e7a89f9830b8558a0820756e952897b7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e7a89f9830b8558a0820756e952897b7_JaffaCakes118
Size

174KB
MD5

e7a89f9830b8558a0820756e952897b7
SHA1

7c1939516002a235e9a821ed6653dcfef5e6288b
SHA256

9b0c6562146f79a0deccf9005791d33d175e352e5404b473fd90da8fb370eea5
SHA512

1bb8595c4b1ee34b589fc8f58ba2923f25f47c2aa86d03d5b53fee455eb9b1f276d9b6972ebd11ee7c6403d52a3a34ea57824294e0fc9c70c0ef137a69fb215e
SSDEEP

3072:H50psIoYWlCU5N0yN0uQd5SBuODJcaQxgGNnXSe1Paf7beLlDlC6x1GvZFyu6cR1:Z0KNYIYrd7Oi4anXSe1yEZ32

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e7a89f9830b8558a0820756e952897b7_JaffaCakes118

Files

e7a89f9830b8558a0820756e952897b7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d73a981199068f4ef3759a374b20044a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

credui

CredUIInitControls
CredUIParseUserNameW

gdi32

GetTextExtentPoint32W
DeleteObject
CreateFontIndirectW
CreatePatternBrush
SetTextColor
SetBkColor
CreateBitmap
GetDeviceCaps

cryptui

CryptUIDlgSelectCertificateW
CryptUIDlgViewCertificateW

apphelp

GetPermLayers

ntdll

RtlNtStatusToDosError
NtQuerySystemTime
RtlSubAuthorityCountSid
RtlSubAuthoritySid
RtlInitUnicodeString
RtlIdentifierAuthoritySid

user32

SetScrollPos
EndDialog
ShowWindow
DestroyWindow
BeginPaint
RegisterWindowMessageW
MoveWindow
RegisterClassW
CreateWindowExW
CheckDlgButton
GetSystemMetrics
GetParent
InflateRect
SetScrollInfo
SetWindowTextW
GetDesktopWindow
SendDlgItemMessageW
FrameRect
MessageBoxW
DrawFocusRect
UpdateWindow
SetForegroundWindow
DrawIcon
MapWindowPoints
OffsetRect
IsDlgButtonChecked
wsprintfW
LoadCursorW
MessageBoxA
SetWindowContextHelpId
EndPaint
FindWindowExW
GetWindowTextW
GetWindowRect
ScreenToClient
SetScrollRange
ReleaseDC
SetCursor
GetSysColor
CallWindowProcW
LoadIconW
EnableWindow
WinHelpW
PostMessageW
DialogBoxParamW
GetDlgCtrlID
SetWindowLongW
GetWindowLongW
GetWindowThreadProcessId
GetDlgItem
ScrollWindow
RegisterClipboardFormatW
SetDlgItemTextW
MessageBeep
SystemParametersInfoW
LoadBitmapW
GetWindow
SetWindowPos
GetScrollInfo
IsWindowEnabled
SendMessageW
GetWindowTextLengthW
GetDlgItemTextW
MapDialogRect
IsWindow
CheckRadioButton
GetClientRect
SetFocus
GetDC
DefWindowProcW
LoadStringW
DestroyIcon
GetSysColorBrush

ntdsapi

DsFreeNameResultW
DsBindW
DsIsMangledDnW
DsUnBindW
DsCrackNamesW
DsCrackSpn3W

ole32

CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CoMarshalInterThreadInterfaceInStream
StringFromIID
ReleaseStgMedium
CoCreateInstance
CoGetInterfaceAndReleaseStream

kernel32

VirtualAlloc
GetLastError

dnsapi

DnsNameCompareEx_W

imagehlp

GetImageConfigInformation

shlwapi

PathIsUNCServerShareW
PathAppendW

crypt32

CertDuplicateStore
CertSaveStore
CertGetNameStringW
CertOpenStore
CertFindCertificateInStore
CertGetEnhancedKeyUsage
CertControlStore
CertDuplicateCertificateContext
CertCloseStore
CryptDecodeObject
CertDeleteCertificateFromStore
CertGetCertificateContextProperty
CertEnumSystemStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CryptFindOIDInfo
CertAddCertificateContextToStore
CryptQueryObject

advapi32

LsaSetForestTrustInformation
GetExplicitEntriesFromAclW
OpenSCManagerW
LsaLookupSids
LsaOpenTrustedDomainByName
LsaDelete
CryptAcquireContextW
LsaQueryForestTrustInformation
RegSetValueExW
LsaQueryTrustedDomainInfo
GetSidLengthRequired
BuildTrusteeWithObjectsAndSidW
RevertToSelf
LsaFreeMemory
SetEntriesInAclW
RegOpenKeyExW
RegDeleteKeyW
CryptReleaseContext
InitializeAcl
LsaRetrievePrivateData
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetSidSubAuthorityCount
EqualPrefixSid
FreeSid
GetSidIdentifierAuthority
AllocateAndInitializeSid
CloseServiceHandle
RegQueryValueExW
SetNamedSecurityInfoW
OpenServiceW
GetSecurityDescriptorLength
SystemFunction040
LsaClose
GetSidSubAuthority
CryptGenRandom
LsaQueryTrustedDomainInfoByName
BuildTrusteeWithSidW
RegCreateKeyExW
LsaOpenTrustedDomain
LsaQueryInformationPolicy
GetNamedSecurityInfoW
ImpersonateAnonymousToken
ImpersonateLoggedOnUser
LsaOpenPolicy
QueryServiceStatus
GetLengthSid
LogonUserW
IsValidSid
LsaSetTrustedDomainInfoByName
GetSecurityDescriptorControl
EqualSid
SystemFunction041
LsaCreateTrustedDomainEx
MakeSelfRelativeSD
LsaNtStatusToWinError
RegCloseKey

shell32

SHGetFolderPathW

dsprop

ADsPropGetInitInfo
ADsPropSetHwnd
ADsPropSetHwndWithTitle
ADsPropCreateNotifyObj
ADsPropShowErrorDialog
FindSheet
ADsPropSendErrorMessage

version

GetFileVersionInfoW

Sections

.text
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 848KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d73a981199068f4ef3759a374b20044a

Headers

DLL Characteristics

File Characteristics

Imports

credui

gdi32

cryptui

apphelp

ntdll

user32

ntdsapi

ole32

kernel32

dnsapi

imagehlp

shlwapi

crypt32

advapi32

shell32

dsprop

version

Sections

.text Size: 512B - Virtual size: 412B

.idata Size: 6KB - Virtual size: 6KB

.rdata Size: 85KB - Virtual size: 85KB

.data Size: 24KB - Virtual size: 848KB

.rsrc Size: 55KB - Virtual size: 55KB

.reloc Size: 512B - Virtual size: 32B

.text
Size: 512B - Virtual size: 412B

.idata
Size: 6KB - Virtual size: 6KB

.rdata
Size: 85KB - Virtual size: 85KB

.data
Size: 24KB - Virtual size: 848KB

.rsrc
Size: 55KB - Virtual size: 55KB

.reloc
Size: 512B - Virtual size: 32B