21d68d1e76c34a59946da83ce8de043c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

21d68d1e76c34a59946da83ce8de043c_JaffaCakes118
Size

864KB
MD5

21d68d1e76c34a59946da83ce8de043c
SHA1

e88b3aaee0497adcc0a47eecc1f814682aa2efc2
SHA256

4f29aa727a850390f100994a69e40811d362eda1ec707f10745992b232a40395
SHA512

e0618d825dad56b0600851fb6e1d12192bf501de288e75c49356adcd8ea3b84460c179940887d27311d04ace9d1a33da6c8112dc1e11372a8957b8df72add16d
SSDEEP

24576:uC+9Ey5a96prlkv5C5Ocr5P3I3P6Os/DS:f6EYHpP5PY3Pzs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21d68d1e76c34a59946da83ce8de043c_JaffaCakes118

Files

21d68d1e76c34a59946da83ce8de043c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

82209c9c84010c861c9afaa79b6a9721

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msi

MsiSetPropertyW
MsiVerifyPackageW
MsiSummaryInfoPersist
MsiPreviewDialogW
MsiOpenPackageW
MsiRecordSetStreamW
MsiOpenProductW
MsiGetFileHashW
MsiGetFileSignatureInformationW
MsiGetFeatureUsageW
MsiGetTargetPathW
MsiQueryFeatureStateW
MsiViewClose
MsiDoActionW
MsiOpenPackageA
MsiSetInstallLevel
MsiOpenPackageExA
MsiRecordSetStreamA
MsiInstallMissingComponentA
MsiDatabaseImportW
MsiCreateTransformSummaryInfoW
MsiGetTargetPathA
MsiPreviewBillboardA
MsiEnumRelatedProductsW
MsiDatabaseMergeW
MsiEnumClientsA
MsiSequenceW
MsiConfigureProductW
MsiViewGetErrorA

kernel32

GetSystemDefaultLCID
OpenWaitableTimerA
TlsGetValue
IsValidLocale
SetConsoleMaximumWindowSize
CreateMutexW
SetUnhandledExceptionFilter
GetConsoleAliasA
CreateDirectoryA
AddConsoleAliasW
GetProfileStringA
GetLogicalDrives
CreateProcessInternalA
SetTimeZoneInformation
SetLastConsoleEventActive
WriteFileEx
GetNumberFormatW
SystemTimeToFileTime
EndUpdateResourceW
FindFirstFileA
ShowConsoleCursor
WriteProfileSectionW
CreateHardLinkA
LoadLibraryA
VirtualAlloc
SetFileApisToOEM
QueryMemoryResourceNotification
EnterCriticalSection
GetUserDefaultLCID
BaseCheckAppcompatCache
ReadConsoleInputExW
GlobalUnfix
OpenSemaphoreA
AddAtomW
_hread
EnumDateFormatsA
SetThreadIdealProcessor
DuplicateConsoleHandle
LeaveCriticalSection
GetConsoleInputWaitHandle
GetConsoleCP
LockFile
SetUserGeoID
IsDebuggerPresent
SetMessageWaitingIndicator
RegisterWaitForInputIdle
GetCurrentProcessId
FindFirstFileExW
IsValidCodePage
LZOpenFileA

adsldpc

AdsTypeToLdapTypeCopyGeneralizedTime
ChangeSeparator
LdapControlsFree
ADsEncodeBinaryData
UnMarshallLDAPToLDAPSynID
ADsHelperGetCurrentRowMessage
LdapCompareExt
ADSIGetNextColumnName
ADsSetLastError
ADSICloseDSObject
ADsDeleteClassDefinition
ADsEnumAttributes
MapLDAPTypeToADSType
ADsObject
BerBvFree
LdapReadAttributeFast
ADSIGetObjectAttributes
BuildADsParentPathFromObjectInfo
ADSIFreeColumn
LdapTypeBinaryToString
ADSIGetPreviousRow
ADsGetFirstRow
ADSIAbandonSearch
ADsCloseSearchHandle
LdapcKeepHandleAround
LdapTypeToAdsTypeGeneralizedTime
LdapModifyS
LdapGetSubSchemaSubEntryPath
GetDisplayName
LdapParsePageControl
BuildADsParentPathFromObjectInfo2
BuildADsPathFromLDAPPath2
SchemaGetObjectCount
ReadSecurityDescriptorControlType
ADsAbandonSearch
LdapAttributeFree
?SetAtDisabler@CLexer@@QAEXH@Z
GetDefaultServer
LdapTypeToAdsTypeDNWithString
FreeADsMem
ADsCreateDSObjectExt
LdapResult
PathName
ADsWriteAttributeDefinition

msvcrt40

_strnicmp
ldiv
?xalloc@ios@@SAHXZ
??0istrstream@@QAE@PADH@Z
rewind
ftell
??4ios@@IAEAAV0@ABV0@@Z
_putw
?get@istream@@QAEAAV1@PAEHD@Z
??_Eistream@@UAEPAXI@Z
??_7ostrstream@@6B@
_setmaxstdio
?setrwbuf@stdiobuf@@QAEHHH@Z
_adj_fdivr_m32i
_yn
_fullpath
??_Efstream@@UAEPAXI@Z
__set_app_type
?unexpected@@YAXXZ
_mbsstr
strncpy
_execlpe
_osver
??5istream@@QAEAAV0@PAE@Z
_fdopen
?sync@streambuf@@UAEHXZ
_fstati64
_wgetdcwd
?isfx@istream@@QAEXXZ
gmtime
_mbsnbcmp
_ismbchira
??0ostrstream@@QAE@PADHH@Z
??_Dstrstream@@QAEXXZ

avifil32

EditStreamCopy
AVIStreamGetFrameClose
EditStreamClone
IID_IGetFrame
AVIStreamReadData
AVIMakeFileFromStreams
AVIMakeCompressedStream
AVIStreamLength
AVISaveOptionsFree
AVIStreamCreate
AVIStreamSampleToTime
IID_IAVIStream
EditStreamSetNameW
AVIFileInfoA
AVIStreamRelease
AVISaveW
AVIFileCreateStream
AVISave
AVIClearClipboard
AVIStreamGetFrame
AVIFileEndRecord
AVISaveVW
AVIStreamWrite
AVIFileAddRef
AVIBuildFilterA
AVISaveOptions
AVIStreamAddRef
AVIFileCreateStreamW
AVIFileOpenW
AVIPutFileOnClipboard
EditStreamPaste
EditStreamSetInfoA
AVIFileInit
AVISaveVA
AVIFileOpenA

lz32

LZRead
LZDone
LZStart
LZInit
CopyLZFile
LZSeek
LZOpenFileA
LZCloseFile
GetExpandedNameA
LZCopy
LZOpenFileW
LZClose
LZCreateFileW

Sections

.text
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 453KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

82209c9c84010c861c9afaa79b6a9721

Headers

DLL Characteristics

File Characteristics

Imports

msi

kernel32

adsldpc

msvcrt40

avifil32

lz32

Sections

.text Size: 185KB - Virtual size: 185KB

.rdata Size: 223KB - Virtual size: 223KB

.data Size: 453KB - Virtual size: 1.9MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 185KB - Virtual size: 185KB

.rdata
Size: 223KB - Virtual size: 223KB

.data
Size: 453KB - Virtual size: 1.9MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB