ede35e5feca11e2ce0e399546655c513_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ede35e5feca11e2ce0e399546655c513_JaffaCakes118
Size

847KB
MD5

ede35e5feca11e2ce0e399546655c513
SHA1

a1fe76a1cf190946aaca008977841e1b4a474b74
SHA256

34f23ff6cf5635c7d5030da6e02be2e39456d0364355a9023f75b98750035281
SHA512

a569c20030383eef7d613e14ec4f221f3e4e3f9b7ea5d87814ded37e4c1d9b243da643246ac68d70c8f608bca0ee9239f7fcad8f0ea394dcefffe890ad718ddc
SSDEEP

24576:ogfo6I4yElV2bGMX4OV4LJw2HAziojyxgtVfe8Q:ogQN4VevW8zpQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ede35e5feca11e2ce0e399546655c513_JaffaCakes118

Files

ede35e5feca11e2ce0e399546655c513_JaffaCakes118
.exe windows:5 windows x86 arch:x86

348860a689b79b06b64848b3a5e88c73

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sqlunirl

_DlgDirList_@20
_GetDiskFreeSpace_@20
_OpenFileMapping_@12
_CreateAcceleratorTable_@8
_SetFileAttributes_@8
_PeekMessage@20
_ReportEvent_@36
_SetEnvironmentVariable_@8
_QueryServiceConfig_@16
_RegOpenKeyEx_@20
_GetVersionEx@4
_lstrcmp_@8
_GetTextExtentPoint@16
_WritePrivateProfileStruct_@20
_CreateColorSpace_@4
_GetICMProfile_@12
_OpenDesktop_@16
_PageSetupDlg_@4
_AccessCheckAndAuditAlarm_@44
_LoadKeyboardLayout_@8
_IsCharUpper_@4
_FatalAppExit_@8
_LookupPrivilegeValue_@12
_ExtTextOut@32
_DefDlgProc_@16

msi

MsiGetFeatureValidStatesW
MsiGetLanguage
MsiDatabaseOpenViewW
MsiGetComponentStateW
MsiGetActiveDatabase
MsiConfigureFeatureFromDescriptorW
MsiEnumClientsA
MsiFormatRecordW
MsiEnumRelatedProductsW
MsiInstallMissingComponentW
MsiLocateComponentA
MsiPreviewDialogA
MsiProvideComponentW
MsiOpenPackageExW
MsiOpenPackageW
MsiOpenDatabaseW
MsiGetFileVersionA
MsiSetInternalUI
MsiSetComponentStateA
MsiViewGetErrorA

advapi32

RegSetKeySecurity
RegisterIdleTask
CryptCreateHash
ElfOpenEventLogA
RegSaveKeyW
CryptDestroyKey
TrusteeAccessToObjectA
LsaFreeMemory
BuildSecurityDescriptorA
CredGetTargetInfoW
BuildImpersonateExplicitAccessWithNameA
CredMarshalCredentialW
CryptSetHashParam
GetOldestEventLogRecord
EnumerateTraceGuids
LsaClose
RegUnLoadKeyW
OpenServiceA

kernel32

EnumerateLocalComputerNamesW
DeleteVolumeMountPointA
lstrlen
ReadFileScatter
GetModuleHandleA
LCMapStringW
CloseConsoleHandle
OutputDebugStringA
ResetEvent
InvalidateConsoleDIBits
TerminateJobObject
GetUserGeoID
RegisterWaitForSingleObject
LZDone
GetVersionExW
WriteFileEx
VirtualAlloc
ConvertThreadToFiber
lstrcmp
TlsAlloc
GetShortPathNameW
GetCurrentThreadId
LoadLibraryA
GetExitCodeThread
SetVolumeMountPointA
FreeLibraryAndExitThread
SetProcessShutdownParameters

ntdsapi

DsListServersForDomainInSiteA
DsCrackNamesA
DsFreeSpnArrayA
DsReplicaSyncW
DsListSitesA
DsUnBindA
DsBindWithSpnA
DsCrackSpnW
DsReplicaUpdateRefsW
DsaopBindWithSpn
DsListInfoForServerW
DsReplicaGetInfo2W
DsMapSchemaGuidsA
DsBindA
DsRemoveDsServerA
DsReplicaSyncAllA
DsMapSchemaGuidsW

inetcomm

MimeOleFileTimeToInetDate
MimeOleSMimeCapInit
MimeOleSMimeCapAddSMimeCap
MimeEditCreateMimeDocument
MimeOleGetDefaultCharset
CreateRangeList
MimeOleSMimeCapsFull
MimeOleSMimeCapsToDlg
MimeOleCreateHashTable
MimeEditIsSafeToRun
MimeOleCreateVirtualStream
MimeOleGetFileInfo
CreateSMTPTransport
MimeEditViewSource
MimeOleSMimeCapGetHashAlg
MimeOleGenerateFileName
EssReceiptEncodeEx

Sections

.text
Size: 476KB - Virtual size: 475KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 364KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

348860a689b79b06b64848b3a5e88c73

Headers

DLL Characteristics

File Characteristics

Imports

sqlunirl

msi

advapi32

kernel32

ntdsapi

inetcomm

Sections

.text Size: 476KB - Virtual size: 475KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 364KB - Virtual size: 1.8MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 456B

.text
Size: 476KB - Virtual size: 475KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 364KB - Virtual size: 1.8MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 456B