0140d859f54d746075208379cdc89bdb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0140d859f54d746075208379cdc89bdb_JaffaCakes118
Size

572KB
MD5

0140d859f54d746075208379cdc89bdb
SHA1

dffffd110ff0326837b084c02a8fa82c44186b3f
SHA256

b9a9407076d694298c6c8cf9df7421897ef64662c07bd63e261eacbeb4aede3d
SHA512

e3a99e6c10bea16deadac40d10c0abb8b5972fef8b2dcd45e3653a2307f7feef534e9db9707c3b10f690b95bc4d85f54164ac6da4ea54d304f03bc1aedd950aa
SSDEEP

3072:eV3BEPBGM4vHZ3IQ3f1dWHRvOLD+PlJrWOi6UDAs+yd148kDuWQezPSR3Bg1gEo:eV3OBuvHZYQXWxvlrWOP3DuWQej6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0140d859f54d746075208379cdc89bdb_JaffaCakes118

Files

0140d859f54d746075208379cdc89bdb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

976bd6bd4e9117e9ac7d679bab8a690b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

imagehlp

SymGetModuleBase
SymGetModuleInfo
StackWalk
SymFunctionTableAccess
SymInitialize
SymSetOptions
SymUnDName
SymGetSymFromAddr
SymCleanup

odbc32

ord2
ord16
ord142
ord5
ord150
ord3
ord145
ord51
ord139
ord107
ord141
ord9
ord1
ord14
ord110
ord23
ord111
ord106
ord13
ord43

odbcbcp

ord9
ord12
ord4
ord8
ord18

sqlwoa

_GetComputerName@8
_FormatMessage@28
_CreateFile@28
_LoadString@16
_GetVersionEx@4
_DeleteFile@4

atl

ord32
ord16
ord17
ord20
ord23
ord18
ord22

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

GetCommandLineA
ReadFile
CreateFileMappingA
LoadLibraryExA
LocalFree
GetSystemDefaultLangID
GetLastError
CloseHandle
CreateEventA
ResetEvent
SetEvent
WaitForMultipleObjects
CreateThread
WaitForSingleObject
MultiByteToWideChar
SetFilePointer
GetStdHandle
ReleaseMutex
WriteFile
WideCharToMultiByte
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleFileNameA
FreeLibrary
GetModuleHandleA
FormatMessageA
LoadLibraryA
lstrlenA
lstrcatA
lstrcpyA
ExpandEnvironmentStringsA
lstrlenW
GetSystemInfo
GetProcAddress
GetFileSize
UnmapViewOfFile
MapViewOfFile
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetErrorMode
GetLocalTime
GetTickCount
HeapFree
FlushFileBuffers
ReadProcessMemory
HeapAlloc
GetProcessHeap
GetCurrentProcess
GetEnvironmentVariableA
CreateFileA
QueryPerformanceFrequency
GlobalMemoryStatus
GetVersionExA
SetConsoleScreenBufferSize
GetConsoleScreenBufferInfo
SetConsoleCtrlHandler
AllocConsole
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement

user32

MessageBoxA
wsprintfA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
MakeSelfRelativeSD
GetSecurityDescriptorLength
RegOpenKeyA
SetSecurityDescriptorDacl
GetTokenInformation
OpenProcessToken
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetLengthSid
CopySid
InitializeSecurityDescriptor

ole32

CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoTaskMemFree
CoCreateInstance

oleaut32

LoadRegTypeLi
SysFreeString
GetErrorInfo

msvcrt

fclose
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_strnicmp
wcschr
malloc
time
localtime
asctime
strchr
iswalpha
__set_app_type
__dllonexit
_onexit
??1type_info@@UAE@XZ
_controlfp
strstr
_iob
iswspace
freopen
wcscat
_wcsicmp
_wsplitpath
swscanf
wcscmp
wcsncmp
wprintf
??3@YAXPAX@Z
wcsncpy
_purecall
wcsstr
??2@YAPAXI@Z
wcscpy
wcslen
wcsrchr
_vsnwprintf
_wstrtime
swprintf
wcsncat
strncpy
_wstrdate
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
_mbsrchr
strcpy
_CxxThrowException
_except_handler3
_beginthreadex
_wcsnicmp
free
sprintf
printf
_wcsdup
_wcslwr

Sections

.text
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 428KB - Virtual size: 444KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

976bd6bd4e9117e9ac7d679bab8a690b

Headers

File Characteristics

Imports

imagehlp

odbc32

odbcbcp

sqlwoa

atl

version

kernel32

user32

advapi32

ole32

oleaut32

msvcrt

Sections

.text Size: 96KB - Virtual size: 93KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 28KB - Virtual size: 30KB

.rsrc Size: 428KB - Virtual size: 444KB

.text
Size: 96KB - Virtual size: 93KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 28KB - Virtual size: 30KB

.rsrc
Size: 428KB - Virtual size: 444KB