defe9cdd4d62795f0a7e7e15bd97af92_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

defe9cdd4d62795f0a7e7e15bd97af92_JaffaCakes118
Size

108KB
MD5

defe9cdd4d62795f0a7e7e15bd97af92
SHA1

33be6677bd9b0be493da9e92af7b18839a51bc17
SHA256

86cfe1b2efde78635bffd5872fc63def489cb120b5e00f28d3d89863715e70d3
SHA512

3f2c7f3c9fd19d3e72822b59331f8a359bc77d45127cb7e107a7068e107d8381eb9b39ac1134e87ebeabba7f998f214d10ada16613510f3c039cf154aea453dd
SSDEEP

3072:eQ5l5uVeFsTAwNK/elSzmYkddpPSayvwZ6t2sw8YkVXa8xsr1eVgEh9Te4frpv4G:eqlIe2Aw+elGedZSayvwZ6tNYGK8xw1v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
defe9cdd4d62795f0a7e7e15bd97af92_JaffaCakes118

Files

defe9cdd4d62795f0a7e7e15bd97af92_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ad7884add2dd289450fe84f7c763ffe2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

perl510

Perl_newXS
Perl_Isv_undef_ptr
Perl_Imarkstack_max_ptr
Perl_markstack_grow
Perl_sv_2iv_flags
Perl_Istack_max_ptr
Perl_stack_grow
Perl_newSVnv
Perl_sv_2mortal
Perl_newSVpv
Perl_get_context
Perl_Istack_sp_ptr
Perl_Imarkstack_ptr_ptr
Perl_Istack_base_ptr
Perl_croak_nocontext
Perl_sv_2pv_flags
Perl_sv_newmortal
Perl_sv_setiv

kernel32

GetProcAddress
FreeConsole
CloseHandle
GetModuleHandleA
GetSystemDirectoryA
CreateFileA
GetFileSize
MoveFileExA
GetModuleFileNameA
LocalAlloc
LocalLock
LocalUnlock
LocalFree
LoadLibraryA
FreeLibrary
WriteConsoleA
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThreadId
LeaveCriticalSection

odbc32

ord57
ord71
ord20
ord61
ord51
ord44
ord23
ord45
ord68
ord17
ord21
ord47
ord40
ord54
ord59
ord11
ord1
ord50
ord10
ord3
ord9
ord14
ord2
ord16
ord46
ord18
ord6
ord8
ord4
ord41
ord42

msvcrt

_initterm
malloc
_adjust_fdiv
_stricmp
strchr
toupper
strcspn
strncpy
strcat
strcpy
__CxxFrameHandler
sprintf
_errno
strncmp
_strnicmp
strcmp
memcpy
strlen
??2@YAPAXI@Z
memset
??3@YAXPAX@Z
free

user32

MessageBoxA
wsprintfA

Exports

Exports

_boot_Win32__ODBC
boot_Win32__ODBC

Sections

.text
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad7884add2dd289450fe84f7c763ffe2

Headers

File Characteristics

Imports

perl510

kernel32

odbc32

msvcrt

user32

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 65KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 68KB - Virtual size: 65KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB