561ab316b18a5db25d7ef4042aae9665_JaffaCakes118

General

Target

561ab316b18a5db25d7ef4042aae9665_JaffaCakes118
Size

65KB
MD5

561ab316b18a5db25d7ef4042aae9665
SHA1

fde11c16ac54f1876514999d7035e26fa127343f
SHA256

a0b91dbefb0919c0817993aa4dcf88d88725a884b33bd3ec4da9994d3e0b88e9
SHA512

a4fde07cfd86caeeacbdfb7a0aa275ecbec4fe49a21fefab1b01799289cd5676ff684a4be6b8cfd699a39fa24963ef97f9da5d95a221630ad8717973ddd6e709
SSDEEP

1536:ywZQBe7upvvS6L3wdeKlIL5K33T2XY20k:yAQBe7upvK2s5lIsHTYx0k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
561ab316b18a5db25d7ef4042aae9665_JaffaCakes118

Files

561ab316b18a5db25d7ef4042aae9665_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e4afd517b72b351a60df3a5e738b2f41

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

PDB Paths

exe\sqlftwiz.pdb

Imports

sqlunirl

_MessageBox@16
_GetUnicodeRedirectionLayer@0
_FormatMessage@28

sqlresld

SQLUILoadResourceDLL
SQLUIUnloadResourceDLL

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
ExitProcess
LocalFree
GetLastError
MultiByteToWideChar
GetUserDefaultLCID

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

msvcr71

_controlfp
_onexit
__dllonexit
swprintf
__CxxFrameHandler
_CxxThrowException
??3@YAXPAX@Z
??1type_info@@UAE@XZ
__security_error_handler
_except_handler3
_c_exit
_exit
_XcptFilter
_cexit
exit
__p___initenv
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ

oleaut32

GetErrorInfo
SysFreeString

sqlftwiz

_DoSQLFTWiz@16

semsfc

?LoadString@SString@@QAEHPAUHINSTANCE__@@I@Z
??BSString@@QBEPBGXZ
??0SString@@QAE@XZ
??1SString@@QAE@XZ

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e4afd517b72b351a60df3a5e738b2f41

Headers

File Characteristics

PDB Paths

Imports

sqlunirl

sqlresld

kernel32

ole32

msvcr71

oleaut32

sqlftwiz

semsfc

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 116B

.rsrc Size: 48KB - Virtual size: 48KB

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 116B

.rsrc
Size: 48KB - Virtual size: 48KB