019c8953aee6c3d98d18098f356c9120_JaffaCakes118 | Triage

Sharing

General

Target

019c8953aee6c3d98d18098f356c9120_JaffaCakes118
Size

64KB
MD5

019c8953aee6c3d98d18098f356c9120
SHA1

2ee81014d8a1e6f99372fadb921df5b1915855b5
SHA256

efc3496e84f9a2add527e37fb480b99cbaf3eb4ee8a088c6911ef9e03558ad2d
SHA512

a1792445686624e0cc461dd828f2dc6636bf1ce3ecafc43b3c77bc1e32cea6fb1c738d0fde1a4f10129e33d059d3ce61ad814110b8bae19023e84bb615d1c3b1
SSDEEP

768:LSk6JmDKlsoesXHgHYCPr285Wy4RAd/zq96:LR4yrMg/jl5WdyVT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
019c8953aee6c3d98d18098f356c9120_JaffaCakes118

Files

019c8953aee6c3d98d18098f356c9120_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f361e987587dfde73a6cea8fa13d0801

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

odbctrac

TraceSQLFetch
TraceSQLConnect

kernel32

CreateEventA
FoldStringW
GetCurrentDirectoryA
WriteFile
CreateMutexA
CopyFileA
InterlockedExchange
LoadLibraryA
WriteProcessMemory
GetDateFormatW
ExpandEnvironmentStringsA
GetCurrentThreadId
HeapCreate
CompareStringA
GetTickCount
GetNumberFormatA
GetEnvironmentVariableA
GetFullPathNameA
GetPrivateProfileIntA
SleepEx
GetTimeFormatA
GetProcessHeap
GetAtomNameA
SetFileAttributesW
GetDiskFreeSpaceA

user32

IsDialogMessageA
wsprintfA
GetWindowLongA
SetFocus
LoadCursorA
GetCaretPos
DialogBoxParamW
GetWindowTextA
DrawIcon
ShowWindow
CharToOemA
LoadImageA

tapi32

lineAccept
lineAnswer
lineClose
LOpenDialAsst
LAddrParamsInited

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