2a5264f50620e0fe649082f87a43ff1f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2a5264f50620e0fe649082f87a43ff1f_JaffaCakes118
Size

160KB
MD5

2a5264f50620e0fe649082f87a43ff1f
SHA1

d9ca83eee20a46d5d3dd9d4e7c932140e969ff40
SHA256

a43fb0d725068d4697b8c91e258c70d8cbe0e322b734ba6c6acbdb449233a66a
SHA512

45aa84c46e5144680849bbe1fd27da1813054f9ddf538063a270fbd1ec716813c0fdf5ff88ff8b4d1f110cacf73ef58b7759a3b143e9b54dada93e344f0b86fa
SSDEEP

3072:9miRbEHDFarca56nL9aQkuHOzUn8X7tBz2HOPYr3LSIMKj4ovHg9gq:9miRbGcca56nhaQkuuQ8rbTYz2povHT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a5264f50620e0fe649082f87a43ff1f_JaffaCakes118

Files

2a5264f50620e0fe649082f87a43ff1f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c8e13dc8b598a2068e70cee744884ccc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

I_NetServerAuthenticate3
NetDfsGetDcAddress
NetDfsEnum
NetWkstaUserGetInfo
NetUserGetLocalGroups
NetpwNameCompare
NetpCopyFtinfoContext
I_BrowserResetNetlogonState
NetLocalGroupAddMembers
NetGetDisplayInformationIndex
I_NetServerPasswordGet
NetpCleanFtinfoContext
NetReplImportDirGetInfo
NetMessageNameEnum
DsGetSiteNameA
NetpwPathCompare
NetReplExportDirUnlock
NetLocalGroupSetInfo
NetAlertRaise
NetReplImportDirEnum
I_BrowserQueryStatistics
NetGroupGetInfo
I_NetServerSetServiceBits
NetServiceInstall
NetServiceControl
NetConnectionEnum
NetpCloseConfigData
DsGetDcSiteCoverageW
NetServerTransportAdd
NetGetJoinableOUs
NetUserGetGroups
NetUnjoinDomain
I_NetServerGetTrustInfo
NetReplImportDirLock
NetFileGetInfo
DsGetForestTrustInformationW
NetLocalGroupAdd
DsEnumerateDomainTrustsA
DsGetDcNameW
NetGroupAdd
NetApiBufferSize
NetpwPathCanonicalize
I_NetLogonUasLogon
NetpGetConfigValue
NetUserGetInfo
NetLocalGroupAddMember
NetReplExportDirSetInfo
RxNetAccessDel
NetReplImportDirAdd
I_NetlogonComputeServerDigest
NetServerTransportDel
NetServerSetInfo
NetpSetFileSecurity
RxNetAccessAdd

advapi32

LsaClearAuditLog
LsaQueryInformationPolicy
SystemFunction005
SaferGetPolicyInformation
CredWriteW
LsaLookupNames2
QueryServiceConfig2W
LsaNtStatusToWinError
ElfBackupEventLogFileA
AddAuditAccessAce
AbortSystemShutdownA
LsaQueryDomainInformationPolicy
CryptHashSessionKey
SystemFunction023
LsaOpenSecret
SystemFunction017
MakeAbsoluteSD
LogonUserA
ObjectDeleteAuditAlarmA
SystemFunction008
ClearEventLogW
WmiQuerySingleInstanceW
GetSecurityDescriptorOwner
SetSecurityDescriptorDacl
ConvertSidToStringSidW
ImpersonateSelf
GetMultipleTrusteeOperationA
ConvertSDToStringSDRootDomainW
BuildExplicitAccessWithNameA
RegUnLoadKeyA
LogonUserExA
GetCurrentHwProfileW
AccessCheckByTypeResultList
LsaOpenTrustedDomainByName
CryptSetProviderA
ElfReadEventLogW
GetNamedSecurityInfoExA
RegDeleteValueA
CloseServiceHandle
SetSecurityDescriptorGroup
SaferCloseLevel
LookupSecurityDescriptorPartsA
GetEffectiveRightsFromAclW
CancelOverlappedAccess
LsaStorePrivateData
GetTrusteeFormW
UpdateTraceA
IsTextUnicode
DuplicateTokenEx
CredGetTargetInfoA
AreAllAccessesGranted
RegCreateKeyExA
SaferiPopulateDefaultsInRegistry
CreateCodeAuthzLevel
SetUserFileEncryptionKey
BuildSecurityDescriptorA
GetLocalManagedApplicationData
InitializeSecurityDescriptor
RegEnumKeyW
RegEnumKeyA
CreateProcessAsUserW
LsaSetTrustedDomainInfoByName
BuildTrusteeWithNameA
CheckTokenMembership
ReportEventW
LsaOpenPolicySce
WmiReceiveNotificationsA
ConvertSecurityDescriptorToStringSecurityDescriptorW
RegSetValueExA
SystemFunction033
SaferiCompareTokenLevels
CloseEventLog
GetUserNameW
EqualSid
LsaOpenTrustedDomain

