04ff2adbb867c3d94140e4cb0dc09f01_JaffaCakes118

General

Target

04ff2adbb867c3d94140e4cb0dc09f01_JaffaCakes118
Size

1.1MB
MD5

04ff2adbb867c3d94140e4cb0dc09f01
SHA1

2d27b2c2d705af7802d0153da3ab5906775b274c
SHA256

0e250c61e2705e09cb49ac5424d5bed565fe11e130cd92cabf9dc62c8d11bfac
SHA512

c7fb38e06b318081bd7887a41c846114c8d809c268e1799b83e59bfc847d2752e32622e34cd53ed6aebfc6d476eba3805de57edad8e0ec1b58efba3d9c170a09
SSDEEP

24576:HZ7KEqp0MngZgMO1QDZpv/hyqJ98dUFuItPQjHnX0nYAIG6k2:HZGEiCg0v/5EdyQHEnd6k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04ff2adbb867c3d94140e4cb0dc09f01_JaffaCakes118

Files

04ff2adbb867c3d94140e4cb0dc09f01_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e6dfce9b615f2f7e259cdcd0817e9575

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

EndPaint
CreateWindowExA
DefWindowProcA
GetMessageA
RegisterClassA
SendMessageA
TranslateMessage
UpdateWindow
ShowWindow
DestroyWindow
BeginPaint
DispatchMessageA

kernel32

InterlockedIncrement
SetFilePointer
CreateNamedPipeA
SetProcessPriorityBoost
lstrlenA
FreeEnvironmentStringsA
GetThreadPriorityBoost
ExitProcess
GetLocalTime
GetSystemTimes
GetCurrentProcess
GetFileAttributesA
HeapFree
HeapAlloc
CreateEventA
CreateFileA
VerSetConditionMask
InterlockedExchange
VirtualAlloc
GetVersion
GetEnvironmentVariableA
OpenEventA
SetEvent
DisconnectNamedPipe
GetSystemTimeAsFileTime
HeapReAlloc
GetLastError
WaitForMultipleObjects
WaitNamedPipeA
GetNamedPipeHandleStateA
ReadFile
GetCurrentThread
InterlockedDecrement
GetEnvironmentStringsA
VirtualFree
CloseHandle
ConnectNamedPipe

odbc32

SQLGetDescField
ValidateErrorQueue
PostComponentError
SQLTransact
SQLGetConnectOption
SQLGetConnectAttrA
SQLDriverConnect
SQLNativeSql
SQLGetDescRecA
SQLColumnPrivilegesA
SQLFetch
SQLSpecialColumnsA
SQLGetDiagField
SQLGetDiagRecA
SQLColumnPrivileges
SQLProcedureColumns
SQLTablePrivileges
SQLDataSourcesA
SQLColumnsA
SQLSetStmtAttr
VFreeErrors
SQLGetStmtOption
SQLSetStmtOption
SQLSetScrollOptions
SQLSetStmtAttrA
SQLSetCursorNameA
SQLNumParams
SQLGetData
SQLDriversA
SQLConnect
SQLSetDescField
SQLAllocEnv
SQLAllocConnect

Sections

.text
Size: 588KB - Virtual size: 588KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 318KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 194KB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6dfce9b615f2f7e259cdcd0817e9575

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

odbc32

Sections

.text Size: 588KB - Virtual size: 588KB

.data Size: 318KB - Virtual size: 318KB

.rsrc Size: 194KB - Virtual size: 3.3MB

.text
Size: 588KB - Virtual size: 588KB

.data
Size: 318KB - Virtual size: 318KB

.rsrc
Size: 194KB - Virtual size: 3.3MB