0db4be91b4a7b3a1213d471f8a63a6c4_JaffaCakes118

General

Target

0db4be91b4a7b3a1213d471f8a63a6c4_JaffaCakes118
Size

1.1MB
MD5

0db4be91b4a7b3a1213d471f8a63a6c4
SHA1

37fb3bb03cdd955c8c4dfa6eef18d5a21e3e5214
SHA256

ee79b6104f74357dac6e42714f3b68c8587de3442fea3a8f5a977082fcda7259
SHA512

4abb11a7b46d556dfcc45c854b74c708cac04f258eeceae7ece29479d83dca6ad1e4815867b47f440976958fe53e374e30a5b788825ab0e5c0c01e9e7485098e
SSDEEP

24576:RR2lTsmCoA3f62whuFg8XC/cLYHG389L:RzRvf62pBYGs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0db4be91b4a7b3a1213d471f8a63a6c4_JaffaCakes118

Files

0db4be91b4a7b3a1213d471f8a63a6c4_JaffaCakes118
.exe windows:0 windows x86 arch:x86

f590bfa49536597ce6516cfb19497c65

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

adsldpc

BuildLDAPPathFromADsPath2
ADsEnumClasses
ADsGetLastError
AdsTypeToLdapTypeCopyTime
ADsFreeColumn
ADSISetObjectAttributes
ADsWriteAttributeDefinition
AdsTypeToLdapTypeCopyDNWithBinary
FreeADsStr
InitObjectInfo
GetDomainDNSNameForDomain

kernel32

CloseHandle
GetNamedPipeHandleStateA
GetCurrentThreadId
CreateNamedPipeA
GetFileAttributesA
HeapSize
HeapAlloc
lstrcatA
HeapDestroy
GetCurrentProcessId
ReadFile
TryEnterCriticalSection
GetLocalTime
CreateFileMappingA
HeapCreate
SetFirmwareEnvironmentVariableA
WaitForMultipleObjects
DeleteFileA
PeekNamedPipe
ConnectNamedPipe
MapViewOfFile
InitializeCriticalSection
LeaveCriticalSection
SetFilePointer
UnmapViewOfFile
ExitProcess
HeapFree
CreateFileA

odbc32

SQLSetStmtAttrA
SQLFetch
SQLProcedureColumns
SQLMoreResults
SQLSetStmtAttr
SQLNumResultCols
SQLFetchScroll
SQLSetConnectOption
SQLColumnPrivileges
SQLParamData
SQLConnectA
SQLColAttribute
SQLGetConnectAttrA
SQLGetData
CursorLibLockStmt
SQLCancel
SQLPrepareA
SQLSetStmtOption
SQLGetStmtOption
SQLExecDirect
SQLGetConnectOption
SQLCopyDesc

Sections

.text
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 773KB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f590bfa49536597ce6516cfb19497c65

Headers

DLL Characteristics

File Characteristics

Imports

adsldpc

kernel32

odbc32

Sections

.text Size: 185KB - Virtual size: 185KB

.data Size: 154KB - Virtual size: 154KB

.rsrc Size: 773KB - Virtual size: 3.8MB

.text
Size: 185KB - Virtual size: 185KB

.data
Size: 154KB - Virtual size: 154KB

.rsrc
Size: 773KB - Virtual size: 3.8MB