pdh

PdhTranslate009CounterW
PdhCollectQueryDataEx
PdhGetFormattedCounterArrayW
PdhParseInstanceNameA
PdhEnumObjectItemsA
PdhGetDefaultPerfCounterW
PdhOpenLogW
PdhGetLogFileTypeA
PdhBrowseCountersA
PdhEnumMachinesHW
PdhEnumMachinesW
PdhVbCreateCounterPathList
PdhEnumObjectsA
PdhSetCounterScaleFactor
PdhEnumObjectItemsHA
PdhLookupPerfNameByIndexW
PdhVbGetCounterPathFromList
PdhGetDataSourceTimeRangeA
PdhReadRawLogRecord
PdhGetDefaultPerfObjectHA
PdhEnumMachinesHA
PdhSetDefaultRealTimeDataSource
PdhRelogA
PdhVbOpenLog
PdhGetDefaultPerfObjectHW
PdhOpenLogA
PdhCreateSQLTablesA
PdhTranslate009CounterA
PdhVbGetCounterPathElements
PdhVbAddCounter
PdhBrowseCountersHW
PdhBindInputDataSourceA
PdhSelectDataSourceA
PdhVerifySQLDBA
PdhOpenQueryH
PdhAddCounterA
PdhGetDefaultPerfCounterHA
PdhCreateSQLTablesW
PdhValidatePathW
PdhVerifySQLDBW
PdhComputeCounterStatistics
PdhAdd009CounterA
PdhEnumLogSetNamesA
PdhVbUpdateLog

kernel32

CreateNamedPipeA
ConnectNamedPipe
LocalAlloc
Process32Next
GetNumaHighestNodeNumber
SetConsoleOutputCP
ReadProcessMemory
GetProcessWorkingSetSize
GetTempPathA
FoldStringW
GetLogicalDrives
ExitVDM
GetModuleHandleW
WaitForDebugEvent
HeapReAlloc
SetConsoleCursor
GetCurrentThreadId
LocalSize
WaitCommEvent
SetConsoleTitleW
GlobalMemoryStatus
DeleteFileA
ExpungeConsoleCommandHistoryA
LoadResource
GetVolumeInformationW
EnumCalendarInfoExA
WriteTapemark
IsBadHugeWritePtr
LoadLibraryA
FatalExit
EnumSystemLocalesA
InvalidateConsoleDIBits
VirtualAlloc
OpenProcess
SetCommConfig
GetCurrencyFormatW
DebugActiveProcess
SetTapeParameters
GetNamedPipeHandleStateW
_lread
FindActCtxSectionStringW
IsBadStringPtrA
GetTempFileNameW
WriteConsoleOutputCharacterA
ReplaceFile

msdart

?ReadLock@CCritSec@@QAEXXZ
?sm_pfnSetCriticalSectionSpinCount@CCriticalSection@@0P6GKPAU_RTL_CRITICAL_SECTION@@K@ZA
??4CLockedDoubleList@@QAEAAV0@ABV0@@Z
?WriteLock@CReaderWriterLock3@@QAEXXZ
?_TryReadLockRecursive@CReaderWriterLock3@@AAE_NXZ
?sm_dblDfltSpinAdjFctr@CReaderWriterLock3@@1NA
?SetSpinCount@CSpinLock@@QAE_NG@Z
?WriteLock@CReaderWriterLock@@QAEXXZ
??4CSmallSpinLock@@QAEAAV0@ABV0@@Z
??0CDoubleList@@QAE@XZ
?_BucketAddress@CLKRLinearHashTable@@ABEKK@Z
?ReadOrWriteUnlock@CSpinLock@@QAEX_N@Z
?GetDefaultSpinCount@CFakeLock@@SGGXZ
?sm_dblDfltSpinAdjFctr@CReaderWriterLock2@@1NA
?ConvertExclusiveToShared@CSmallSpinLock@@QAEXXZ
??0CReaderWriterLock2@@QAE@XZ
?ReadLock@CLKRHashTable@@QBEXXZ
?ReadUnlock@CReaderWriterLock2@@QAEXXZ
?_LockSpin@CSpinLock@@AAEXXZ
?IsWriteLocked@CReaderWriterLock@@QBE_NXZ
?_CmpExch@CReaderWriterLock@@AAE_NJJ@Z
?TryWriteLock@CSmallSpinLock@@QAE_NXZ
??4CReaderWriterLock3@@QAEAAV0@ABV0@@Z
?SetSpinCount@CReaderWriterLock2@@QAE_NG@Z
?sm_dblDfltSpinAdjFctr@CReaderWriterLock@@1NA
FXMemAttach
?IsUnlocked@CLockedSingleList@@QBE_NXZ
?IsValid@CLKRLinearHashTable@@QBE_NXZ
?ReleaseVersionInfo@CMdVersionInfo@@SAXXZ
MpHeapSize
?WriteUnlock@CLKRHashTable@@QBEXXZ
?Lock@CLockedSingleList@@QAEXXZ
?GetDefaultSpinAdjustmentFactor@CReaderWriterLock3@@SGNXZ
?Unlock@CLockedDoubleList@@QAEXXZ

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 105KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c8e13dc8b598a2068e70cee744884ccc

Headers

DLL Characteristics

File Characteristics

Imports

netapi32

advapi32

pdh

kernel32

msdart

Sections

.text Size: 35KB - Virtual size: 35KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 105KB - Virtual size: 194KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 900B

.text
Size: 35KB - Virtual size: 35KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 105KB - Virtual size: 194KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 900B