0ee3e2bd3dfce4d594cbdbc56a8d530e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0ee3e2bd3dfce4d594cbdbc56a8d530e_JaffaCakes118
Size

869KB
MD5

0ee3e2bd3dfce4d594cbdbc56a8d530e
SHA1

3817811036999212c797f8d7407cc9d3482ca240
SHA256

5307331c28b88993ef8373dab5459daf5e8e84ce2626187652b270130a7e6dc2
SHA512

39dc0002f30edafb611b3240b8e6c9f10f1a10e04b5987a34feda1ff20904635ed24831c24d773034c98b35a08e717782a9bb2721f608a1203d864f4bcc242b1
SSDEEP

24576:CVQeE6yRtD94HX/66VzWls+99k3z0XCV3to1M:nesD94HPDfIkj0yVC1M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ee3e2bd3dfce4d594cbdbc56a8d530e_JaffaCakes118

Files

0ee3e2bd3dfce4d594cbdbc56a8d530e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

bc5ed4f602bf5e13dc7270531be2c8b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winipsec

GetQMPolicyByID
MatchMMFilter
EnumMMAuthMethods
GetMMFilter
DeleteMMAuthMethods
DeleteMMPolicy
MatchTunnelFilter
SPDApiBufferFree
MatchTransportFilter
OpenTransportFilterHandle
AddMMFilter
GetMMPolicy
GetTransportFilter
EnumMMFilters
SetQMPolicy
GetMMAuthMethods
EnumQMSAs
GetTunnelFilter
AddQMPolicy
GetQMPolicy
OpenMMFilterHandle
EnumTunnelFilters
CloseTunnelFilterHandle
SetMMPolicy
SetMMFilter
SetMMAuthMethods
SetTransportFilter
AddTransportFilter
EnumQMPolicies
SPDApiBufferAllocate
DeleteQMPolicy

dbghelp

SymEnumerateSymbols64
omap
SymInitialize
SearchTreeForFile
SymLoadModule
EnumerateLoadedModules
SymUnloadModule
UnDecorateSymbolName
SymRegisterFunctionEntryCallback64
FindExecutableImage
SymGetSymNext
SymGetModuleInfoW
SymGetSymFromAddr64
SymEnumSourceFiles
DbgHelpCreateUserDump
SymGetOptions
FindExecutableImageEx
StackWalk64
SymCleanup
SymGetSymPrev64
ImageRvaToVa
srcfiles
UnmapDebugInformation
SymEnumSym
lmi
SymGetSymNext64
SymSetSearchPath
FindDebugInfoFile
MiniDumpReadDumpStream
SymEnumerateSymbolsW
SymGetModuleInfo
SymFunctionTableAccess
SymGetLineFromName64
ImageDirectoryEntryToDataEx
SymGetLineNext
SymFromAddr
EnumerateLoadedModules64
SymFunctionTableAccess64
SymGetSymPrev

kernel32

HeapCreate
QueryMemoryResourceNotification
EraseTape
GetNumberOfConsoleMouseButtons
CreateDirectoryW
GlobalAddAtomA
ReadConsoleOutputW
CancelIo
FindVolumeMountPointClose
WTSGetActiveConsoleSessionId
SetVolumeLabelW
OpenSemaphoreW
SetComputerNameExA
InitializeCriticalSectionAndSpinCount
GetEnvironmentStringsA
DeleteCriticalSection
EnumDateFormatsW
GetAtomNameW
ReadConsoleInputA
GetUserDefaultLCID
GetStartupInfoW
GetVolumePathNameW
GetModuleHandleW
VirtualAlloc
WriteConsoleOutputCharacterA
QueryDosDeviceA
GetEnvironmentStringsW
LoadLibraryA
GetProfileIntA
ReadConsoleA
WritePrivateProfileSectionW
DnsHostnameToComputerNameW

mprddm

DDMAdminPortClearStats
RasAuthProviderTerminate
IfObjectSetDialoutHoursRestriction
DDMAdminPortDisconnect
RasAcctProviderInitialize
RasAcctConfigChangeNotification
IfObjectInitiatePersistentConnections
RasAuthProviderAuthenticateUser
DDMDisconnectInterface
DDMServicePostListens
DDMAdminPortReset
DDMAdminInterfaceConnect
RasAuthProviderInitialize
DDMAdminServerGetInfo
IfObjectLoadPhonebookInfo
DDMAdminPortEnum
RasAcctProviderTerminate
RasAcctProviderFreeAttributes
DDMRegisterConnectionNotification
RasAuthConfigChangeNotification
RasAuthProviderFreeAttributes
DDMAdminPortGetInfo
DDMAdminConnectionGetInfo
DDMAdminConnectionEnum
RasAcctProviderInterimAccounting
DDMGetIdentityAttributes
DDMServiceInitialize
IfObjectNotifyOfReachabilityChange
RasAcctProviderStopAccounting
RasAcctProviderStartAccounting
DDMTransportCreate
DDMConnectInterface
DDMAdminInterfaceDisconnect

gpedit

DllGetClassObject
ExportRSoPData
DeleteAllGPOLinks
ImportRSoPData
DeleteGPOLink
BrowseForGPO
CreateGPOLink

netapi32

DsRoleGetDcOperationProgress
NetDfsRemoveFtRoot
NetServerGetInfo
NetRemoteTOD
NetReplImportDirAdd
I_NetDatabaseSync
I_NetAccountDeltas
NetWkstaUserEnum
I_NetLogonSamLogonEx
NetSessionEnum
NetApiBufferAllocate
RxNetServerEnum
NetMessageNameEnum
I_NetLogonSamLogoff
NetWkstaSetInfo
NetLocalGroupGetInfo
NetGetDisplayInformationIndex
Netbios
NetpGetConfigBool
NetReplExportDirLock
NetDfsAddFtRoot
NetpwPathType
NetGroupDel
NetGetJoinableOUs
NetpOpenConfigData
NetBrowserStatisticsGet
I_NetDatabaseRedo
I_NetlogonComputeServerDigest

Sections

.text
Size: 375KB - Virtual size: 375KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 367KB - Virtual size: 367KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc5ed4f602bf5e13dc7270531be2c8b1

Headers

DLL Characteristics

File Characteristics

Imports

winipsec

dbghelp

kernel32

mprddm

gpedit

netapi32

Sections

.text Size: 375KB - Virtual size: 375KB

.rdata Size: 367KB - Virtual size: 367KB

.data Size: 124KB - Virtual size: 1.6MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 375KB - Virtual size: 375KB

.rdata
Size: 367KB - Virtual size: 367KB

.data
Size: 124KB - Virtual size: 1.6MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB