126f8c62568a2e81f35be61f49b269a7_JaffaCakes118

General

Target

126f8c62568a2e81f35be61f49b269a7_JaffaCakes118
Size

1.1MB
MD5

126f8c62568a2e81f35be61f49b269a7
SHA1

b1c9c1e425389c045762971e8cb9d3348950d36d
SHA256

cd87fb8c395e49fe4541291845a7e559e41e5df38ac3eb633e88f196fd8fb72f
SHA512

1c89b34b0c987b8fd33272bf28b226ba576e53fd44586776db6a1e8bfd07d55585a8e192d98cffaeff13333216930279537a1337f71608a8a00ad032c5fdd9bb
SSDEEP

24576:tVmndXwnguz2fijr1EwXx4oXoI3+RaoI:jW2JzMPwDoIOBI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
126f8c62568a2e81f35be61f49b269a7_JaffaCakes118

Files

126f8c62568a2e81f35be61f49b269a7_JaffaCakes118
.exe windows:8 windows x86 arch:x86

29ceae0c79f840cb80a62f987def423b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetSystemTime
DisconnectNamedPipe
lstrcmpiA
CreateFileA
ReadFileEx
GetFileTime
GetSystemTimeAdjustment
VirtualAlloc
lstrcmpA
ReadFileScatter
SystemTimeToFileTime
GetNamedPipeHandleStateA
VirtualFree
WriteFile
SetFilePointer
GetSystemInfo
ExitProcess
InitializeSListHead
GetStringTypeExA
InterlockedCompareExchange
ConnectNamedPipe
CloseHandle
GetProcessHeap
SetNamedPipeHandleState
ReadFile
CreateNamedPipeA
WaitForMultipleObjects
FileTimeToDosDateTime

adsldpc

ADSICloseSearchHandle
IsGCNamespace
BuildADsPathFromLDAPPath
ADsDeleteClassDefinition
AdsTypeToLdapTypeCopyDNWithString
ADsAbandonSearch
ADsHelperGetCurrentRowMessage
GetLDAPTypeName
ADsExecuteSearch
ADsCreateDSObject
AdsTypeFreeAdsObjects
BuildLDAPPathFromADsPath
ADSIModifyRdn
ADsGetPreviousRow
BerBvFree

odbc32

SQLProcedures
SQLConnectA
SQLTablePrivilegesA
CursorLibTransact
ODBCSetTryWaitValue
SQLBindCol
SQLGetFunctions
SQLConnect
SQLGetEnvAttr
SQLProcedureColumns
SQLSetEnvAttr
VRetrieveDriverErrorsRowCol
CursorLibLockStmt
SQLGetTypeInfoA
SQLSpecialColumnsA
SQLFetchScroll
SQLDataSourcesA
SQLEndTran
SQLGetDescField
SQLNumParams
SQLPutData
SQLError
SQLAllocStmt
SQLGetStmtOption
SQLGetDescFieldA
CursorLibLockDbc
SQLGetDiagField

advpack

LaunchINFSection
RegRestoreAll
AdvInstallFile
RunSetupCommand
DelNode
GetVersionFromFileEx

Sections

.text
Size: 753KB - Virtual size: 753KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 278KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 103KB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

29ceae0c79f840cb80a62f987def423b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

adsldpc

odbc32

advpack

Sections

.text Size: 753KB - Virtual size: 753KB

.data Size: 278KB - Virtual size: 277KB

.rsrc Size: 103KB - Virtual size: 3.2MB

.text
Size: 753KB - Virtual size: 753KB

.data
Size: 278KB - Virtual size: 277KB

.rsrc
Size: 103KB - Virtual size: 3.2MB