptions
SQLPrepare
SQLPutData
SQLRowCount
SQLSetConnectAttr
SQLSetConnectOption
SQLSetDescField
SQLSetDescRec
SQLSetPos
SQLSetScrollOptions
SQLSetStmtAttr
SQLSetStmtOption
SQLTransact

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdbid
Size: 4KB - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d74d46aeb31fc0a7f2be10cf22c99c22

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc42u

msvcrt

user32

odbc32

kernel32

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 60KB

.data Size: 4KB - Virtual size: 9KB

.sdbid Size: 4KB - Virtual size: 444B

.rsrc Size: 116KB - Virtual size: 113KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 64KB - Virtual size: 60KB

.data
Size: 4KB - Virtual size: 9KB

.sdbid
Size: 4KB - Virtual size: 444B

.rsrc
Size: 116KB - Virtual size: 113KB

.reloc
Size: 4KB - Virtual size: 3KB