d0d19e1f50e2923cd19739033ada4eac_JaffaCakes118

General

Target

d0d19e1f50e2923cd19739033ada4eac_JaffaCakes118
Size

1.1MB
MD5

d0d19e1f50e2923cd19739033ada4eac
SHA1

4872eebeebf2798458ae4c0f2b31f8498a78522b
SHA256

19d07d868641e11d1602aea6b495cdd336cbb4f3ae60b59086f67e019748ceff
SHA512

e6750a2801f196b75132bdd64f3040df7d37e5f9847f94d9277335a75c20297879fb0476708cda65d151a24ccf640c3e13cb9571db3a3d971e8cacc206ae366a
SSDEEP

24576:XLnqbYuo64uYHzyCt6+Oknq7vhI5k/1ZN6V:XvuiXHWPbtImdO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0d19e1f50e2923cd19739033ada4eac_JaffaCakes118

Files

d0d19e1f50e2923cd19739033ada4eac_JaffaCakes118
.exe windows:1 windows x86 arch:x86

0bc0b3ea9c731b2cdbe5255bc037539e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

UpdateWindow
GetMessageA
TranslateMessage
RegisterClassA
DefWindowProcA
CreateWindowExA
ShowWindow
DestroyWindow
DispatchMessageA
BeginPaint
SendMessageA
EndPaint

advpack

CloseINFEngine
IsNTAdmin
UserInstStubWrapper
ExtractFiles

odbc32

SQLConnect
SQLColAttribute
SQLColAttributesA
SQLGetDescFieldA
SQLColAttributeA
SQLSetDescFieldA
SQLFreeEnv
SQLDescribeParam
ODBCSetTryWaitValue
SQLPutData
SQLBulkOperations
SQLDriverConnectA
SQLGetDiagField
OpenODBCPerfData
SQLColumnsA
SQLExecute
GetODBCSharedData
SQLBrowseConnect
ODBCGetTryWaitValue
SQLGetStmtAttr
PostODBCError
SQLSetConnectAttrA
SQLPrepare
SQLNumParams
SQLRowCount
SQLBindParam
SQLStatistics
SQLSetDescRec
SQLErrorA
SQLGetDescRec
SQLCancel
SQLSetConnectOptionA
SQLFreeStmt
SQLSetStmtAttrA
SQLPrepareA

kernel32

lstrlenA
HeapFree
GetProcessHeap
FileTimeToLocalFileTime
SetNamedPipeHandleState
InterlockedCompareExchange
CreateNamedPipeA
GetSystemInfo
HeapLock
WaitForMultipleObjects
HeapAlloc
InterlockedDecrement
CreateFileA
HeapUnlock
ExitProcess
GetFileAttributesA
InterlockedIncrement
VirtualFree
SetFirmwareEnvironmentVariableA
CloseHandle
SetFilePointer
ReadFile
IsBadStringPtrA
GetFileAttributesExA
VirtualAlloc
GetFileTime
InitializeSListHead

Sections

.text
Size: 633KB - Virtual size: 633KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 382KB - Virtual size: 381KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 98KB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0bc0b3ea9c731b2cdbe5255bc037539e

Headers

DLL Characteristics

File Characteristics

Imports

user32

advpack

odbc32

kernel32

Sections

.text Size: 633KB - Virtual size: 633KB

.data Size: 382KB - Virtual size: 381KB

.rsrc Size: 98KB - Virtual size: 3.2MB

.text
Size: 633KB - Virtual size: 633KB

.data
Size: 382KB - Virtual size: 381KB

.rsrc
Size: 98KB - Virtual size: 3.2MB