2b9248a3818ebb9d4aa8beb82144c4f9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2b9248a3818ebb9d4aa8beb82144c4f9_JaffaCakes118
Size

317KB
MD5

2b9248a3818ebb9d4aa8beb82144c4f9
SHA1

848f8e3a94abb768e58855501c88fe78a3d940cb
SHA256

69f40d4c04b7af4f43d6a8394efc509a12ad2d4fade1653a9e82a4edb6d71aac
SHA512

8f5e3ec3976169343d1777e1048ae11381b09e673b6b72a5c08390b50808698f0050cd7cac4d770f127159825417c1f8ec8865f45aba65ebe96ad1c64eb2fe6b
SSDEEP

3072:ABMMtRaOzu4pAoy49hLz5hJie8LS2FCSZKOInpn7CV+/cs4Micg:A3tRaypxZLz5wStSArCVpd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b9248a3818ebb9d4aa8beb82144c4f9_JaffaCakes118

Files

2b9248a3818ebb9d4aa8beb82144c4f9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

86f141fe505e78d1d64e655351eef5eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\Misc\accesschk\Exe\Release\accesschk.pdb

Imports

netapi32

NetApiBufferFree
NetUserGetLocalGroups

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapSize
GetLocaleInfoA
GetLocaleInfoW
GetTimeZoneInformation
Thread32First
OpenThread
Thread32Next
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesW
CreateFileW
FindResourceW
LoadResource
SizeofResource
LockResource
GetFullPathNameW
GetVersion
GetModuleFileNameW
GetLastError
GetCurrentProcess
SetLastError
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
CloseHandle
GetSystemDirectoryW
ExpandEnvironmentStringsW
GetCurrentDirectoryW
DeleteFileW
SetEnvironmentVariableA
DeviceIoControl
FormatMessageW
GetProcAddress
GetCommandLineW
LocalAlloc
LoadLibraryW
LocalFree
GetModuleHandleW
CreateFileA
SetEndOfFile
GetProcessHeap
ReadFile
CompareStringA
CompareStringW
SetStdHandle
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FatalAppExitA
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
GetCurrentThread
RtlUnwind
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
GetFileType
GetStartupInfoA
LCMapStringA
MultiByteToWideChar
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryA
SetFilePointer
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID

user32

GetSysColorBrush
EndDialog
SetWindowTextW
GetDlgItem
SetCursor
InflateRect
SendMessageW
DialogBoxIndirectParamW
LoadCursorW

gdi32

GetDeviceCaps
SetMapMode
StartDocW
StartPage
EndDoc
EndPage

comdlg32

PrintDlgW

advapi32

GetKernelObjectSecurity
OpenSCManagerW
CloseServiceHandle
OpenServiceW
EnumServicesStatusW
QueryServiceObjectSecurity
GetSecurityInfo
DeleteAce
RegOpenKeyExW
RegGetKeySecurity
RegEnumKeyW
GetNamedSecurityInfoW
RegDeleteKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
ImpersonateLoggedOnUser
RevertToSelf
LsaOpenPolicy
LsaNtStatusToWinError
LsaEnumerateAccountsWithUserRight
LookupPrivilegeNameW
LsaEnumerateAccountRights
LsaFreeMemory
LsaClose
GetEffectiveRightsFromAclW
GetSecurityDescriptorSacl
IsWellKnownSid
GetSecurityDescriptorOwner
LookupAccountNameW
GetSecurityDescriptorDacl
GetLengthSid
CopySid
GetTokenInformation
EqualSid
IsValidSid
GetSidIdentifierAuthority
GetAce
LookupAccountSidW
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
RegCreateKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey

Sections

.text
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 119KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

86f141fe505e78d1d64e655351eef5eb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

netapi32

version

kernel32

user32

gdi32

comdlg32

advapi32

Sections

.text Size: 149KB - Virtual size: 149KB

.rdata Size: 35KB - Virtual size: 35KB

.data Size: 119KB - Virtual size: 126KB

.rsrc Size: 13KB - Virtual size: 13KB

.text
Size: 149KB - Virtual size: 149KB

.rdata
Size: 35KB - Virtual size: 35KB

.data
Size: 119KB - Virtual size: 126KB

.rsrc
Size: 13KB - Virtual size: 13KB