27f9fa0c5c0a2873eacabc0b916b8bfd_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

27f9fa0c5c0a2873eacabc0b916b8bfd_JaffaCakes118
Size

332KB
MD5

27f9fa0c5c0a2873eacabc0b916b8bfd
SHA1

024b868e180234cdfe6355c8823cbc13839a04cb
SHA256

5a41a3c9ae2b56ec8cb017770346e47d3be5a3e2241f206ea7990d9c5dc33aea
SHA512

8e39d1093823e5a5e03176931e4a0afc4649b93d8b7eced66945ed4ffbb1b4d835da0b0b9e8491fd7db070fce7150a81611aa085750af835014e1cf6c1328466
SSDEEP

6144:MnNb8InvSJznhI+Tf4w0eIhRmDNrvdPONosOrrFdJPAU2Z19hUj30:MnNb8InKdnhdTfT03h6VKVCLJL2ZzhQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27f9fa0c5c0a2873eacabc0b916b8bfd_JaffaCakes118

Files

27f9fa0c5c0a2873eacabc0b916b8bfd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a1e7c7d12d269f549e56249c897c0ad0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sql

sql_findtable
IsamTableName
sql_insert_value_lines
MemFree
sql_tmpfile
IsamAlloc
IsamFree
bcopy
sql_day_to_time
sql_realquant
sql_add_comma
MemAlloc
bzero
sql_intquant
IsamExecLive
getwd
SysClose
SysOpen
SysOpenMust
sql_tabula_ini
sql_code_date
SysWrite
SysSeek
SysRead
IsamFileRename
IsamCoreAlloc
IsamCoreFree
IsamCoreRealloc
IsamCoreEnlarge
IsamCoreAllocSpace
IsamCoreReallocSpace
SysSync
SysCreat
SysExists
numstrncmp
IsamStrncmp
strncpyr
IsamFileCopySimple
IsamSigMark
IsamKillMsg
sql_signal_remove_tmpfiles
IsamTmpPath
IsamModuleCheckOK
WinSandGlass
WinPartialSandGlass
TabulaMessageBox
HebrewFilter
IsamSigInterrupt
sql_daylen
sql_decode_date
sql_message
sql_set_memory
sql_prep
OraExit

user32

GetSystemMetrics
TranslateMessage
DispatchMessageA
RegisterClassA
CreateWindowExA
DefWindowProcA
PeekMessageA

msvcr80

_chdir
fclose
strcpy
strcat
strlen
sprintf
strcmp
vfprintf
getenv
vsprintf
__iob_func
_unlink
getc
strncmp
atoi
strncpy
_time32
strrchr
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
freopen
_controlfp_s
__argc
__argv
_fmode
fopen
_invoke_watson

kernel32

GetFileAttributesA
GetPrivateProfileIntA
GetDriveTypeA
GetVersion
GetPrivateProfileStringA
GetLocalTime
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
GetModuleFileNameA
CreateFileA
GetFileTime
SetFileTime
CloseHandle
GetSystemTime

Sections

.text
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 208KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a1e7c7d12d269f549e56249c897c0ad0

Headers

File Characteristics

Imports

sql

user32

msvcr80

kernel32

Sections

.text Size: 112KB - Virtual size: 108KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 208KB - Virtual size: 220KB

.rsrc Size: 4KB - Virtual size: 664B

.text
Size: 112KB - Virtual size: 108KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 208KB - Virtual size: 220KB

.rsrc
Size: 4KB - Virtual size: 664B