15e68d893bc92e5d3b11f3da04e931be_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

15e68d893bc92e5d3b11f3da04e931be_JaffaCakes118
Size

25KB
MD5

15e68d893bc92e5d3b11f3da04e931be
SHA1

490cfce5b26f744bb50d54b9f774a6f7cbf3f51d
SHA256

df7971a8c2407205e96e32da654414716fe39d76ad6f184e860bca4a65341b21
SHA512

e39a4b0a4bce861e875d04b90fb425b237a7cd01b232ce86beb1c53ab6098392ed8010b69fc9116f06ec01da32a40147321f5c66742e284abcc8ce6a44565285
SSDEEP

768:HmZxu/Cu4gqdc4nPgMtiloVEwxjbJaI2d:HmZx83q1Pg/loVEIl2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15e68d893bc92e5d3b11f3da04e931be_JaffaCakes118

Files

15e68d893bc92e5d3b11f3da04e931be_JaffaCakes118
.exe windows:4 windows x86 arch:x86

56d2f3b2ff122e51eaf292b3bfd932fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_purecall
_wcsnicmp
wcscpy
_onexit
_wtol
_except_handler3
wcschr
wcscat
_ftol
wcslen
free
_adjust_fdiv
_ltow
wcsrchr
malloc
_wcsicmp
wcscmp
_initterm
_itow
__dllonexit
_CxxThrowException

rpcrt4

RpcStringFreeW

netapi32

NetSessionDel
NetUserModalsSet
NetGroupAddUser
NetShareAdd
NetUseGetInfo
NetGetDCName
NetLocalGroupEnum
NetUserChangePassword
NetLocalGroupGetMembers
DsRoleGetPrimaryDomainInformation
NetQueryDisplayInformation
NetShareEnum
NetSessionEnum
NetShareGetInfo
NetUserAdd
NetShareDel
NetGroupAdd
NetServerGetInfo
NetServerEnum
NetUserGetLocalGroups
NetApiBufferFree
NetGroupDelUser
NetShareSetInfo
DsRoleFreeMemory
NetGroupGetUsers
NetUserGetGroups
NetGroupSetInfo
NetGroupGetInfo
NetUserSetInfo
NetGroupDel
NetGetAnyDCName
NetLocalGroupSetInfo
NetLocalGroupGetInfo
NetWkstaGetInfo
NetLocalGroupAdd
NetWkstaUserGetInfo
NetFileGetInfo
NetGroupEnum
NetUserModalsGet
NetUserDel
NetLocalGroupAddMembers
NetUserGetInfo
NetSessionGetInfo
NetServerSetInfo
NetLocalGroupDel
NetLocalGroupDelMembers

user32

LoadStringW
wsprintfW

ole32

CoTaskMemFree
StringFromGUID2
CLSIDFromString
CreatePointerMoniker
StringFromCLSID
CoCreateInstance
IIDFromString

oleaut32

VariantCopy

ntdll

RtlTimeToSecondsSince1970
RtlAddAccessAllowedAceEx
NtAllocateVirtualMemory
RtlInitUnicodeString
RtlAdjustPrivilege

advapi32

GetUserNameW
LookupAccountNameW
LockServiceDatabase
RegQueryValueExW
GetSidIdentifierAuthority
RegCloseKey
GetSidSubAuthority
RegConnectRegistryW
CloseServiceHandle
OpenServiceW
UnlockServiceDatabase
SystemFunction040
QueryServiceStatus
EnumServicesStatusW
ChangeServiceConfigW
QueryServiceConfigW
StartServiceW
DeleteService
CreateServiceW
SystemFunction041
RegOpenKeyExW
OpenSCManagerW
ControlService
GetLengthSid
RegEnumKeyExW
GetSidSubAuthorityCount

kernel32

FileTimeToSystemTime
GetProcAddress
DeleteCriticalSection
LocalFileTimeToFileTime
DisableThreadLibraryCalls
GetCurrentThreadId
SetUnhandledExceptionFilter
InterlockedIncrement
FileTimeToDosDateTime
QueryPerformanceCounter
CreateSemaphoreW
InitializeCriticalSection
DosDateTimeToFileTime
GetTickCount
FormatMessageW
ReleaseSemaphore
GetSystemTime
SystemTimeToFileTime
EnterCriticalSection
LeaveCriticalSection
GetStartupInfoA
CompareStringW
lstrlenW
LoadLibraryW
FileTimeToLocalFileTime
InterlockedDecrement
UnhandledExceptionFilter
SetLastError
GetCurrentProcessId
CloseHandle
FreeLibrary
LocalFree
LocalAlloc
GetSystemTimeAsFileTime
WaitForSingleObject
TerminateProcess
GetCurrentProcess
GetLastError
GetComputerNameW
GetModuleHandleW

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56d2f3b2ff122e51eaf292b3bfd932fd

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

rpcrt4

netapi32

user32

ole32

oleaut32

ntdll

advapi32

kernel32

Sections

.text Size: 3KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 80KB

.idata Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 10KB - Virtual size: 9KB

.reloc Size: 512B - Virtual size: 56B

.text
Size: 3KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 80KB

.idata
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 512B - Virtual size: 56B