dc0a827d0a04dbc4bc0557c6c2bae7e5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

dc0a827d0a04dbc4bc0557c6c2bae7e5_JaffaCakes118
Size

91KB
MD5

dc0a827d0a04dbc4bc0557c6c2bae7e5
SHA1

b1a61ed21a1c8d33ed967ba68600aba1820ffdb8
SHA256

0ec346ffbe4e058d09a786d14755bfdbb26591173e9ea9316094c942eb7995f4
SHA512

c34b107ed3176ee4e6abc771bf556d8deeffe0e346d9af7ef94ba4c061bac7e0e278db9bdbaa1bd9c7136546735763ae496f7573a55674e5d0d62d26561e3395
SSDEEP

1536:TiDHIZIzmZn40vGvJgKVbFPsEBAdnycCCbjb9EMpM3Ml3jttfUw5R5tgkWdyRulh:TJTrKVRvgnKLMW3MlHLVlulh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dc0a827d0a04dbc4bc0557c6c2bae7e5_JaffaCakes118

Files

dc0a827d0a04dbc4bc0557c6c2bae7e5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6606afe5c86de48266c8a2e5e4e3f9c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

resutils

ClusWorkerCheckTerminate
ResUtilAddUnknownProperties
ResUtilFindBinaryProperty
ResUtilFindSzProperty
ResUtilGetDwordProperty
ResUtilSetResourceServiceStartParameters
ResUtilPropertyListFromParameterBlock
ResUtilSetPrivatePropertyList
ResUtilFindExpandedSzProperty
ResUtilVerifyPrivatePropertyList
ResUtilEnumResourcesEx
ResUtilIsResourceClassEqual
ResUtilStopResourceService

kernel32

DebugBreakProcess
SetConsoleCursorInfo
MapUserPhysicalPagesScatter
SetConsoleCursor
VirtualAlloc
CreateSemaphoreW
IsBadHugeReadPtr
FlushViewOfFile
SetWaitableTimer
LoadLibraryA
SetClientTimeZoneInformation
UnhandledExceptionFilter
GetVersion
Heap32ListNext
GetConsoleHardwareState
GlobalLock
GetNumaNodeProcessorMask
GetTickCount
HeapSize
LocalFree

expsrv

__vbaVarForNext
EVENT_SINK2_AddRef
rtcVarFromVar
__vbaStrErrVarCopy
CreateIExprSrvObj
PutMemObj
__vbaMidStmtBstrB
__vbaVarIndexLoadRef
EVENT_SINK_AddRef
rtR4FromErrVar
__vbaVarTextCmpLe
rtcTrimBstr
__vbaAryRecMove
rtcGetTimer
__vbaStrCompVar

odbcjt32

SQLGetData
LoginDialogProc
SQLColumnsW
ConfigDSNW
LoadByOrdinal
SQLSpecialColumnsW
SQLStatisticsW
SQLDisconnect
SQLConnectW
SQLBindCol
SQLSetConnectAttrW
SelectIndexDlgProc
SQLDescribeColW

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6606afe5c86de48266c8a2e5e4e3f9c1

Headers

DLL Characteristics

File Characteristics

Imports

resutils

kernel32

expsrv

odbcjt32

Sections

.text Size: 41KB - Virtual size: 40KB

.data Size: 23KB - Virtual size: 32KB

.rsrc Size: 25KB - Virtual size: 25KB

.reloc Size: 512B - Virtual size: 300B

.text
Size: 41KB - Virtual size: 40KB

.data
Size: 23KB - Virtual size: 32KB

.rsrc
Size: 25KB - Virtual size: 25KB

.reloc
Size: 512B - Virtual size: 300B