22752543ad8379b7288f0c311c49ee71_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

22752543ad8379b7288f0c311c49ee71_JaffaCakes118
Size

129KB
MD5

22752543ad8379b7288f0c311c49ee71
SHA1

2178d00f3fc3a1ceea3ae0b98309305b1316a6f2
SHA256

ca92f24913f7f1c4c598748e3040b781c31324d5a64f9dbb7e1e9c436be06dfb
SHA512

679789be8b4a9d33027ae2fe446cf2f8c642e48ab1e103f399a5d6232fe5fb8a2a37d089f94590879f07e28a486c01015b6c11a2dd2336f7a816fc7fc6061535
SSDEEP

3072:QKUff4kojUMMnMMMMMX7I7DPQUWmjWGKB9hh99FFBRhh9gckCQva//5Kuqm3rKp5:tIMMnMMMMMa2mjWGKB9hh99FFBRhh9gJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
22752543ad8379b7288f0c311c49ee71_JaffaCakes118

Files

22752543ad8379b7288f0c311c49ee71_JaffaCakes118
.exe windows:4 windows x86 arch:x86

987bd1cdfed9a2e044ad06bc4658d477

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msi

MsiDatabaseCommit
MsiConfigureFeatureW
MsiCollectUserInfoW

user32

CallMsgFilterA

samlib

SamiEncryptPasswords
SamConnectWithCreds
SamRemoveMultipleMembersFromAlias
SamTestPrivateFunctionsUser

kernel32

VirtualAlloc

ntdll

RtlLeaveCriticalSection
NtOpenProcess
NtSetInformationProcess
LdrGetDllHandle
memmove
LdrLoadDll
NtTerminateThread
NtMakePermanentObject
RtlQueryRegistryValues
LdrUnloadDll
swprintf
RtlAllocateAndInitializeSid
_snwprintf
RtlOpenCurrentUser
NtSetInformationObject
NtMakeTemporaryObject
wcscat
NtQueryInformationProcess
NtQuerySystemInformation
NtResetEvent
wcscpy
NtQuerySymbolicLinkObject
NtQueryDefaultLocale
NtDuplicateObject
NtOpenSymbolicLinkObject
NtQueryObject
DbgBreakPoint
RtlCopyUnicodeString
RtlEnterCriticalSection
NtOpenProcessToken
NtOpenThreadToken
RtlSetDaclSecurityDescriptor
RtlUpcaseUnicodeChar
RtlEqualUnicodeString
RtlFreeSid
RtlInitializeCriticalSectionAndSpinCount
RtlCreateUserThread
NtOpenKey
RtlCreateSecurityDescriptor
RtlAnsiStringToUnicodeString
NtCreateSection
DbgPrint
RtlCreateTagHeap
RtlCompareUnicodeString
RtlEqualSid
LdrGetProcedureAddress
RtlPrefixUnicodeString
RtlExpandEnvironmentStrings_U
RtlAppendUnicodeStringToString
wcslen
RtlInitString
wcsncpy
strstr
NtSetEvent
NtCreateDirectoryObject
NtCreateSemaphore
_wcsicmp
RtlCreateUnicodeString
NtClose
_wcsnicmp
NtQueryInformationToken
NtCreateSymbolicLinkObject
NtOpenThread
NtNotifyChangeKey
RtlCharToInteger
NtSetValueKey
RtlCopyLuid
RtlInitializeCriticalSection
NtQueryValueKey
NtCreateEvent

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 872KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 349KB - Virtual size: 349KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

987bd1cdfed9a2e044ad06bc4658d477

Headers

DLL Characteristics

File Characteristics

Imports

msi

user32

samlib

kernel32

ntdll

Sections

.text Size: 1KB - Virtual size: 1KB

.data Size: 12KB - Virtual size: 872KB

.idata Size: 2KB - Virtual size: 2KB

.rsrc Size: 349KB - Virtual size: 349KB

.rdata Size: 55KB - Virtual size: 55KB

.reloc Size: 512B - Virtual size: 64B

.text
Size: 1KB - Virtual size: 1KB

.data
Size: 12KB - Virtual size: 872KB

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 349KB - Virtual size: 349KB

.rdata
Size: 55KB - Virtual size: 55KB

.reloc
Size: 512B - Virtual size: 64B