2162d106b649a840c20e104cfb66c8b5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2162d106b649a840c20e104cfb66c8b5_JaffaCakes118
Size

823KB
MD5

2162d106b649a840c20e104cfb66c8b5
SHA1

cb6a03bb4b9b0c4792d9b4d0462c7f4df6165219
SHA256

7e1a505efa0c3b64f8aed215cdb39193c9b76be3dbff69d2e2a1790e1a8bc91b
SHA512

24f9efae5294fb4c5a72d0801612945ca7a96b4ae93a396d365eccc51144d3bbe3f58c46f72496f5645a858a85474f21b80b7f707df2e681ebc256db4c34b96b
SSDEEP

24576:Of9Ey2bQL1ou/uTFfyfBDVd9pRqZcq22eIzv6:w9Ey4aXsFf2BDVtRqZcqNz6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2162d106b649a840c20e104cfb66c8b5_JaffaCakes118

Files

2162d106b649a840c20e104cfb66c8b5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

178c5f02ea8ac6688b63daec02db1241

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcns4

I_RpcNsNegotiateTransferSyntax
RpcNsEntryExpandNameA
RpcNsMgmtSetExpAge
RpcNsBindingExportW
I_RpcReBindBuffer
RpcNsProfileEltInqBeginA
RpcNsGroupMbrInqBeginW
RpcNsGroupDeleteA
RpcNsEntryObjectInqDone
RpcNsBindingUnexportA
RpcNsGroupMbrRemoveA
RpcNsBindingExportA
I_RpcNsSendReceive
RpcNsBindingUnexportPnPA
RpcNsGroupMbrInqDone
RpcIfIdVectorFree
RpcNsBindingLookupNext
I_RpcNsRaiseException
RpcNsMgmtEntryInqIfIdsA
RpcNsMgmtHandleSetExpAge
RpcNsBindingImportDone
RpcNsBindingUnexportPnPW
RpcNsMgmtEntryDeleteA
RpcNsProfileEltAddA
RpcNsBindingImportNext
RpcNsEntryObjectInqNext
RpcNsProfileEltRemoveA
RpcNsBindingImportBeginW
RpcNsEntryObjectInqBeginA

kernel32

EnumSystemLanguageGroupsA
CreateProcessInternalA
VirtualAlloc
SetEndOfFile
AddRefActCtx
GetStartupInfoA
QueueUserAPC
FreeLibraryAndExitThread
VirtualFreeEx
GetLogicalDriveStringsW
DeleteTimerQueueTimer
LoadLibraryA
GlobalLock
IsBadWritePtr
VirtualFree
SetConsoleNumberOfCommandsA
GetProfileIntW
SetVolumeMountPointA
CreateJobObjectW
CancelDeviceWakeupRequest
GlobalAddAtomW
WriteProcessMemory
GetDriveTypeA
IsValidLocale
TryEnterCriticalSection
Beep
GetQueuedCompletionStatus
GetSystemInfo
CreateMailslotA
UnhandledExceptionFilter
TlsAlloc
LockResource
WriteConsoleInputW
SetConsoleNlsMode
GetCommConfig
QueryMemoryResourceNotification
ScrollConsoleScreenBufferA

expsrv

__vbaAryRebase1Var
rtcCos
__vbaFreeVar
__vbaMidStmtBstr
__vbaVargObj
rtcBeep
rtcSetFileAttr
rtcGetTimeValue
rtcIsArray
rtcGetObject
rtcEnvironBstr
rtcMidCharBstr
_adj_fdiv_m32
__vbaI2I4
__vbaVarTextCmpLe
PutMemVar
rtcSendKeys
__vbaStrAryToAnsi
rtcVarFromError
rtcBstrFromByte
__vbaLineInputVar
__vbaNextEachCollAd
Zombie_GetIDsOfNames
__vbaVargVarCopy
rtcStrReverse
EbSetContextWorkerThread
rtcR8ValFromBstr
rtcFixVar
rtcCharValueBstr
TipInvokeMethod
__vbaVar2Vec

snmpapi

SnmpUtilVarBindFree
SnmpSvcSetLogLevel
SnmpUtilAnsiToUnicode
SnmpTfxQuery
SnmpUtilOidCmp
SnmpUtilDbgPrint
SnmpUtilVarBindListCpy
SnmpTfxClose
SnmpUtilMemReAlloc
SnmpSvcInitUptime
SnmpSvcGetUptimeFromTime
SnmpUtilOctetsFree
SnmpUtilPrintAsnAny
SnmpUtilUnicodeToAnsi
SnmpUtilOidCpy
SnmpUtilOidToA
SnmpUtilAsnAnyCpy
SnmpUtilAsnAnyFree
SnmpUtilMemAlloc
SnmpSvcSetLogType
SnmpUtilUnicodeToUTF8
SnmpUtilVarBindCpy
SnmpUtilOidNCmp
SnmpUtilOctetsCmp
SnmpUtilOctetsNCmp
SnmpTfxOpen
SnmpUtilIdsToA
SnmpUtilOidAppend
SnmpUtilOctetsCpy
SnmpSvcAddrIsIpx
SnmpSvcAddrToSocket
SnmpUtilMemFree
SnmpUtilUTF8ToUnicode
SnmpSvcGetUptime
SnmpUtilOidFree
SnmpUtilVarBindListFree
SnmpSvcGetEnterpriseOID
SnmpUtilPrintOid

rasdlg

RasSrvCleanupService
GetRasDialOutProtocols
RasEntryDlgA
RasDialDlgW
RasPhonebookDlgA
RasDialDlgA
RasUserEnableManualDial
RasUserGetManualDial
RasSrvIsConnectionConnected
RouterEntryDlgW
RasAutodialQueryDlgA
DwTerminalDlg
RasSrvAddPropPages
RasUserPrefsDlg
RasSrvInitializeService
RasSrvIsServiceRunning
RouterEntryDlgA
RasSrvHangupConnection
RasAutodialQueryDlgW
RasPhonebookDlgW
RasSrvEnumConnections
RasSrvAllowConnectionsConfig
RasEntryDlgW

ntdll

RtlQueryInformationActivationContext
RtlAppendUnicodeToString
ZwClearEvent
RtlLocalTimeToSystemTime
RtlImageDirectoryEntryToData
RtlSetLastWin32Error
NtRemoveProcessDebug
RtlAreBitsSet
RtlEnlargedIntegerMultiply
NtDeviceIoControlFile
ZwOpenKeyedEvent
NtCreateSection
RtlApplyRXactNoFlush
ZwPrivilegeObjectAuditAlarm
RtlFreeSid
NtLockProductActivationKeys
NtCancelTimer
NtSetHighEventPair
ZwSetInformationDebugObject
ZwTerminateProcess
sin
_allshr
ZwCreateProcessEx
RtlAppendUnicodeStringToString
RtlOemToUnicodeN
LdrAccessResource
NtCompactKeys

rpcrt4

NdrFullPointerXlatFree
I_RpcGetBuffer
tree_into_ndr
RpcServerYield
I_RpcSendReceive
RpcStringFreeW
I_RpcBindingToStaticStringBindingW
RpcImpersonateClient
NdrUserMarshalUnmarshall
RpcEpRegisterNoReplaceW
RpcAsyncGetCallStatus
RpcSmSetClientAllocFree
RpcAsyncRegisterInfo
RpcEpRegisterA
NdrComplexStructMarshall
RpcProtseqVectorFreeW
NdrpReleaseTypeFormatString
NdrInterfacePointerUnmarshall
NdrRpcSsEnableAllocate
RpcMgmtEpUnregister
I_RpcServerSetAddressChangeFn
RpcSsDisableAllocate
RpcServerRegisterIfEx
NdrMapCommAndFaultStatus
RpcObjectSetInqFn
I_RpcNsInterfaceExported
NdrConformantVaryingStructUnmarshall
NdrXmitOrRepAsUnmarshall
RpcServerUseProtseqIfA
I_UuidCreate
NdrTypeFree
RpcErrorClearInformation
NdrServerMarshall

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 210KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 580KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

178c5f02ea8ac6688b63daec02db1241

Headers

DLL Characteristics

File Characteristics

Imports

rpcns4

kernel32

expsrv

snmpapi

rasdlg

ntdll

rpcrt4

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 210KB - Virtual size: 209KB

.data Size: 580KB - Virtual size: 1.9MB

.tls Size: 512B - Virtual size: 4B

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 512B - Virtual size: 232B

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 210KB - Virtual size: 209KB

.data
Size: 580KB - Virtual size: 1.9MB

.tls
Size: 512B - Virtual size: 4B

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 512B - Virtual size: 232B