1b3a8da55a0da1eaaeb72016998c3481_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1b3a8da55a0da1eaaeb72016998c3481_JaffaCakes118
Size

140KB
MD5

1b3a8da55a0da1eaaeb72016998c3481
SHA1

fcb1fe4ec9214f8b6d42d131ce3191706f716804
SHA256

6e82c1bdaedce9b3bb9fc0a6af7d42411b088e4fffa555cfd8c3373f903d559b
SHA512

acb9ce265cd0165ae6338008bafae70b52f0c143f9c4260c1f3baa65a4afa8a3f64d824efdbb38c2b577c8e6fe47358c538b3ec9059f527d6c93621eee2ec173
SSDEEP

3072:wXkqxT0bgIMlKyQdJEJMtg8rJCo3l1ZO0gsCf+giG2f/i0WZ3vk7:fn/Ml5sJ7TrJ111lCf+JGki0WZe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b3a8da55a0da1eaaeb72016998c3481_JaffaCakes118

Files

1b3a8da55a0da1eaaeb72016998c3481_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d9745fc4eb65ce3be8ef530bb879c7d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wldap32

ldap_search_stA
ldap_parse_sort_controlW
ldap_memfreeW
ldap_count_values
ldap_sasl_bind_sA
ldap_get_option
ber_flatten
ldap_add_sA
ldap_sslinitW
ldap_modrdnW
ldap_search_ext
ldap_modify_extW
ldap_delete_s
ldap_delete_sW
ldap_free_controls
ldap_value_free
ldap_memfreeA
ldap_modify_ext
ldap_get_valuesA
ldap_count_values_len
ldap_openW
ldap_modrdnA
ldap_modify_s
ldap_parse_vlv_controlA
ldap_compare_extW
ldap_next_entry
ldap_bindA
ldap_modrdn_s
ldap_next_attributeA
ldap_get_dn

shlwapi

PathIsDirectoryW
PathRemoveBlanksW
UrlIsW
StrCSpnIW
PathUnExpandEnvStringsA
PathRemoveFileSpecW
PathGetCharTypeA
UrlEscapeW
PathIsContentTypeW
PathFindSuffixArrayW
SHRegQueryInfoUSKeyA
PathStripPathW
StrCSpnA
StrCmpW
PathMakePrettyW
SHRegDeleteUSValueA
wvnsprintfA
SHRegCloseUSKey
SHEnumValueW
StrChrW
PathUnExpandEnvStringsW
UrlUnescapeA
StrIsIntlEqualA
SHGetValueW
SHRegGetPathA
UrlEscapeA
PathIsNetworkPathA
UrlHashA
SHEnumValueA
PathSetDlgItemPathA
UrlHashW
PathFileExistsW
StrCpyNW
ChrCmpIW
SHDeleteOrphanKeyW
wnsprintfA
StrStrNW
SHIsLowMemoryMachine
UrlIsOpaqueW
AssocQueryStringW
StrCmpNW
SHQueryInfoKeyA
PathCompactPathExW

ntmarta

AccProvRevokeAccessRights
AccConvertAccessToSD
AccProvGetCapabilities
AccGetInheritanceSource
AccProvHandleIsAccessAudited
AccConvertAclToAccess
AccRewriteGetHandleRights
AccLookupAccountTrustee
AccSetEntriesInAList
AccRewriteGetExplicitEntriesFromAcl
AccProvIsObjectAccessible
AccProvHandleGetAllRights
AccProvHandleRevokeAuditRights
AccGetExplicitEntries
AccFreeIndexArray
AccConvertAccessToSecurityDescriptor
AccProvGetTrusteesAccess
AccProvHandleRevokeAccessRights
AccProvIsAccessAudited
AccProvGetOperationResults
AccRewriteSetEntriesInAcl
AccLookupAccountName
AccLookupAccountSid
AccRewriteGetNamedRights
AccRewriteSetHandleRights
AccConvertSDToAccess
AccGetAccessForTrustee
AccProvHandleGrantAccessRights
AccTreeResetNamedSecurityInfo
AccProvGetAllRights
AccProvHandleGetAccessInfoPerObjectType
AccProvCancelOperation
AccProvSetAccessRights
AccProvHandleGetTrusteesAccess
AccConvertAccessMaskToActrlAccess
AccProvGrantAccessRights
AccRewriteSetNamedRights
AccProvHandleSetAccessRights
AccProvGetAccessInfoPerObjectType
EventGuidToName
AccProvHandleIsObjectAccessible

