2f22e0db15eac31b6b9e5073f6b36b2e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2f22e0db15eac31b6b9e5073f6b36b2e_JaffaCakes118
Size

866KB
MD5

2f22e0db15eac31b6b9e5073f6b36b2e
SHA1

c71f060f9b2952c2ede9dc06eb18658f4a1e57e3
SHA256

e98210987b14e57ca95525535ae7ba8716c1a7278aa5eaadf54657b6f6622b82
SHA512

66804a26dc2feb8d08f1a3060d89cfd8c875664dec67455166c693e86241db6ed46e5b9cf1a40b60d3d5ab16569a97d26516ecf5925a9a367e8ddc0b9a943491
SSDEEP

24576:yXnLCv+dRwS52eXc7RlDiB6leNnfugaRplpx:yXLCmdRp2V9diB6leNFaRvz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f22e0db15eac31b6b9e5073f6b36b2e_JaffaCakes118

Files

2f22e0db15eac31b6b9e5073f6b36b2e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

50ae5f8de79630f7c199b60116358514

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

samlib

SamQuerySecurityObject
SamSetMemberAttributesOfGroup
SamRidToSid
SamCreateUser2InDomain
SamConnect
SamOpenGroup
SamOpenDomain
SamLookupIdsInDomain
SamEnumerateDomainsInSamServer
SamTestPrivateFunctionsDomain
SamAddMemberToAlias
SamiOemChangePasswordUser2
SamiSetBootKeyInformation
SamEnumerateAliasesInDomain
SamFreeMemory
SamSetInformationGroup
SamGetMembersInGroup
SamiLmChangePasswordUser
SamLookupNamesInDomain
SamSetInformationUser
SamiChangePasswordUser
SamGetDisplayEnumerationIndex
SamOpenAlias
SamDeleteGroup
SamEnumerateUsersInDomain
SamCreateAliasInDomain
SamAddMemberToGroup
SamChangePasswordUser2
SamSetInformationAlias
SamiChangePasswordUser2
SamCreateGroupInDomain
SamChangePasswordUser
SamLookupDomainInSamServer
SamiChangeKeys
SamCreateUserInDomain
SamiSetDSRMPassword
SamQueryInformationGroup
SamConnectWithCreds
SamGetCompatibilityMode
SamGetAliasMembership
SamSetSecurityObject
SamRemoveMemberFromGroup
SamGetGroupsForUser

kernel32

SetNamedPipeHandleState
IsValidCodePage
EnterCriticalSection
EscapeCommFunction
AddLocalAlternateComputerNameW
LoadLibraryA
GetPrivateProfileIntW
ContinueDebugEvent
GetConsoleCursorMode
Module32First
SetConsoleKeyShortcuts
IsProcessInJob
GetStartupInfoA
BaseCleanupAppcompatCacheSupport
GetConsoleInputExeNameW
IsDebuggerPresent
PostQueuedCompletionStatus
GetUserDefaultLCID
GetConsoleAliasesW
SetFileAttributesA
GetLastError
GetEnvironmentStringsA
GetEnvironmentStrings
GetQueuedCompletionStatus
SetTimerQueueTimer
LocalAlloc
AddAtomW
VirtualAlloc
GetConsoleTitleW
LeaveCriticalSection
EnumSystemGeoID
SetConsoleIcon
BindIoCompletionCallback
LZInit
GetExitCodeThread
DosPathToSessionPathA
IsBadStringPtrW
Module32NextW
SetTimeZoneInformation
IsValidLocale
FindCloseChangeNotification
VDMOperationStarted
FatalExit
EnumResourceTypesW
GetBinaryType

msvcrt

putwc
_XcptFilter
sscanf
__p__daylight
_statusfp
qsort
_wspawnle
_CIatan
__getmainargs
_stati64
_seh_longjmp_unwind
_spawnlp
_wcsicoll
_CIcos
__threadid
_outp
__p__pgmptr
_memccpy
__p__commode
_strdup
_gmtime64
_commit
_y0
_mbsdec
_ismbcl0
__crtLCMapStringW
fwscanf
__set_app_type
??_Fbad_cast@@QAEXXZ
exit
_ftime64

gdi32

RealizePalette
GdiIsPlayMetafileDC
PolyTextOutA
Pie
DdEntry2
FONTOBJ_cGetAllGlyphHandles
FONTOBJ_pfdg
EngAlphaBlend
GetICMProfileA
GetOutlineTextMetricsA
SetMapMode
FONTOBJ_pvTrueTypeFontFile
GdiDeleteLocalDC
GetTextExtentPointI
DdEntry28
STROBJ_bGetAdvanceWidths
GetTextAlign
SetDCBrushColor
GetEnhMetaFilePixelFormat
CheckColorsInGamut
GetFontLanguageInfo
GetEnhMetaFileA
GetDIBits
SetDCPenColor
BRUSHOBJ_pvGetRbrush
PtInRegion
GdiEntry4
AddFontResourceExA
DdEntry31
EnumICMProfilesA
CLIPOBJ_cEnumStart
SetICMMode
GetStringBitmapW
CancelDC
DdEntry46
GdiEntry2
DrawEscape
XLATEOBJ_iXlate
GetROP2

msorcl32

SQLSetCursorName
SQLPrepare
SQLFetch
SQLSetScrollOptions
SQLMoreResults
LoadByOrdinal
SQLTransact
SQLGetStmtOption
SQLGetCursorName
SQLDisconnect
SQLSetPos
SQLFreeEnv
ConfigDSN
SQLStatistics
SQLParamData
SQLBindParameter
SQLAllocStmt
SQLRowCount
SQLForeignKeys
SQLBindCol
SQLDescribeParam
SQLGetData
SQLPutData
SQLConnect
SQLExecDirect
SQLCancel
SQLAllocConnect

lz32

LZOpenFileW
LZDone
LZSeek
LZClose
CopyLZFile
LZInit
LZCloseFile
GetExpandedNameA
LZCopy
LZOpenFileA
LZStart
LZRead

user32

EndDialog

Sections

.text
Size: 435KB - Virtual size: 435KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 327KB - Virtual size: 327KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 99KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50ae5f8de79630f7c199b60116358514

Headers

DLL Characteristics

File Characteristics

Imports

samlib

kernel32

msvcrt

gdi32

msorcl32

lz32

user32

Sections

.text Size: 435KB - Virtual size: 435KB

.rdata Size: 327KB - Virtual size: 327KB

.data Size: 99KB - Virtual size: 1.5MB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 435KB - Virtual size: 435KB

.rdata
Size: 327KB - Virtual size: 327KB

.data
Size: 99KB - Virtual size: 1.5MB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB