2b6ff8cc1453c8ba1e604feae9f9bfc8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2b6ff8cc1453c8ba1e604feae9f9bfc8_JaffaCakes118
Size

182KB
MD5

2b6ff8cc1453c8ba1e604feae9f9bfc8
SHA1

9b0b9b54afdc4ff8c1ce8c095c58b73731b1aba2
SHA256

d03acc92e3c535bbf851c68324522ffbeefa10089f80e9ebe0150b51c80ea968
SHA512

79dba672ddce9a233d2988533fca6d2d6cf71dd50a9d0031e80caa76972af6f5aed56142db1142739ed156907e8b69ebaaccb6688c7e440efc82815a5ba0ae7d
SSDEEP

3072:54w2aJF+su7sJGPZKpGuMC6YQETOjzpI6gUXaZlMRCa5kuI5MD:W1IF+suKQZYGuMC+I5WanMR9pIi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b6ff8cc1453c8ba1e604feae9f9bfc8_JaffaCakes118

Files

2b6ff8cc1453c8ba1e604feae9f9bfc8_JaffaCakes118
.dll windows:6 windows x86 arch:x86

5d03eee2c2ba38ed383375ffe31b3195

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

adsldp.pdb

Imports

msvcrt

_purecall
_except_handler4_common
_adjust_fdiv
_amsg_exit
_initterm
free
malloc
_XcptFilter
_wtoi64
wcstok
swscanf_s
_wtol
_ltow
_itow_s
_wcslwr
wcsstr
_wcsnicmp
qsort
wcschr
memcpy
wcscpy_s
memset
_wcsicmp
swprintf_s
wcscat_s
wcsncpy_s

activeds

ord3
ord31
ord25
ord22
ord26
ord27
ord28
ord16
ord12
ord17
ord18
ord15
ord14
ord7

adsldpc

ADSIPrint
AdsTypeToLdapTypeCopyTime
AdsTypeToLdapTypeCopyGeneralizedTime
AdsTypeToLdapTypeCopyDNWithBinary
AdsTypeToLdapTypeCopyDNWithString
LdapTypeToAdsTypeUTCTime
LdapTypeToAdsTypeGeneralizedTime
LdapTypeToAdsTypeDNWithBinary
LdapGetDn
LdapTypeFreeLdapModList
LdapTypeCopyConstruct
LdapValueFreeLen
UnMarshallLDAPToLDAPSynID
LdapNextAttribute
LdapAttributeFree
LdapFirstAttribute
LdapTypeFreeLdapModObject
LdapModifyExtS
ReadSecurityDescriptorControlType
ReadServerSupportsIsADAMControl
ReadServerSupportsIsADControl
LdapAddExtS
LdapDeleteS
GetServerAndPort
AdsTypeFreeAdsObjects
AdsTypeToLdapTypeCopyConstruct
LdapTypeToAdsTypeCopyConstruct
LdapDeleteExtS
LdapcSetStickyServer
BerEncodingQuotaControl
?SetFSlashDisabler@CLexer@@QAEXH@Z
BuildADsParentPathFromObjectInfo2
GetLDAPTypeName
LdapInitializeSearchPreferences
LdapTypeBinaryToString
MapLDAPTypeToADSType
MapADSTypeToLDAPType
ADsSetObjectAttributes
ADsGetObjectAttributes
ADsDeleteDSObject
ADsCreateDSObjectExt
ADsSetSearchPreference
ADsExecuteSearch
ADsAbandonSearch
ADsCloseSearchHandle
ADsGetFirstRow
ADsGetNextRow
ADsGetPreviousRow
ADsGetColumn
ADsGetNextColumnName
ADsFreeColumn
ADsEnumAttributes
ADsCreateAttributeDefinition
ADsWriteAttributeDefinition
ADsDeleteAttributeDefinition
ADsEnumClasses
ADsCreateClassDefinition
ADsWriteClassDefinition
ADsDeleteClassDefinition
LdapcKeepHandleAround
LdapGetSyntaxIdOfAttribute
LdapCacheAddRef
ADsHelperGetCurrentRowMessage
BuildADsPathFromParent
LdapSearchAbandonPage
LdapModDnS
LdapNextEntry
LdapMemFree
ReadPagingSupportedAttr
LdapSearchInitPage
LdapSearchExtS
LdapGetNextPageS
GetDefaultServer
LdapOpenObject2
LdapReadAttributeFast
BuildADsPathFromLDAPPath2
BuildADsParentPath
IsGCNamespace
GetDisplayName
??0CLexer@@QAE@XZ
?InitializePath@CLexer@@QAEJPAG@Z
InitObjectInfo
?SetAtDisabler@CLexer@@QAEXH@Z
Component
??1CLexer@@QAE@XZ
PathName
?GetNextToken@CLexer@@QAEJPAGPAK@Z
SchemaGetObjectCount
SchemaGetPropertyInfoByIndex
SchemaGetClassInfoByIndex
SchemaAddRef
SchemaGetPropertyInfo
SchemaOpen
SchemaGetClassInfo
LdapModifyS
LdapReadAttribute
LdapAddS
SchemaClose
FindEntryInSearchTable
intcmp
FindSearchTableIndex
SortAndRemoveDuplicateOIDs
LdapOpenObject
LdapSearchS
LdapCountEntries
LdapFirstEntry
LdapGetValues
LdapCloseObject
LdapMsgFree
LdapValueFree
SchemaGetStringsFromStringTable
LdapGetSyntaxOfAttributeOnServer
SchemaGetSyntaxOfAttribute
BuildLDAPPathFromADsPath2
LdapMakeSchemaCacheObsolete
LdapGetSubSchemaSubEntryPath
LdapGetSchemaObjectCount
LdapTypeFreeLdapObjects
ADsObject
FreeObjectInfo
LdapTypeToAdsTypeDNWithString
LdapRenameExtS

wldap32

ord54
ord12
ord53

netapi32

NetApiBufferFree

ole32

CreatePointerMoniker
CLSIDFromString
CoTaskMemFree
StringFromGUID2
IIDFromString
StringFromCLSID
CoCreateInstance

advapi32

RegCloseKey
RegOpenKeyExW
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
RegQueryValueExW
RegEnumKeyExW
SystemFunction040
SystemFunction041
RegSetValueExW

kernel32

LoadLibraryW
FreeLibrary
LeaveCriticalSection
GetLastError
GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
FormatMessageW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
InterlockedExchange
lstrlenW
RaiseException
LocalAlloc
LocalFree
CompareStringW
GetTickCount
InterlockedDecrement
InterlockedIncrement
SetLastError
GetSystemDirectoryW

oleaut32

SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
SafeArrayGetElement
SafeArrayPutElement
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantCopyInd
SysAllocString
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantInit
LoadRegTypeLi
DispInvoke
SetErrorInfo
CreateErrorInfo
VariantClear
DispGetIDsOfNames
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d03eee2c2ba38ed383375ffe31b3195

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

activeds

adsldpc

wldap32

netapi32

ole32

advapi32

kernel32

oleaut32

Exports

Exports

Sections

.text Size: 157KB - Virtual size: 157KB

.data Size: 15KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 157KB - Virtual size: 157KB

.data
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB