44b5bdf3357adc422f7d6cc1bdc0b96f_JaffaCakes118

General

Target

44b5bdf3357adc422f7d6cc1bdc0b96f_JaffaCakes118
Size

1.1MB
MD5

44b5bdf3357adc422f7d6cc1bdc0b96f
SHA1

7f9888866aec982ea1fd1f68abf3995c689dbeed
SHA256

0338bb990e9e9655bb55d20ae605a13a36cfabc60be297eb8058d53958bbc157
SHA512

61bd8382f2f5f52d05f05e7edd98db21da97b7c673be0e938d9fe87b7a3442757e3f7546dbfd009c82874346feea66a8f5978054990d9e56757a6211d74c2ba6
SSDEEP

24576:pICKW/2OObLFIrylFqaJG4GxC42RjrkYB0sz9+7PnkY:pICKWury2lsUG4GUTJ1/gx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44b5bdf3357adc422f7d6cc1bdc0b96f_JaffaCakes118

Files

44b5bdf3357adc422f7d6cc1bdc0b96f_JaffaCakes118
.exe windows:0 windows x86 arch:x86

f56ebaa5533fc2f4f5cc5bff3d61884f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetSystemTime
GetProcessHeap
CreateNamedPipeA
SetFilePointer
GetFileAttributesExA
CreateFileA
ReadFile
GetNamedPipeInfo
InterlockedCompareExchange
SystemTimeToFileTime
InterlockedExchangeAdd
VirtualFree
InterlockedPushEntrySList
CloseHandle
PeekNamedPipe
InitializeSListHead
HeapAlloc
ConnectNamedPipe
WaitForMultipleObjects
SetFilePointerEx
GetNamedPipeHandleStateA
GetSystemInfo
ExitProcess
HeapFree
VirtualAlloc
HeapReAlloc

adsldpc

ADsExecuteSearch
ADsCloseSearchHandle
BuildADsParentPathFromObjectInfo2
ADsCreateDSObject
BuildLDAPPathFromADsPath
IsGCNamespace
AdsTypeToLdapTypeCopyDNWithBinary
BuildADsParentPath
ADsDeleteClassDefinition
ADSICloseSearchHandle
ADSIGetNextColumnName

advpack

ExtractFiles
RunSetupCommand
RegisterOCX
TranslateInfString
DelNode
AdvInstallFile
TranslateInfStringEx

odbc32

SQLGetFunctions
SQLGetStmtAttr
SQLCancel
SQLAllocConnect
SQLColAttribute
VFreeErrors
SQLGetCursorName
SQLDescribeCol
SQLForeignKeys
SQLMoreResults
SQLGetDiagField
SQLSetDescRec
SQLCloseCursor
SQLSetConnectOption
SQLGetDiagRecA
SQLSetStmtAttr
SQLFetchScroll
SQLExecDirect
ValidateErrorQueue
SQLColumnsA
SQLError
ODBCSetTryWaitValue
SQLFreeEnv
SQLSetConnectOptionA
SQLSetScrollOptions
SQLTransact
SQLBindParameter
CursorLibLockStmt
SQLEndTran
SQLSetCursorNameA
SQLSetStmtAttrA
SQLDriversA

Sections

.text
Size: 666KB - Virtual size: 666KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 305KB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f56ebaa5533fc2f4f5cc5bff3d61884f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

adsldpc

advpack

odbc32

Sections

.text Size: 666KB - Virtual size: 666KB

.data Size: 146KB - Virtual size: 146KB

.rsrc Size: 305KB - Virtual size: 3.4MB

.text
Size: 666KB - Virtual size: 666KB

.data
Size: 146KB - Virtual size: 146KB

.rsrc
Size: 305KB - Virtual size: 3.4MB