02870252f0a3b8fcb9b5a6a3891bed10_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

02870252f0a3b8fcb9b5a6a3891bed10_JaffaCakes118
Size

296KB
MD5

02870252f0a3b8fcb9b5a6a3891bed10
SHA1

a310bd9cff5dcc13d7f095dc510d70400617f971
SHA256

1ee2f4af36cf71d54da9f7beb3b8a0688f0c3f6ad1ce9d6d0a499f80c41de66a
SHA512

644ac7c2fdd30fdced15558df44442279c446c21a7f5890a97f8eb2b8b6199e0b1a0b0b6de4eac774486cc6dd2d30ce5e07877c56c3c1d6cf133e3577626338d
SSDEEP

6144:GwzVPodVZYjm6iShTKz6eW56uE+W01gew+OMtwnhVlMd9N2uC:GyxgVujmLJbJ01giOMtwhVl2FC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02870252f0a3b8fcb9b5a6a3891bed10_JaffaCakes118

Files

02870252f0a3b8fcb9b5a6a3891bed10_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5c44a83bccca162e711409ab0e5f55de

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiA
GetDriveTypeA
GetPrivateProfileStringW
lstrlenA
lstrcmpiA
GetExitCodeProcess
Sleep
GetModuleHandleA
GetStdHandle
HeapCreate
SetLastError
lstrcmpiA
lstrcmpiA
GetTickCount
IsValidCodePage
CreateNamedPipeA
GetBinaryTypeW
EndUpdateResourceW
TlsFree
FileTimeToLocalFileTime
CreateWaitableTimerW
lstrcmpiA
GetLogicalDrives

odbccp32

SQLGetTranslator
SQLGetInstalledDrivers
SQLConfigDataSource
SQLInstallDriver

Sections

.text
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 288KB - Virtual size: 292KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.orpc
Size: 1024B - Virtual size: 631B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