303af075cc46bd1bb5eca6ffe6cc8440_JaffaCakes118

General

Target

303af075cc46bd1bb5eca6ffe6cc8440_JaffaCakes118
Size

48KB
MD5

303af075cc46bd1bb5eca6ffe6cc8440
SHA1

32d7302540815861975a029811137aba467e00e9
SHA256

648c980beab58a4d6017a288190bdfaa962f6781e8807ce174b7cf2e2f044617
SHA512

53dac11d6770a01c90e034ea8d56f96b23c04988eaef6478fef2bdc0768551714d77ab1294ae72b0fba039161f330e2b9a75de8f94a88584908d40011614b583
SSDEEP

768:ngwrG1Ynl9ZJqEYToiZL1hGUuMFfvKlG:nj7n3YToiZLvtHKl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
303af075cc46bd1bb5eca6ffe6cc8440_JaffaCakes118

Files

303af075cc46bd1bb5eca6ffe6cc8440_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4ade5c9defdcd2dc2d3b5e01ed88452a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapCreate
WriteFile
HeapFree
CloseHandle
RtlUnwind
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
FormatMessageA
VirtualFree
GetACP
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
HeapAlloc
InitializeCriticalSection
GetCPInfo
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers

msi

ord103
ord124
ord17
ord144
ord49
ord52
ord31
ord159
ord8
ord121
ord163
ord20

db2app

sqledgne_api@12
sqledosd_api@16
sqledcls_api@8

Exports

Exports

FillDB2DBNames

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ade5c9defdcd2dc2d3b5e01ed88452a

Headers

File Characteristics

Imports

kernel32

msi

db2app

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 25KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 12KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 12KB

.reloc
Size: 4KB - Virtual size: 3KB