f104ffe5683a803cf13353d3a7e418d8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f104ffe5683a803cf13353d3a7e418d8_JaffaCakes118
Size

22KB
MD5

f104ffe5683a803cf13353d3a7e418d8
SHA1

716cfc9ed20d2f90f85e466921036befa0f091ec
SHA256

e7476545a7f6eedb0a9a7089ed77ae1ae3426a82f5035f004122c6c1ddf76dcc
SHA512

bef90addca308d439ead7cfd105fb37f94199ae4509dd8be6a54f4f55beb33f594a570aba6aab8708a7a921afe8e917506d2849ce7d0ee5698e5ae5717ffa708
SSDEEP

384:sMzVhh6bwYoNf4mTLA5tXuG2VkgTiKxSH8IroOlWSZa9k7dzDx2Q+fGPJtaRXemK:DBqb9ofaF2mEipt2S6k7BDQ3f+Oy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f104ffe5683a803cf13353d3a7e418d8_JaffaCakes118

Files

f104ffe5683a803cf13353d3a7e418d8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e850a51134c3aa021e480dea81896ee8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

RxNetUserPasswordSet
NetLocalGroupAdd
NetpCleanFtinfoContext
NetConnectionEnum
RxRemoteApi
NetMessageNameDel
RxNetAccessDel
NetReplExportDirDel
NetLocalGroupSetInfo
NetpwPathType
DsRoleFreeMemory
NetShareCheck

opengl32

glCallLists
glColor3b
glColor3fv
glDrawElements
glVertex4dv
glRectf
wglCreateLayerContext
glDrawArrays
glPushAttrib
glNormalPointer
glBitmap
glClipPlane
glViewport
glRasterPos4iv
glMap2d
glClearIndex
glColor4dv
glPixelMapusv

untfs

?Read@NTFS_ATTRIBUTE@@QAEEPAXVBIG_INT@@KPAK@Z
??0NTFS_CLUSTER_RUN@@QAE@XZ
?ReadList@NTFS_ATTRIBUTE_LIST@@QAEEXZ
??1NTFS_MFT_FILE@@UAE@XZ
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEVBIG_INT@@KPAVNTFS_MASTER_FILE_TABLE@@@Z
??0NTFS_MFT_FILE@@QAE@XZ
?IsAllocated@NTFS_BITMAP@@QBEEVBIG_INT@@0@Z
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEVBIG_INT@@PAVNTFS_MASTER_FILE_TABLE@@@Z
??1NTFS_UPCASE_TABLE@@UAE@XZ
?QueryExtentList@NTFS_ATTRIBUTE_RECORD@@QBEEPAVNTFS_EXTENT_LIST@@@Z
?Write@NTFS_ATTRIBUTE@@UAEEPBXVBIG_INT@@KPAKPAVNTFS_BITMAP@@@Z
??1NTFS_FRS_STRUCTURE@@UAE@XZ
?Save@NTFS_INDEX_TREE@@QAEEPAVNTFS_FILE_RECORD_SEGMENT@@@Z
??0NTFS_UPCASE_FILE@@QAE@XZ
?Relocate@NTFS_CLUSTER_RUN@@QAEXVBIG_INT@@@Z
?CopyIterator@NTFS_INDEX_TREE@@QAEEPAV1@@Z
?InsertIntoFile@NTFS_ATTRIBUTE@@UAEEPAVNTFS_FILE_RECORD_SEGMENT@@PAVNTFS_BITMAP@@@Z

kernel32

FreeUserPhysicalPages
GetCurrentProcessId
OutputDebugStringW
GetTickCount
GetDateFormatA
GetDiskFreeSpaceW
VirtualAlloc
ResetWriteWatch
FindNextVolumeMountPointA
GetCurrentThreadId
QueryPerformanceCounter
GetConsoleCommandHistoryW
ConnectNamedPipe
ZombifyActCtx
GetCommProperties
SetUnhandledExceptionFilter
GetCurrentActCtx

olesvr32

WEP
OleRevokeServer
EnumForTerminate
TerminateClients
OleRevertServerDoc
ItemWndProc
DocWndProc
OleRevokeObject
OleBlockServer
FindItemWnd
SendRenameMsg
OleSavedServerDoc
OleRegisterServer
SrvrWndProc
TerminateDocClients
OleRevokeServerDoc

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 619B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e850a51134c3aa021e480dea81896ee8

Headers

DLL Characteristics

File Characteristics

Imports

netapi32

opengl32

untfs

kernel32

olesvr32

Sections

.text Size: 17KB - Virtual size: 16KB

.rdata Size: 1024B - Virtual size: 619B

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 17KB - Virtual size: 16KB

.rdata
Size: 1024B - Virtual size: 619B

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB