055b9ca9b015f57b887b3a9e68168e60_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

055b9ca9b015f57b887b3a9e68168e60_JaffaCakes118
Size

863KB
MD5

055b9ca9b015f57b887b3a9e68168e60
SHA1

6754c1a3dd6dc1b3e81715e37113d2f225ea565c
SHA256

62caede5906e92a26d5a68da4a083590bb08fcf794b6179a1c22d3c73ece1888
SHA512

b435e9a636b8c277f4ff5dbfe5ce28678805de82ee33e59e9546f30cc78d35c66bd0432cb6f05ef97117270db698e6f24dcab611c769d56c833d588e8f9446ca
SSDEEP

12288:/BnSNQjWJpNGU3qbwG/BTR9R7EGFgQw1DhRx7xifDhACfM2L3Lb53uPThBcmQnJL:ZnljWmbZ9KMgFL4GCEM3Lb53sTh6mQn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
055b9ca9b015f57b887b3a9e68168e60_JaffaCakes118

Files

055b9ca9b015f57b887b3a9e68168e60_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c40f9edab0b19965f49d778b5df1b08e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwQueryIoCompletion
ZwSetBootEntryOrder
RtlCreateHeap
ZwRaiseException
ZwOpenSection
RtlGetLongestNtPathLength
NtAccessCheckAndAuditAlarm
NtSetLowEventPair
NtWaitHighEventPair
_strcmpi
RtlReAllocateHeap
RtlFindClearBitsAndSet
ZwAccessCheckByTypeResultList
LdrFindResourceEx_U
ZwCreateMailslotFile
ZwCreatePagingFile
_wcslwr
RtlRemoteCall
RtlEqualDomainName
NtTestAlert
ZwCreateNamedPipeFile
NtReadFileScatter
_vsnwprintf
NtCreateSymbolicLinkObject
ZwSetEventBoostPriority
LdrGetDllHandleEx
RtlNewSecurityGrantedAccess
RtlTraceDatabaseValidate
ZwQueryDirectoryObject
RtlInterlockedFlushSList
ZwAccessCheckByTypeResultListAndAuditAlarm
RtlAppendAsciizToString
RtlEnumerateGenericTableWithoutSplayingAvl
RtlGetCurrentPeb
ZwModifyBootEntry
RtlSetSecurityObject
NtOpenKeyedEvent
ZwGetPlugPlayEvent
RtlAddAtomToAtomTable
ZwQueryDirectoryFile
_ltow
ZwSetHighWaitLowEventPair
RtlGetUserInfoHeap
RtlTraceDatabaseEnumerate
NtCreatePort
RtlSubtreePredecessor
RtlAllocateHeap
NtSetDefaultHardErrorPort
RtlMapSecurityErrorToNtStatus
PfxInitialize
RtlDelete
RtlAddAttributeActionToRXact
memchr
RtlTraceDatabaseAdd
ZwFsControlFile
ZwDuplicateObject
ZwCreateTimer
ZwClose
NtSetThreadExecutionState
NtRequestPort
RtlHashUnicodeString
ZwGetContextThread
LdrEnumResources
RtlAnsiStringToUnicodeSize

user32

IMPGetIMEA
ActivateKeyboardLayout
DdeReconnect
SetMenuItemInfoA
UpdateWindow
DdeGetLastError
OemToCharBuffW
ExcludeUpdateRgn
OemToCharA
GetDCEx
GetCaretBlinkTime
IsCharAlphaNumericW
IsDialogMessageW
DlgDirSelectExA
ChangeDisplaySettingsExA
MonitorFromRect
GrayStringA
GetScrollBarInfo
CreateAcceleratorTableA
CreateDialogParamA
EnumDesktopsA
MapWindowPoints
CallWindowProcA
GetWindowModuleFileName
RealGetWindowClassA
BeginDeferWindowPos
CreateMDIWindowW
DlgDirListComboBoxW
wsprintfW
EnumClipboardFormats
ValidateRgn
MapDialogRect
DdeQueryStringA
DlgDirListW
SetSysColorsTemp
CharPrevW
GetMessageA
SetMenuInfo
CreateIconFromResourceEx
MapVirtualKeyExW
SetShellWindowEx
EndPaint
DefMDIChildProcW
GetDlgItem
WINNLSGetEnableStatus
DdePostAdvise
PostMessageA
BuildReasonArray
CascadeWindows
ShowStartGlass
MoveWindow
RegisterWindowMessageW
GetMenuItemID
GetCursorInfo
GetKeyState
EnumThreadWindows
CreateMDIWindowA
SetClipboardViewer
BroadcastSystemMessageW
PackDDElParam
AllowSetForegroundWindow

