0f96bcc781f69524b72a2fde0ae0d816_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0f96bcc781f69524b72a2fde0ae0d816_JaffaCakes118
Size

848KB
MD5

0f96bcc781f69524b72a2fde0ae0d816
SHA1

a4c3005379f4561db4ab31a68db115bc4b5ae824
SHA256

d5ccdd2e686471fb06c17e00353c5813d3d6420ffc7f94c362e781b9018fef97
SHA512

3d93623d9ddb174080434e447f1a5a1db52d572a7845f717b404961c98489d43e245b175418f7fc7198167bf240aca6d37090054b2d32d5af6035493d16332ec
SSDEEP

24576:hDSC+De7uBHe7ly/5h1rbHLUXdI+WI93nN:hDdyR+7lQNHIXi+WQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f96bcc781f69524b72a2fde0ae0d816_JaffaCakes118

Files

0f96bcc781f69524b72a2fde0ae0d816_JaffaCakes118
.exe windows:5 windows x86 arch:x86

41042d1eafaff257dba4e9a1c93a9d1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CopyAcceleratorTableW
MessageBeep
DrawEdge
GetAsyncKeyState
InsertMenuItemA
DdeCreateDataHandle
SetRect
DefMDIChildProcW
GetComboBoxInfo
EnumDisplaySettingsExA
SetWindowTextW
CloseDesktop
ScrollDC
IsDialogMessage
GetMenuItemCount
OemToCharA
CallNextHookEx
keybd_event
IsDialogMessageA
SetWindowRgn

kernel32

EraseTape
LoadLibraryA
FatalExit
HeapCreate
LZCloseFile
IsValidLanguageGroup
FormatMessageA
NlsGetCacheUpdateCount
InterlockedIncrement
EnumDateFormatsExW
lstrlenW
SetConsoleNumberOfCommandsA
Heap32Next
HeapQueryInformation
SetFileAttributesA
InitializeCriticalSection
FindFirstVolumeMountPointA
VirtualAlloc
GetModuleHandleW

ntdll

ZwCloseObjectAuditAlarm
ZwExtendSection
ZwEnumerateBootEntries
RtlNumberGenericTableElementsAvl
ZwLockRegistryKey
LdrFlushAlternateResourceModules
RtlCopyString
RtlCreateBootStatusDataFile
RtlNewSecurityObjectWithMultipleInheritance
NtDeleteBootEntry
CsrAllocateCaptureBuffer
RtlMultiAppendUnicodeStringBuffer
RtlGetNtProductType
NtLockVirtualMemory
RtlAddActionToRXact
RtlApplyRXactNoFlush
RtlValidateUnicodeString

dbnetlib

ConnectionOpen
TermSSPIPackage
ConnectionCheckForData
ConnectionRead
ConnectionMode
ConnectionSqlVer
ConnectionGetSvrUser
ConnectionServerEnumW
InitEnumServers
ConnectionClose
ConnectionStatus
InitSSPIPackage
ConnectionTransact
GetNextEnumeration
ConnectionWrite
ConnectionFlushCache
TermSession

msjint40

CchLszOfId2

Sections

.text
Size: 725KB - Virtual size: 724KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

41042d1eafaff257dba4e9a1c93a9d1f

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

ntdll

dbnetlib

msjint40

Sections

.text Size: 725KB - Virtual size: 724KB

.rdata Size: 116KB - Virtual size: 115KB

.data Size: 3KB - Virtual size: 1.5MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 725KB - Virtual size: 724KB

.rdata
Size: 116KB - Virtual size: 115KB

.data
Size: 3KB - Virtual size: 1.5MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB