21c25f549201665029e44336cd637a56_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

21c25f549201665029e44336cd637a56_JaffaCakes118
Size

429KB
MD5

21c25f549201665029e44336cd637a56
SHA1

dfb4ab069a98cee7e9af4f0f8b42d4e9c3c38f11
SHA256

ce5590c06129a4922e18bb70004facb9acfef8ccefaaf79eb0ae03930ce052bd
SHA512

a64a5e14bd669c181c114664eda3b44d5828df3b58c4afbd6fef923a0e411f72861271bb58c87ff40064830d3320ae08fc2b675f828cb2d43546096107ecca2c
SSDEEP

12288:BBZkKxKZvHlfVdA/GMOa/QL2/hnfux2zEkcPrO/x4Cdh4:BB2s0lfvAui/ZVfu8zBV/x44

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21c25f549201665029e44336cd637a56_JaffaCakes118

Files

21c25f549201665029e44336cd637a56_JaffaCakes118
.exe windows:4 windows x86 arch:x86

88a1f2200439a2a0d78efd2af7a05ad5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetFileAttributesA
GetModuleFileNameA
WideCharToMultiByte
lstrcmpiW
DeleteCriticalSection
GlobalSize
GetShortPathNameA
LoadResource
GetLastError
IsBadReadPtr
SearchPathA
SetEndOfFile
TlsAlloc
_lread
_lwrite
lstrcpyA
GetStringTypeA
FreeLibrary
FindClose
LCMapStringA
FindResourceA
GetCurrentProcessId
TerminateProcess
MultiByteToWideChar
FileTimeToLocalFileTime
MoveFileA
InterlockedIncrement
GetStartupInfoA
GetACP
GlobalDeleteAtom
GlobalAddAtomA
Sleep
CreateProcessW
FindFirstFileA
FormatMessageA
GetSystemTime
GlobalUnlock
GetTickCount
TlsGetValue
FileTimeToSystemTime
UnhandledExceptionFilter
GetModuleHandleA
GetSystemDefaultLCID
HeapFree
GetVersionExA
FindNextFileA
SystemTimeToFileTime
GetStringTypeExA
GetTempFileNameA
GetCurrentProcess
LoadLibraryExA
GetStringTypeW
DuplicateHandle
CompareStringW
HeapAlloc
RemoveDirectoryA
SetStdHandle
InterlockedDecrement
VirtualFree
CloseHandle
GetOEMCP
GetCommandLineA
GetFullPathNameA
GetCurrentThreadId
HeapCreate
GlobalReAlloc
GetProfileStringA
GetModuleFileNameW
DeleteFileA
GetCPInfo
GetExitCodeProcess
CompareStringA
ExitProcess
GetEnvironmentStringsW
IsDBCSLeadByte
GetSystemDefaultLangID
FlushFileBuffers
GlobalLock
ResumeThread
SetCurrentDirectoryA
InitializeCriticalSection
GetDriveTypeA
SetFilePointer
ReleaseSemaphore
SetFileTime
CreateFileA
SetEvent
GetFileType
CreateEventA
CreateDirectoryA
lstrcmpiA
IsBadCodePtr
TlsFree
GetTimeZoneInformation
CreateSemaphoreA
TlsSetValue
GetEnvironmentStrings
FormatMessageW
GetLocaleInfoA
FreeEnvironmentStringsW
GetCurrentDirectoryA
LockFile
WinExec
LeaveCriticalSection
HeapReAlloc
ExitThread
UnlockFile
GlobalAlloc
lstrcpynA
SetEnvironmentVariableA
GetStdHandle
VirtualProtect
lstrcatA
_llseek
SetHandleCount
MulDiv
EnterCriticalSection
GlobalFree
ReadFile
CreateProcessA
VirtualQuery
LockResource
FreeEnvironmentStringsA
GetLocalTime
HeapDestroy
HeapSize
GetVersion
GetDateFormatA
RtlUnwind
CreateThread
FlushInstructionCache
SetFileAttributesA
WaitForSingleObject
RaiseException
OpenProcess
GetTempPathA
LCMapStringW
SetLastError
LoadLibraryA
GetUserDefaultLCID
SizeofResource
SetLocalTime
GetVolumeInformationA
GetWindowsDirectoryA
GetUserDefaultLangID
GetSystemInfo
_lclose
lstrlenA
GetSystemDirectoryA
WriteFile
GetFileTime
SetErrorMode
VirtualAlloc
GlobalHandle
FreeResource
lstrcmpA

ddraw

DirectDrawEnumerateA

ws2_32

setsockopt

advapi32

SetSecurityDescriptorDacl
RegDeleteValueA
RegisterEventSourceA
RegSetValueExW
RegOpenKeyExA
InitializeSecurityDescriptor
RegOpenKeyA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
RegOpenKeyW
RegQueryValueA
RegCreateKeyW
RegQueryInfoKeyA
RegCreateKeyA
DeregisterEventSource
RegDeleteKeyA
RegQueryValueExW
RegSetValueA
RegEnumValueW
RegDeleteKeyW
RegEnumKeyA
RegEnumValueA
RegEnumKeyW
AdjustTokenPrivileges
RegSetValueExA
ReportEventA
RegDeleteValueW
RegQueryValueExA

user32

DdeCmpStringHandles
DdeCreateDataHandle
EnumThreadWindows
GetFocus
DdeQueryConvInfo
BeginPaint
GetMenuItemCount
DdeConnect
CharUpperBuffW
OpenClipboard
FindWindowA
TabbedTextOutA
ModifyMenuA
LoadStringA
CreatePopupMenu
TranslateMessage
PtInRect
GetCursorPos
CloseClipboard
WindowFromPoint
CharUpperBuffA
GetClassInfoA
EndDialog
ShowCursor
OffsetRect
CheckMenuItem
DestroyIcon
GetUpdateRect
DdeUninitialize
RemovePropA
RemoveMenu
GetWindowThreadProcessId
HideCaret
DefMDIChildProcA
GetClipboardFormatNameA

samlib

SamRemoveMultipleMembersFromAlias
SamConnectWithCreds

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 133KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

88a1f2200439a2a0d78efd2af7a05ad5

Headers

File Characteristics

Imports

kernel32

ddraw

ws2_32

advapi32

user32

samlib

Sections

.text Size: 1KB - Virtual size: 1KB

.idata Size: 6KB - Virtual size: 5KB

.rdata Size: 177KB - Virtual size: 177KB

.data Size: 133KB - Virtual size: 1.6MB

.rsrc Size: 109KB - Virtual size: 109KB

.text
Size: 1KB - Virtual size: 1KB

.idata
Size: 6KB - Virtual size: 5KB

.rdata
Size: 177KB - Virtual size: 177KB

.data
Size: 133KB - Virtual size: 1.6MB

.rsrc
Size: 109KB - Virtual size: 109KB