090c31d6dc8f7df1312579e83542625c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

090c31d6dc8f7df1312579e83542625c_JaffaCakes118
Size

372KB
MD5

090c31d6dc8f7df1312579e83542625c
SHA1

452924176e5b5841282631590acbbc2f6102e2ed
SHA256

469e0c74f7ed2650e5a68638abea89bb28a6fd3cadc572075af7f9c7faa261f0
SHA512

0c243bc82a5da88e1a5df727e9261880d5cc1d01612f6c23c8aabfd469399979aa02954fcfe28442a439f7bc1cf5fa6b00d8800f60767760052051b5146d9a4a
SSDEEP

6144:6tFyGg2NnHGP1DieOCYXE7Zon4GwCgidTLKzphmEW5dkSCClJ+IpStRVkmZ3bt/f:yXgl1DieOhXyVGwO0W7kClmtDkmVbN7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
090c31d6dc8f7df1312579e83542625c_JaffaCakes118

Files

090c31d6dc8f7df1312579e83542625c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

190be75dac267688e5f934406a4bdba7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

SystemFunction041
SystemFunction040
RevertToSelf
LogonUserW
ImpersonateLoggedOnUser

kernel32

FileTimeToSystemTime
LocalFileTimeToFileTime
GetCurrentThreadId
EnterCriticalSection
GetSystemTimeAsFileTime
CompareStringW
LocalFree
FileTimeToDosDateTime
GetTickCount
GetACP
DosDateTimeToFileTime
GetCurrentProcessId
LocalAlloc
DisableThreadLibraryCalls
InitializeCriticalSection
FormatMessageW
GetProcAddress
GetSystemTime
GetCurrentProcess
SetUnhandledExceptionFilter
FreeLibrary
DeleteCriticalSection
SystemTimeToTzSpecificLocalTime
TerminateProcess
LoadLibraryW
GetLastError
QueryPerformanceCounter
UnhandledExceptionFilter
InterlockedDecrement
CloseHandle
InterlockedIncrement
FileTimeToLocalFileTime
SystemTimeToFileTime

user32

wsprintfW

ole32

CoCreateInstance

msvcrt

sprintf
_purecall
wcscmp
free
wcschr
wcstok
swscanf
malloc
_wcsnicmp
_adjust_fdiv
wcscat
_wcsicmp
wcscpy
wcslen
_except_handler3
_initterm

adsldpc

FreeObjectInfo
LdapModifyS
ADsObject
LdapReadAttributeFast
LdapCompareExt
LdapValueFree
GetDefaultServer
ReadServerSupportsIsADControl
ChangeSeparator
LdapCloseObject
BuildADsPathFromLDAPPath
BuildLDAPPathFromADsPath2
LdapOpenObject

ntdll

NtAddAtom
NtAllocateVirtualMemory

netapi32

NetUserSetInfo
NetUserChangePassword

secur32

LsaCallAuthenticationPackage
LsaConnectUntrusted
LsaFreeReturnBuffer
LsaDeregisterLogonProcess
LsaLookupAuthenticationPackage

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

190be75dac267688e5f934406a4bdba7

Headers

File Characteristics

Imports

advapi32

kernel32

user32

ole32

msvcrt

adsldpc

ntdll

netapi32

secur32

Sections

.text Size: 7KB - Virtual size: 6KB

.rsrc Size: 202KB - Virtual size: 202KB

.data Size: 18KB - Virtual size: 1.2MB

.rdata Size: 144KB - Virtual size: 143KB

.text
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 202KB - Virtual size: 202KB

.data
Size: 18KB - Virtual size: 1.2MB

.rdata
Size: 144KB - Virtual size: 143KB