e0f0628a883c6ac16e26bceb6bd80937_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e0f0628a883c6ac16e26bceb6bd80937_JaffaCakes118
Size

862KB
MD5

e0f0628a883c6ac16e26bceb6bd80937
SHA1

f81c61005ee5645472bdffba1575ec4554087234
SHA256

d5821a803e3bb053e829a301acfa9e262970eec9af45024c1c3b3e76dc1da3d0
SHA512

867a4a397c5fa39d045ad1c7c083867ac74a355a5d12b9dbccf075537171225156305f0c5b0505063227a634ec75e79d3448b402b05cd090293a6c2d5861cab4
SSDEEP

24576:j4K28XI9rpFF3fgqeFij3VhjvCGlVsA9OOv1RWt:cKernYFiPvrljIt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e0f0628a883c6ac16e26bceb6bd80937_JaffaCakes118

Files

e0f0628a883c6ac16e26bceb6bd80937_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fb636e3ec6d46be8efbf3159c1eaf3ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sqlunirl

__hwrite_@12
_SystemParametersInfo_@16
_GetToolsFilePath@16
_WinHelp@16
_CreateEnhMetaFile_@16
_GetLogicalDriveStrings_@8
_DefWindowProc@16
_GetClassInfo@12
_SetDefaultCommConfig_@12
AllocConvertMultiSZNameToAEx
_NDdeSetShareSecurity_@16
_FatalAppExit_@8
_NDdeGetShareSecurity_@24
_BackupEventLog_@8
_ReadConsoleInput_@16
_UnregisterClass_@8
_PrivilegedServiceAuditAlarm_@20
newMultiByteFromWideCharEx
_SetWindowsHook_@8
_GetMetaFile_@4
_Shell_NotifyIcon_@8
_GetMenuItemInfo_@16
_CharNext_@4
_LoadBitmap@8
_LoadString@16
_GetOpenFileName@4
_ChangeMenu_@20
_GetDefaultCommConfig_@12
_GetEnvironmentVariable_@12
_OpenService_@12
_GetDateFormat_@24
_lstrcat_@8
_GetFileAttributesEx_@12
_LookupPrivilegeValue_@12
_TextOut@20

kernel32

EnterCriticalSection
WriteConsoleOutputCharacterW
SearchPathA
MapUserPhysicalPages
InterlockedIncrement
SetCalendarInfoW
GetProcessWorkingSetSize
GetCPInfo
GetConsoleNlsMode
EnumCalendarInfoExA
EnumTimeFormatsA
DosPathToSessionPathW
ReadConsoleInputExA
GetModuleHandleW
SetCriticalSectionSpinCount
GetProcessShutdownParameters
GetEnvironmentStringsA
DeleteFileW
LZInit
GetFileType
GetVersion
WTSGetActiveConsoleSessionId
ConnectNamedPipe
LocalLock
ExpungeConsoleCommandHistoryA
GetStringTypeExW
GetPrivateProfileIntA
ReadConsoleA
MoveFileWithProgressA
SetLocalPrimaryComputerNameW
OpenProcess
ClearCommBreak
PulseEvent
ExpungeConsoleCommandHistoryW
OpenMutexW
CreateFileMappingW
ConvertDefaultLocale
_lclose
SetFileTime
RegisterWaitForSingleObject
RemoveDirectoryW
IsSystemResumeAutomatic
WriteProfileSectionW
GetNativeSystemInfo
GetSystemInfo
VDMConsoleOperation
AddAtomW
SearchPathW
SetEndOfFile
SetFileValidData
PurgeComm
LoadLibraryExA
GetConsoleKeyboardLayoutNameA
BaseCleanupAppcompatCacheSupport
HeapSize
_lcreat
SetSystemPowerState
CloseHandle
GetSystemPowerStatus
VirtualAlloc
AreFileApisANSI
LoadLibraryA
GetCPInfoExW
SetFilePointerEx
MoveFileExW
SystemTimeToFileTime
GetConsoleCursorInfo
DuplicateHandle
MapViewOfFile
GlobalUnWire
IsValidCodePage
HeapAlloc
VerifyVersionInfoA
DeleteVolumeMountPointW
CommConfigDialogW
OutputDebugStringA
SetConsoleTitleA
InitializeCriticalSection
WriteConsoleInputVDMW
lstrcmpW

wldap32

ldap_search_extW
ldap_free_controls
ldap_rename_extW
ldap_get_values_lenW
ldap_first_attributeW
ldap_modrdn_s
ldap_count_valuesW
ldap_dn2ufnA
ldap_close_extended_op
ldap_get_dn
ldap_abandon
ldap_parse_result
ldap_start_tls_sA
ldap_count_entries
ldap_result2error
ldap_get_dnA
ldap_next_entry
ldap_extended_operationA
ldap_parse_vlv_controlW
ber_bvfree
ldap_delete_ext_sW
ldap_modrdn
ldap_delete_ext
ldap_search_stA
ldap_first_entry
ldap_compare_extW
ldap_extended_operation_sW
ldap_modrdnA
ldap_create_sort_control
ldap_delete_ext_s
ldap_get_values_len
ldap_extended_operation_sA
ldap_add
ldap_free_controlsA
ldap_get_option
ldap_explode_dnW
ldap_value_freeA
ldap_escape_filter_elementW
ldap_parse_page_controlA
ldap_modrdn2
ber_first_element
ldap_compare_sW
ldap_delete_ext_sA
ldap_explode_dn

Sections

.text
Size: 416KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 318KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb636e3ec6d46be8efbf3159c1eaf3ca

Headers

DLL Characteristics

File Characteristics

Imports

sqlunirl

kernel32

wldap32

Sections

.text Size: 416KB - Virtual size: 416KB

.rdata Size: 318KB - Virtual size: 318KB

.data Size: 124KB - Virtual size: 1.6MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 416KB - Virtual size: 416KB

.rdata
Size: 318KB - Virtual size: 318KB

.data
Size: 124KB - Virtual size: 1.6MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB