4532ce5383a7f2adf887c10cc836adc8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4532ce5383a7f2adf887c10cc836adc8_JaffaCakes118
Size

846KB
MD5

4532ce5383a7f2adf887c10cc836adc8
SHA1

3ca22b59e807c7959a1b85723850f70d9fd65501
SHA256

be40cdfc2113d6f64dd823278caeea84c3ca6e285cea31bf9d593c5b5d22bf79
SHA512

5484a7484537d74129f561183c01f065d16d87d7be0a6d639508372d585650f553d9e83ad8b7c3ae0bbde40e4f13f44c3fc408fd410445a7973e404aa95d2f25
SSDEEP

24576:UXyEcs/h90zqwSm822ivblRVCukTETDAgkbLKFH23gWrDTmkljgM:iyDEhWzxV3EcYFbLU27/TnlsM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4532ce5383a7f2adf887c10cc836adc8_JaffaCakes118

Files

4532ce5383a7f2adf887c10cc836adc8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

af333e7215d7f388ed58a6a1e0ba5870

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msorcl32

SQLRowCount
SQLDriverConnect
SQLAllocConnect
SQLMoreResults
SQLExtendedFetch
SQLStatistics
SQLSetCursorName
SQLGetTypeInfo
SQLBindParameter
SQLNumResultCols
SQLPutData
SQLBindCol
SQLGetInfo
SQLTables
SQLPrepare
SQLSetConnectOption
SQLDescribeCol
SQLGetConnectOption
SQLFreeEnv
SQLColumns
SQLPrimaryKeys
SQLSetScrollOptions
SQLNumParams
SQLFreeStmt

kernel32

SetThreadContext
InterlockedPushEntrySList
HeapSummary
IsValidCodePage
VirtualAlloc
RegisterWowBaseHandlers
OpenConsoleW
GetTimeFormatA
InitializeSListHead
GetExitCodeProcess
ProcessIdToSessionId
GetConsoleHardwareState
SetConsoleNlsMode
lstrcmpA
Module32Next
LoadLibraryA
SizeofResource
InitializeCriticalSection
WriteProcessMemory
BuildCommDCBAndTimeoutsW
LockResource
EnumResourceNamesW
InitAtomTable
GlobalGetAtomNameW
IsBadCodePtr

wsock32

recv
gethostname
EnumProtocolsA
EnumProtocolsW
dn_expand
bind
WSAIsBlocking
listen
WSARecvEx
socket
s_perror
GetNameByTypeA
WSAAsyncGetProtoByNumber
htons
GetAddressByNameA
recvfrom
ntohs
WSAAsyncGetServByName
GetServiceW
WSACancelAsyncRequest
GetServiceA
MigrateWinsockConfiguration
getprotobyname
shutdown

certcli

CASetCASecurity
CAOIDCreateNew
CASetCertTypeExpiration
CACloseCertType
CAEnumCertTypesForCAEx
CAAccessCheck
CAOIDFreeLdapURL
CAGetCertTypePropertyEx
GetProxyDllInfo
CAFreeCAProperty
CAGetCAProperty
CAFindByIssuerDN
CACreateNewCA
CASetCAProperty
CAOIDAdd
CARemoveCACertificateType
CAFindCertTypeByName

Sections

.text
Size: 748KB - Virtual size: 748KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af333e7215d7f388ed58a6a1e0ba5870

Headers

DLL Characteristics

File Characteristics

Imports

msorcl32

kernel32

wsock32

certcli

Sections

.text Size: 748KB - Virtual size: 748KB

.rdata Size: 91KB - Virtual size: 90KB

.data Size: 3KB - Virtual size: 1.4MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 992B

.text
Size: 748KB - Virtual size: 748KB

.rdata
Size: 91KB - Virtual size: 90KB

.data
Size: 3KB - Virtual size: 1.4MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 992B