kernel32

LeaveCriticalSection
CreateProcessInternalA
AllocateUserPhysicalPages
AddConsoleAliasA
BuildCommDCBAndTimeoutsW
GetDefaultCommConfigW
SetFirmwareEnvironmentVariableA
CreateMutexW
SetFileShortNameW
GlobalUnlock
QueryDosDeviceW
GetComPlusPackageInstallStatus
HeapAlloc
DeleteCriticalSection
GetComputerNameW
EnterCriticalSection
lstrcmpA
SetLocaleInfoW
VirtualAlloc
FreeUserPhysicalPages
SetFilePointerEx
LoadLibraryA
LoadResource
GetUserDefaultUILanguage
EnumSystemLanguageGroupsA
FindAtomW
RemoveVectoredExceptionHandler
WaitForMultipleObjects
ExitProcess
GetProcessTimes
SetConsoleNumberOfCommandsA
LockResource
SetConsoleScreenBufferSize
SetConsoleWindowInfo
CloseProfileUserMapping
Heap32ListFirst
SetSystemTime
ReleaseMutex
ReadFileScatter
GetStartupInfoA
GetCPInfo
BaseInitAppcompatCacheSupport

oleaut32

VarBstrFromI8
VarDateFromUdate
VarI1FromCy
SafeArraySetRecordInfo
VarR8Pow
VarBoolFromDate
VarDateFromR4
SafeArrayGetLBound
SafeArrayCreateVectorEx
SafeArrayCreateVector
VarDecAbs
VarDecFromBool
VarI4FromI1
VarDecFromUI1
VarDateFromStr
VarR8FromDec
VarFormatNumber
VarUI1FromBool
VarUI2FromDec
VarI1FromDate
VarRound
OleCreatePropertyFrame
VarI1FromUI1
VarUI1FromUI2
VarUI2FromCy
VarI8FromUI1
VarCyFromStr

msvcp60

?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@@Z
?_Init@?$ctype@G@std@@IAEXABV_Locinfo@2@@Z
??Pstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIABV12@@Z
?_Stinit@?1??_Init@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXPAU_iobuf@@W4_Initfl@23@@Z@4HA
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??1?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@UAE@XZ
??_F?$complex@N@std@@QAEXXZ
?epsilon@?$numeric_limits@I@std@@SAIXZ
?seekp@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@JW4seekdir@ios_base@2@@Z
??_7?$collate@D@std@@6B@
??0?$moneypunct@G$00@std@@QAE@ABV_Locinfo@1@I@Z
?close@?$messages@D@std@@QBEXH@Z
??4?$numeric_limits@C@std@@QAEAAV01@ABV01@@Z
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPBDH@Z
?insert@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IABV12@@Z
?do_toupper@?$ctype@G@std@@MBEPBGPAGPBG@Z
?_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ
??_Ffacet@locale@std@@QAEXXZ
?ldexp@?$_Ctr@M@std@@SAMMH@Z
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
??_8?$basic_ofstream@DU?$char_traits@D@std@@@std@@7B@
?quiet_NaN@?$numeric_limits@O@std@@SAOXZ
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??4?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@_N@Z
?max@?$numeric_limits@H@std@@SAHXZ
?id@?$numpunct@D@std@@2V0locale@2@A
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@PBDH@Z
_FDtest
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?min@?$numeric_limits@H@std@@SAHXZ
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0?$_Complex_base@O@std@@QAE@ABO0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0ABV?$allocator@D@1@@Z
?do_curr_symbol@?$_Mpunct@D@std@@MBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_7?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
?_Index@ios_base@std@@0HA
?_Fabs@std@@YANABV?$complex@N@1@PAH@Z
?do_thousands_sep@?$numpunct@D@std@@MBEDXZ

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d9745fc4eb65ce3be8ef530bb879c7d2

Headers

DLL Characteristics

File Characteristics

Imports

wldap32

shlwapi

ntmarta

kernel32

oleaut32

msvcp60

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 71KB - Virtual size: 71KB

.data Size: 38KB - Virtual size: 214KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1024B - Virtual size: 912B

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 71KB - Virtual size: 71KB

.data
Size: 38KB - Virtual size: 214KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 912B