2ad5d0e8cbff452638b156854d254e88_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2ad5d0e8cbff452638b156854d254e88_JaffaCakes118
Size

1.2MB
MD5

2ad5d0e8cbff452638b156854d254e88
SHA1

8caf42b9e4a817ae7529d5abce312d56ff2edf95
SHA256

7e00536edb57268daf932a8c6d682e3c1979ac3001c59e164fb6a0e1d4faa4a7
SHA512

70bdd4f8d2ec40a4d1de510677a04ce88436b510dee252fd5abb45ce465d166a4e66dc047f8387b840b62b36b5befacaf3daebce45447a7f41a36e44b338bee4
SSDEEP

24576:juKKXSe2s/eUaW6jevlXmrnWYGs7OJADqykMPGw2RlGtIY:juKKB2sjaWIeVWss7xqTMPv2RstIY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ad5d0e8cbff452638b156854d254e88_JaffaCakes118

Files

2ad5d0e8cbff452638b156854d254e88_JaffaCakes118
.exe windows:1 windows x86 arch:x86

09e227e4664be5e9518d2aeeb34978b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

ShowWindow
CreateWindowExA
DispatchMessageA
SendMessageA
RegisterClassA
DefWindowProcA
TranslateMessage
BeginPaint
GetMessageA
UpdateWindow
DestroyWindow
EndPaint

adsldpc

BuildLDAPPathFromADsPath2
ADsCreateAttributeDefinition
ADSICloseSearchHandle
LdapCloseObject
SchemaAddRef
LdapOpenObject2
LdapFirstAttribute
AdsTypeToLdapTypeCopyConstruct
ADSIOpenDSObject
LdapSearchInitPage
LdapAddS
LdapControlsFree
LdapcKeepHandleAround
ADsDeleteDSObject
LdapSearchST
ADSIGetObjectAttributes
ADSIGetNextRow
ADsWriteAttributeDefinition
BerBvFree
BuildADsParentPathFromObjectInfo
LdapGetDn
ReadPagingSupportedAttr
MapADSTypeToLDAPType
SchemaGetPropertyInfo
LdapValueFreeLen
LdapModDnS
LdapTypeToAdsTypeDNWithBinary
BuildADsParentPath
ADSICreateDSObject
LdapResult
ADsGetLastError
LdapReadAttribute2
SchemaGetStringsFromStringTable
ADsGetFirstRow
LdapMsgFree
LdapDeleteExtS
ADSIGetNextColumnName
LdapGetNextPageS

kernel32

ReleaseMutex
SetEnvironmentVariableA
TransactNamedPipe
LeaveCriticalSection
HeapFree
VirtualAlloc
SetNamedPipeHandleState
HeapQueryInformation
GetLocalTime
GetProcessHeap
HeapCreate
HeapDestroy
WriteFileGather
InitializeCriticalSection
ConnectNamedPipe
GetSystemTime
PeekNamedPipe
CreateMutexA
lstrcmpiA
CreateNamedPipeA
SetFilePointer
lstrcpynA
HeapAlloc
CloseHandle
OpenMutexA
ReadFile
lstrcatA
GetFileTime
EnterCriticalSection
WaitForMultipleObjects
GetFirmwareEnvironmentVariableA
GetFileAttributesExA
WriteFileEx
CreateFileA
ExitProcess
GetLastError
SystemTimeToFileTime
HeapSetInformation
VirtualFree
HeapReAlloc

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09e227e4664be5e9518d2aeeb34978b0

Headers

DLL Characteristics

File Characteristics

Imports

user32

adsldpc

kernel32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.data Size: 24KB - Virtual size: 23KB

.rsrc Size: 32KB - Virtual size: 3.0MB

.text
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 24KB - Virtual size: 23KB

.rsrc
Size: 32KB - Virtual size: 3.0MB