29b829bdb055f17300a8c6294f1b6edc_JaffaCakes118

General

Target

29b829bdb055f17300a8c6294f1b6edc_JaffaCakes118
Size

1.1MB
MD5

29b829bdb055f17300a8c6294f1b6edc
SHA1

e513b21753e5eabb12d8bf6daadd48d3635ca21e
SHA256

d9e84464c100fb8aca56a525764c9765201514b7424f6815d42778bb6335b9ff
SHA512

56c325b5fd3eff75c7279c4c28726e72f17c1c0ff9abe7a28b94ba7ee218bc13a129851718d44c0f589c62741e05299cf9045640f1ceab524c45415338a1e427
SSDEEP

12288:IrCVlRjSXtvhbyEqT24H4HBeoOrfc6aBNvMiwQk8OS4Rfsg6oD6GCp9XrZEuPUTC:UAoXtvhMT24HCBtMEbvM0Cp+9LXrKK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29b829bdb055f17300a8c6294f1b6edc_JaffaCakes118

Files

29b829bdb055f17300a8c6294f1b6edc_JaffaCakes118
.exe windows:0 windows x86 arch:x86

0c2efd8c5b90bfab5e37bff4251ffba4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

HeapAlloc
ReadFileEx
lstrcmpiA
DeleteFileA
HeapLock
CreateFileA
SetFilePointer
InterlockedCompareExchange
GetSystemTimeAdjustment
InitializeSListHead
GetSystemTime
HeapFree
VirtualFree
CreateNamedPipeA
WaitForMultipleObjects
ConnectNamedPipe
WaitNamedPipeA
ExitProcess
InterlockedCompareExchange
VirtualAlloc
HeapCreate
lstrcatA
SetEnvironmentVariableA
GetSystemInfo
ReadFile
HeapUnlock
CloseHandle
InterlockedFlushSList
GetFirmwareEnvironmentVariableA
GetStringTypeA
GetProcessHeap
HeapDestroy

advpack

UserUnInstStubWrapper
RegSaveRestore
RegisterOCX
GetVersionFromFile
DoInfInstall
LaunchINFSectionEx

odbc32

SQLSetParam
SQLError
CursorLibLockDesc
SQLSetDescField
SQLFreeStmt
SQLSetConnectOptionA
LockHandle
SQLDataSourcesA
SQLSetConnectAttr
SQLSetCursorName
SQLSetStmtAttr
PostODBCError
SQLTablePrivileges
SQLGetDiagField
SQLBrowseConnectA
SQLSetPos
SQLDriverConnect
SQLColAttribute
SQLGetDiagRecA
SQLAllocHandleStd
SQLGetData
SQLBrowseConnect
SQLDescribeColA
VFreeErrors
SQLColumnsA
CursorLibTransact

Sections

.text
Size: 485KB - Virtual size: 485KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 412KB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0c2efd8c5b90bfab5e37bff4251ffba4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advpack

odbc32

Sections

.text Size: 485KB - Virtual size: 485KB

.data Size: 206KB - Virtual size: 206KB

.rsrc Size: 412KB - Virtual size: 3.5MB

.text
Size: 485KB - Virtual size: 485KB

.data
Size: 206KB - Virtual size: 206KB

.rsrc
Size: 412KB - Virtual size: 3.5MB