54645e480f42f0fd6553dd84925fc652_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

54645e480f42f0fd6553dd84925fc652_JaffaCakes118
Size

185KB
MD5

54645e480f42f0fd6553dd84925fc652
SHA1

55549ff0d413f169796023c502fb29e72d2217e1
SHA256

eac2aee6b368e21e8268c0b43dede5b863e75db8f8815d6011e9cc91d2d04334
SHA512

ce3bb4c95bd9fba4a46c111c6ed312fcf0404029ee9ada7c74473a5efd0450a08061d1e30d66a2d8d0799749576df534d892fcbec5d028e620e4d7b4f305a094
SSDEEP

3072:eu94wHeYVfD93uh/TATDB4GbUQwTOuAjOBXmBj4/s2NUamijQ+dk4a:R4/WD96oOGLuOzjYem/+F5e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
54645e480f42f0fd6553dd84925fc652_JaffaCakes118

Files

54645e480f42f0fd6553dd84925fc652_JaffaCakes118
.dll windows:5 windows x86 arch:x86

a052bd31c996232a7c1d6e20aaa7e99b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\gave\Sand\settle\See\Own\Six\butShort.pdb

Imports

kernel32

CreateProcessW
GetModuleHandleW
InitializeCriticalSection
Sleep
GetTempPathW
OpenMutexW
EnterCriticalSection
VirtualProtect
SetFileAttributesW
CreateFileW
GetStringTypeW
LCMapStringW
WriteConsoleW
GetProcessHeap
SetEndOfFile
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
GetConsoleMode
GetConsoleCP
IsProcessorFeaturePresent
SetStdHandle
SetFilePointer
CreateFileA
LoadLibraryW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetLastError
HeapFree
HeapAlloc
HeapReAlloc
GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
HeapCreate
HeapDestroy
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
LeaveCriticalSection
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
RtlUnwind
MultiByteToWideChar
ReadFile
CloseHandle
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetModuleFileNameA

ole32

CoInitialize
StgCreateDocfile
CoSuspendClassObjects
CoUninitialize
OleCreate

ntdsapi

DsMakeSpnW
DsBindWithSpnW
DsInheritSecurityIdentityW
DsClientMakeSpnForTargetServerW
DsIsMangledDnW
DsListRolesW
DsListServersForDomainInSiteW
DsMakePasswordCredentialsW
DsQuoteRdnValueW
DsListServersInSiteW
DsListSitesW
DsCrackNamesW
DsCrackUnquotedMangledRdnW
DsGetDomainControllerInfoW
DsFreeSpnArrayW
DsFreeNameResultW
DsGetSpnW
DsCrackSpnW
DsIsMangledRdnValueW
DsMapSchemaGuidsW
DsRemoveDsDomainW
DsRemoveDsServerW
DsFreeSchemaGuidMapW
DsFreePasswordCredentials
DsListInfoForServerW
DsListDomainsInSiteW
DsFreeDomainControllerInfoW

Exports

Exports

Develophalf

Sections

.text
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1015KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a052bd31c996232a7c1d6e20aaa7e99b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

ntdsapi

Exports

Exports

Sections

.text Size: 70KB - Virtual size: 69KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 4KB - Virtual size: 1015KB

.rsrc Size: 71KB - Virtual size: 71KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 70KB - Virtual size: 69KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 4KB - Virtual size: 1015KB

.rsrc
Size: 71KB - Virtual size: 71KB

.reloc
Size: 7KB - Virtual size: 7KB