odbcbcp

bcp_moretext
SQLGetNextEnumeration
bcp_bind
dbprtypeA
bcp_initA
bcp_readfmtW
bcp_setcolfmt
dbprtypeW
bcp_exec
bcp_sendrow
SQLCloseEnumServers
bcp_columns
LibMain
bcp_colptr
bcp_writefmtW
bcp_batch
bcp_colfmt
bcp_getcolfmt
SQLLinkedCatalogsA
bcp_writefmtA
bcp_readfmtA
bcp_initW
bcp_done
SQLLinkedServers
bcp_collen
bcp_control
SQLLinkedCatalogsW
SQLInitEnumServers

ntdsapi

DsListRolesW
DsBindWithCredW
DsFreeNameResultA
DsReplicaUpdateRefsA
DsIsMangledDnW
DsRemoveDsServerW
DsFreeSchemaGuidMapW
DsCrackNamesW
DsFreeSchemaGuidMapA
DsIsMangledRdnValueA
DsIsMangledDnA
DsMapSchemaGuidsA
DsFreeDomainControllerInfoW
DsListServersInSiteA
DsServerRegisterSpnA
DsReplicaGetInfo2W
DsaopExecuteScript
DsQuoteRdnValueW
DsMapSchemaGuidsW
DsReplicaVerifyObjectsW
DsFreePasswordCredentials
DsFreeDomainControllerInfoA
DsFreeSpnArrayA
DsRemoveDsDomainW
DsUnBindW
DsReplicaSyncA
DsBindA
DsListServersForDomainInSiteW
DsClientMakeSpnForTargetServerW
DsBindWithSpnA
DsRemoveDsDomainA
DsCrackSpn2A
DsCrackSpnA
DsGetRdnW
DsReplicaAddA
DsCrackUnquotedMangledRdnA

kernel32

GetCommProperties
SetEndOfFile
EraseTape
ReplaceFileW
GetSystemDirectoryW
LoadLibraryA
GlobalFindAtomA
GetFileAttributesW
lstrcpynA
HeapSize
VirtualAlloc
lstrlen
HeapValidate
IsBadReadPtr
GetCurrentDirectoryW
GetProcessTimes
SetCommMask
EnumSystemCodePagesA
IsDBCSLeadByteEx
VirtualQuery
InitializeCriticalSection
IsValidLocale
GetConsoleAliasExesA
FindFirstFileExW
GetDiskFreeSpaceW
GlobalMemoryStatusEx
RegisterWaitForSingleObjectEx
GetPrivateProfileSectionNamesW
CreateActCtxA
ReleaseMutex
WriteConsoleW
ReleaseSemaphore
GetConsoleCommandHistoryW
FillConsoleOutputCharacterW
GetWriteWatch
GetThreadPriorityBoost
SetFileTime

Sections

.text
Size: 333KB - Virtual size: 333KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 303KB - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 222KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c40f9edab0b19965f49d778b5df1b08e

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

user32

odbcbcp

ntdsapi

kernel32

Sections

.text Size: 333KB - Virtual size: 333KB

.rdata Size: 303KB - Virtual size: 303KB

.data Size: 222KB - Virtual size: 1.7MB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 333KB - Virtual size: 333KB

.rdata
Size: 303KB - Virtual size: 303KB

.data
Size: 222KB - Virtual size: 1.7MB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 1024B