f39baa6c6a1db0740f69fcea133f6878_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f39baa6c6a1db0740f69fcea133f6878_JaffaCakes118
Size

870KB
MD5

f39baa6c6a1db0740f69fcea133f6878
SHA1

1f03cd5b78519dcc5c5cbb4f1bc43555b71af74e
SHA256

dafb50878fbfbc27527da3c66dba46e580050810657487460ba110f1d845c998
SHA512

52a1e7ca60a4ac4f8d74f0e1201c0500f18ed2e700d104c0a9c41b5f91aa6fb6cca029b39f97d7e84d35f9c35422369e19f4a3b6edf51e3bb93d317aea3ef77f
SSDEEP

24576:PibQHeUR95sFJXN5aQ/7E0CXINTkRcQwJ:Pk+eeQ3XjaE7bCXINT0cQw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f39baa6c6a1db0740f69fcea133f6878_JaffaCakes118

Files

f39baa6c6a1db0740f69fcea133f6878_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5a929c41a626e65cf7302e797549974e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetShareDelSticky
NetServiceInstall
NetReplGetInfo
NetLocalGroupAdd
NetScheduleJobEnum
NetpGetConfigDword
Netbios
NetUnregisterDomainNameChangeNotification
NetpGetFileSecurity
NetDfsRemove
DsRoleDemoteDc
NetUserGetLocalGroups
NetUserModalsGet
DsRoleDcAsDc
RxRemoteApi
NetpIsUncComputerNameValid
NetDfsSetClientInfo
NetLocalGroupSetInfo
NetGroupAdd
NetUserEnum
NetEnumerateTrustedDomains
I_NetLogonSamLogonEx
DsGetDcSiteCoverageA
I_NetlogonComputeServerDigest
NetLocalGroupDel
NetServerComputerNameAdd
I_NetLogonControl
NetWkstaUserSetInfo
I_NetServerPasswordSet2

kernel32

ChangeTimerQueueTimer
FreeLibrary
AssignProcessToJobObject
GetHandleContext
VerLanguageNameW
GetSystemDefaultLCID
GetConsoleInputExeNameA
GetSystemWow64DirectoryA
VerifyConsoleIoHandle
GlobalGetAtomNameW
MapUserPhysicalPages
GetProfileIntW
GetPrivateProfileStringW
CreateFiber
LoadLibraryA
RestoreLastError
FindResourceW
VirtualAlloc
SetHandleInformation
GetUserDefaultLCID
SetEvent
GetWindowsDirectoryW
SetFirmwareEnvironmentVariableW
BuildCommDCBA
DuplicateConsoleHandle
EnumCalendarInfoA
CreateNamedPipeA
OpenConsoleW
LeaveCriticalSection
EnterCriticalSection
VirtualUnlock
IsDebuggerPresent
GetCommandLineA
WriteFileGather
SetLastConsoleEventActive
EnumTimeFormatsW
GetCurrentProcessId
FindNextVolumeA
SetConsoleScreenBufferSize
IsValidCodePage
SetCurrentDirectoryW
OpenThread
DeleteVolumeMountPointA
OpenFileMappingW
WaitForDebugEvent
IsValidLocale
SetVolumeLabelW

oleaut32

SafeArrayCopy
VarI4FromUI1
VarR8Round
VarBoolFromI1
VarDateFromR8
VarFormat
CreateTypeLib
VarBstrFromUI8
LHashValOfNameSys
VarUI4FromUI1
UnRegisterTypeLib
SetOaNoCache
VarR8FromDate
BSTR_UserMarshal
VarI2FromDisp
VarCyMulI8
VarDecFromStr
VarBoolFromUI4
VarUI2FromCy
VarR4CmpR8
VarFix
VarTokenizeFormatString
ClearCustData
VarDecFromUI2
VarBstrFromCy
VarI1FromDisp
VarDecRound
LPSAFEARRAY_Marshal

lz32

LZSeek
LZClose
LZCreateFileW
LZOpenFileW
LZStart
GetExpandedNameA
LZInit
LZCloseFile
LZOpenFileA
LZCopy
LZDone
LZRead
CopyLZFile

user32

SetSystemCursor
SwapMouseButton
FillRect
DeregisterShellHookWindow
WINNLSGetEnableStatus
IsRectEmpty
CloseWindowStation
SystemParametersInfoW
EnumPropsA
ReleaseDC
CreateMDIWindowA
GetClipboardViewer
LoadCursorFromFileW
GetLastInputInfo
SetUserObjectInformationW
CharPrevW
IsWindowInDestroy
CreateWindowExA
RegisterClassW
EnumDisplayDevicesW
SendMessageCallbackA
CharLowerBuffW
CharNextW
IsCharAlphaNumericW
MessageBoxW
MenuWindowProcA
DrawMenuBarTemp
UnlockWindowStation
GetMenuState
DdeDisconnect
LoadIconW
RegisterClassExW
CharLowerBuffA
UserRealizePalette
UserHandleGrantAccess
CreateAcceleratorTableW

cfgmgr32

CM_Get_Res_Des_Data_Ex
CM_Register_Device_Interface_ExW
CMP_Report_LogOn
CM_Get_First_Log_Conf_Ex
CM_Open_Class_KeyA
CM_Is_Dock_Station_Present_Ex
CM_Get_Device_Interface_List_ExA
CM_Modify_Res_Des
CM_Get_Depth
CM_Get_Device_Interface_Alias_ExW
CM_Get_Child_Ex
CM_Get_HW_Prof_Flags_ExA
CM_Locate_DevNodeA
CM_Get_Device_Interface_List_ExW
CM_Free_Resource_Conflict_Handle
CM_Enumerate_EnumeratorsA
CM_Register_Device_InterfaceA
CM_Create_DevNode_ExW
CM_Disconnect_Machine
CM_Locate_DevNode_ExA
CM_Get_Device_Interface_List_Size_ExW
CM_Get_HW_Prof_Flags_ExW
CM_Free_Log_Conf_Ex
CM_Open_Class_Key_ExW
CM_Get_Device_ID_ListA

Sections

.text
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 247KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 428KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5a929c41a626e65cf7302e797549974e

Headers

DLL Characteristics

File Characteristics

Imports

netapi32

kernel32

oleaut32

lz32

user32

cfgmgr32

Sections

.text Size: 191KB - Virtual size: 191KB

.rdata Size: 247KB - Virtual size: 247KB

.data Size: 428KB - Virtual size: 1.8MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 191KB - Virtual size: 191KB

.rdata
Size: 247KB - Virtual size: 247KB

.data
Size: 428KB - Virtual size: 1.8MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB