fc70f10326b6d226f03ad3e333bcea29_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fc70f10326b6d226f03ad3e333bcea29_JaffaCakes118
Size

45KB
MD5

fc70f10326b6d226f03ad3e333bcea29
SHA1

a2bbba6322c07cbd8935b81efd13458194d1a4db
SHA256

57e033fbb75ebdcadbf5e576aa5b568e91eaa5955d62ffc6681c21c6ede9d492
SHA512

adbd6273e099b246cadb5aceae4643d30a5ddc2743740c1d69e774ffd272a1c7452cbdcad065b1f34c641b3541d08228c5a81c73bed8034fab5a8e3ebd8cd59a
SSDEEP

768:fuMYfAjQ5NBugGMXb7d/2JEOKeHf1k1eVTHfVXuECkQ8Dz33cVaKUZc:fuMY48LBuno7d0Ejy12eVTH9vCl8/suS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc70f10326b6d226f03ad3e333bcea29_JaffaCakes118

Files

fc70f10326b6d226f03ad3e333bcea29_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4a0cbd56b6793b394153e284d1530d47

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DdeQueryConvInfo
GetForegroundWindow
MoveWindow
EnumDisplayDevicesW
QuerySendMessage
MessageBoxA
GetAsyncKeyState
RealGetWindowClass
SendIMEMessageExA
DefDlgProcA
CharLowerBuffW
MessageBoxW
WINNLSGetEnableStatus
SendIMEMessageExW
GetMonitorInfoA
CreateDialogIndirectParamA
DestroyIcon
LoadIconA
UnpackDDElParam
GetReasonTitleFromReasonCode
DisableProcessWindowsGhosting
DdeGetData
DdeConnect
GetWindowInfo
CheckMenuItem
SetSysColors
CreateDialogIndirectParamAorW
ValidateRgn
BroadcastSystemMessageW
CharLowerA
GetDlgItemInt
wvsprintfA

kernel32

ScrollConsoleScreenBufferW
BaseCheckAppcompatCache
ReplaceFile
SetUnhandledExceptionFilter
EndUpdateResourceA
GetHandleContext
SetLocalPrimaryComputerNameW
EnumResourceTypesA
GetConsoleFontSize
QueryPerformanceCounter
GetPrivateProfileIntW
SetComputerNameExA
SetConsoleNumberOfCommandsA
GetLocalTime
CompareStringA
CreateProcessInternalW
GetProfileIntW
FindAtomW
SearchPathA
lstrcatW
WriteTapemark
WriteFileEx
SetThreadContext
VirtualAlloc
PulseEvent
GetOEMCP
IsProcessInJob
DisconnectNamedPipe
GetTickCount
DeleteFiber
ExitProcess
LoadLibraryA

ntdsapi

DsReplicaSyncW
DsGetRdnW
DsCrackSpn2A
DsFreePasswordCredentials
DsInheritSecurityIdentityW
DsFreeSchemaGuidMapA
DsReplicaAddA
DsFreeDomainControllerInfoA
DsReplicaDelW
DsBindA
DsFreeSchemaGuidMapW
DsFreeNameResultA
DsCrackUnquotedMangledRdnA
DsReplicaUpdateRefsW
DsListInfoForServerW
DsClientMakeSpnForTargetServerA
DsListDomainsInSiteA
DsListServersInSiteA
DsaopBindWithSpn
DsReplicaModifyW
DsBindWithCredW
DsReplicaVerifyObjectsA
DsFreeSpnArrayW
DsListRolesW
DsReplicaConsistencyCheck
DsReplicaSyncA
DsFreeDomainControllerInfoW
DsBindWithSpnW
DsQuoteRdnValueW
DsListRolesA
DsReplicaVerifyObjectsW

advapi32

ProcessTrace
LsaQueryDomainInformationPolicy
ConvertStringSDToSDRootDomainW
QueryTraceW
CryptEnumProvidersA
WmiFreeBuffer
ImpersonateNamedPipeClient
LsaEnumerateAccountRights
LsaAddPrivilegesToAccount
LsaNtStatusToWinError
EqualDomainSid
LsaQueryTrustedDomainInfo
CredUnmarshalCredentialW
BuildImpersonateTrusteeA
RegCreateKeyExW
GetSidSubAuthority
ReadEncryptedFileRaw
TrusteeAccessToObjectW
LsaCreateAccount
SetEntriesInAclA
LsaSetQuotasForAccount
GetManagedApplicationCategories
AreAllAccessesGranted
I_ScGetCurrentGroupStateW
DuplicateTokenEx
LsaRetrievePrivateData
LsaEnumerateAccounts
GetSidIdentifierAuthority
LookupAccountSidW
RegOverridePredefKey
CryptSetHashParam
SetPrivateObjectSecurity

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a0cbd56b6793b394153e284d1530d47

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

ntdsapi

advapi32

Sections

.text Size: 35KB - Virtual size: 34KB

.rdata Size: 7KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 35KB - Virtual size: 34KB

.rdata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB