44cf3018c4b06007e253a827e1bfcf6c_JaffaCakes118

General

Target

44cf3018c4b06007e253a827e1bfcf6c_JaffaCakes118
Size

1.1MB
MD5

44cf3018c4b06007e253a827e1bfcf6c
SHA1

dbcab911e646deccc8d2a457dacce5ea82b63068
SHA256

df67653b0ed12769f85b40d6b4c44055f81cf02455f05d52a1a52e9ccbbdf59f
SHA512

468a870fda5c3906ee2f0d8eb7417745b7486460840ae8eb625162310a35721f83dd1308742614bb286110536433edf3c9a53190c2b865f23128994471823d75
SSDEEP

12288:Whw+X8FMmSBYpm0ZMHbNfgaykTIo3H/1iLzYg3Ekm9aI7Wxhv/fvf56NyYTsiAiZ:csLSBEohgP2IoP1Edvn1//AzFAiZ8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44cf3018c4b06007e253a827e1bfcf6c_JaffaCakes118

Files

44cf3018c4b06007e253a827e1bfcf6c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b3cb71a0579f32d65a057f1936fff264

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

odbc32

DllBidEntryPoint
SQLDescribeCol
SQLSetParam
SQLExecDirectA
SQLExtendedFetch
SQLErrorA
SQLSetDescFieldA
SQLAllocHandleStd
SQLBindParameter
SQLGetDescRecA
CloseODBCPerfData
SQLPrepareA
SQLGetDiagField
SQLColAttributeA
SQLPrimaryKeys
SQLDescribeParam
CursorLibLockDbc
SQLProceduresA
SQLGetStmtAttr
SQLConnectA
SQLPutData
ODBCSetTryWaitValue
SQLExecDirect
SQLGetCursorName
SQLFreeConnect
SQLColumnPrivilegesA

kernel32

InterlockedPopEntrySList
VirtualFree
WaitForMultipleObjects
InterlockedCompareExchange
FileTimeToDosDateTime
InitializeSListHead
SetFilePointer
lstrcmpiA
InterlockedPushEntrySList
CreateFileA
GetProcessHeap
ReadFile
GetSystemTimeAsFileTime
InterlockedPushEntrySList
CreateNamedPipeA
DosDateTimeToFileTime
VirtualAlloc
CloseHandle
ExitProcess
GetSystemInfo
GetFileTime
ConnectNamedPipe

advpack

NeedReboot
IsNTAdmin
RunSetupCommand

adsldpc

ADsSetSearchPreference
BuildADsPathFromLDAPPath
ADsDeleteClassDefinition
FreeADsStr
ADsSetObjectAttributes
ADSIGetNextRow
GetDomainDNSNameForDomain
AdsTypeToLdapTypeCopyGeneralizedTime
AdsTypeToLdapTypeCopyTime
ADsAbandonSearch
BuildADsParentPathFromObjectInfo
ADSIGetPreviousRow
ADSIExecuteSearch
GetLDAPTypeName
ADsDeleteDSObject
Component
ADsCreateClassDefinition
FindSearchTableIndex

Sections

.text
Size: 666KB - Virtual size: 666KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 314KB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b3cb71a0579f32d65a057f1936fff264

Headers

DLL Characteristics

File Characteristics

Imports

odbc32

kernel32

advpack

adsldpc

Sections

.text Size: 666KB - Virtual size: 666KB

.data Size: 146KB - Virtual size: 146KB

.rsrc Size: 314KB - Virtual size: 3.4MB

.text
Size: 666KB - Virtual size: 666KB

.data
Size: 146KB - Virtual size: 146KB

.rsrc
Size: 314KB - Virtual size: 3.4MB