33d5bc5ef0572e973c6932fdc89154f4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

33d5bc5ef0572e973c6932fdc89154f4_JaffaCakes118
Size

499KB
MD5

33d5bc5ef0572e973c6932fdc89154f4
SHA1

9bc6d627673d4a84abb9dc21138d29f5c32cdc23
SHA256

1015c6c017df1b5aac379219dba9a2834b036a825981578c7dbfd56d869cd4c9
SHA512

a7fb4e2e23b2137384490c1b130dc6ed886fc79f99434840636d5548f6d93723ffb6b67897ac496f5d4cf69d863c490a262df93ac22cd260583a0a6870d7a52d
SSDEEP

12288:E05CHeVh8nNkE9T0jP0ze1V6pMMnMMMMM/GjmF/+X:EpnNkEGoQSMMnMMMMM/rFG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33d5bc5ef0572e973c6932fdc89154f4_JaffaCakes118

Files

33d5bc5ef0572e973c6932fdc89154f4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1ee54d8a0dadcb8bcaad65b8e05f4285

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

setsockopt

samlib

SamRemoveMultipleMembersFromAlias
SamTestPrivateFunctionsDomain
SamConnectWithCreds

advapi32

RegEnumValueW
RegEnumKeyA
RegSetValueExW
RegCreateKeyW
RegQueryValueA
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
RegEnumKeyW
DeregisterEventSource
RegisterEventSourceA
SetSecurityDescriptorDacl
OpenProcessToken
RegOpenKeyExA
RegQueryInfoKeyA
ReportEventA
RegQueryValueExA
RegDeleteValueW
RegOpenKeyA
RegCreateKeyA
AdjustTokenPrivileges
RegDeleteKeyW
RegSetValueA
RegQueryValueExW
RegOpenKeyW
RegSetValueExA
RegDeleteKeyA
RegEnumValueA
InitializeSecurityDescriptor

ddraw

DirectDrawEnumerateA

kernel32

SearchPathA
GetUserDefaultLangID
ResetEvent
LockFile
VirtualFree
FlushFileBuffers
CreateEventA
GetStringTypeW
GetFileAttributesA
LeaveCriticalSection
GetSystemDirectoryA
GetFileType
GlobalSize
DeleteCriticalSection
CreateSemaphoreA
SizeofResource
FreeEnvironmentStringsA
GlobalReAlloc
GetTempFileNameA
RemoveDirectoryA
VirtualQuery
InterlockedIncrement
HeapCreate
UnhandledExceptionFilter
GetLocaleInfoA
GetWindowsDirectoryA
GetEnvironmentStrings
GlobalHandle
GetLocalTime
GetCommandLineA
GetDateFormatA
UnlockFile
GetOEMCP
GetTimeZoneInformation
FormatMessageA
GlobalLock
CreateFileA
GetUserDefaultLCID
ReadFile
CreateThread
GetProcAddress
TlsAlloc
_lwrite
GetFullPathNameA
GlobalAlloc
SetFileTime
GetFileTime
FreeResource
DuplicateHandle
WriteFile
LoadLibraryExA
SetFilePointer
GetCPInfo
SetLastError
GetSystemTime
_lread
FindResourceA
CloseHandle
CompareStringA
GetExitCodeProcess
GetStringTypeA
MoveFileA
GetProfileStringA
IsBadCodePtr
TlsFree
GetVolumeInformationA
GetCurrentThreadId
SystemTimeToFileTime
HeapDestroy
ExitThread
SetErrorMode
lstrlenA
FileTimeToLocalFileTime
lstrcmpiA
lstrcpyA
GetTickCount
GetVersionExA
ResumeThread
RtlUnwind
LoadResource
FlushInstructionCache
GlobalUnlock
GetTempPathA
lstrcmpA
FileTimeToSystemTime
SetLocalTime
GetACP
InitializeCriticalSection
GlobalFree
GetLastError
_llseek
FindFirstFileA
CreateProcessW
FreeLibrary
HeapSize
ReleaseSemaphore
CreateMailslotA
GetStringTypeExA
DeleteFileA
EnterCriticalSection
GetStdHandle
GetModuleFileNameW
GetSystemDefaultLangID
SetHandleCount
SetStdHandle
GetCurrentDirectoryA
HeapAlloc
SetFileAttributesA
MulDiv
CreateProcessA
VirtualProtect
GetShortPathNameA
GetCurrentProcessId
RaiseException
InterlockedDecrement
WaitForSingleObject
GetDriveTypeA
SetEndOfFile
IsBadReadPtr
FindClose
TlsSetValue
GetModuleFileNameA
ExitProcess
lstrcmpiW
FindNextFileA
LockResource
GetStartupInfoA
MultiByteToWideChar
TerminateProcess
HeapReAlloc
LoadLibraryA
WinExec
IsDBCSLeadByte
CompareStringW
GetSystemDefaultLCID
GetCurrentProcess
VirtualAlloc
CreateDirectoryA
Sleep
GlobalAddAtomA
_lclose
SetEnvironmentVariableA
LCMapStringW
SetEvent
HeapFree
FormatMessageW
GetVersion
SetCurrentDirectoryA
lstrcatA
GetSystemInfo
LCMapStringA
GlobalDeleteAtom
FreeEnvironmentStringsW
TlsGetValue
GetModuleHandleA
lstrcpynA
GetEnvironmentStringsW

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 154KB - Virtual size: 1016KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ee54d8a0dadcb8bcaad65b8e05f4285

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

samlib

advapi32

ddraw

kernel32

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 205KB - Virtual size: 205KB

.idata Size: 5KB - Virtual size: 5KB

.data Size: 154KB - Virtual size: 1016KB

.rsrc Size: 131KB - Virtual size: 130KB

.reloc Size: 512B - Virtual size: 64B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 205KB - Virtual size: 205KB

.idata
Size: 5KB - Virtual size: 5KB

.data
Size: 154KB - Virtual size: 1016KB

.rsrc
Size: 131KB - Virtual size: 130KB

.reloc
Size: 512B - Virtual size: 64B