34f21d1ade258e1316ac0c804cf3a053_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

34f21d1ade258e1316ac0c804cf3a053_JaffaCakes118
Size

189KB
MD5

34f21d1ade258e1316ac0c804cf3a053
SHA1

d985ecb098a78adf509d9209205387b36a9a0d61
SHA256

5e77ef7c1c455059684eb0caa444bddf91acb46f3feb2c0301da4e777c10a6b3
SHA512

0419999f1cb1d62889dabf20a5e1a9908143f7b8cb4b871c071d565892169e3222cef8603c02c65258187901c1ece017d5fe7ed197aea80af3bcafd86f6aec46
SSDEEP

3072:+FUGz4AhKjDk6mqrdm4HMRIC8tksjdPlk3gxSCQ5oalamNEtaKvUJlaWaA:+mm6mEdmyMgDBPP/Q5oGgPUeY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
34f21d1ade258e1316ac0c804cf3a053_JaffaCakes118

Files

34f21d1ade258e1316ac0c804cf3a053_JaffaCakes118
.exe windows:2 windows x86 arch:x86

9891a131f6631fca188e3d8ced240c52

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfW
LoadStringW
CharUpperW

mpr

WNetCancelConnection2W
WNetAddConnection2W
WNetGetLastErrorW

ole32

CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoTaskMemAlloc
CoUninitialize
CoTaskMemFree

oleaut32

SysAllocStringByteLen
SafeArrayGetElement
SysFreeString
VariantCopy
VariantClear
SysAllocString
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantChangeType
SysStringLen

secur32

TranslateNameW
GetComputerObjectNameW
GetUserNameExW

ws2_32

WSAGetLastError
WSACleanup
inet_addr
WSAStartup
gethostbyaddr

netapi32

NetServerGetInfo
NetApiBufferFree
DsGetDcNameW

rpcrt4

RpcStringFreeW
UuidCreate
UuidToStringW

ntdsapi

DsCrackNamesW
DsFreeNameResultW
DsBindWithCredW
DsUnBindW

msvcrt

wcsncmp
exit
_cexit
wcscpy
wcslen
wcstol
wcstok
?terminate@@YAXXZ
fflush
calloc
strtok
_initterm
_wcsicmp
free
_CxxThrowException
_c_exit
__winitenv
fprintf
_iob
wcsstr
realloc
wcstod
__CxxFrameHandler
_exit
wcschr
_XcptFilter
_controlfp
__setusermatherr
_wcsnicmp
__wgetmainargs
__set_app_type

advapi32

RegUnLoadKeyW
RegQueryInfoKeyW
RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegConnectRegistryW
ConvertStringSidToSidW
RegCloseKey
OpenProcessToken
LookupAccountSidW
RegLoadKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges

kernel32

OpenMutexW
GetSystemTimeAsFileTime
GetCurrencyFormatW
GetDateFormatW
WaitForSingleObject
EnumResourceLanguagesW
GetUserDefaultLCID
FileTimeToSystemTime
lstrcpynW
GetFileAttributesExA
SizeofResource
lstrcmpW
lstrcpyW
EnumResourceNamesA
LZSeek
WriteTapemark
EnumDateFormatsA
GetLocaleInfoW
SetLastError
InterlockedDecrement
ReadFile
lstrlenW
FindNextFileW
LZCopy
CreateHardLinkA
UnhandledExceptionFilter
HeapSetInformation
GetCurrentProcess
Thread32Next
ReleaseMutex
CreateActCtxW
GetTickCount
lstrlenA
FormatMessageW
GetCurrentProcessId
GetConsoleMode
SetConsoleOS2OemFormat
LocalFree
CreateMutexW
GetConsoleProcessList
GetLocalTime
OpenProfileUserMapping
HeapUnlock
TerminateProcess
CreateFileA
CloseHandle
GetLastError
GetSystemTimeAdjustment
GlobalAddAtomA
SetFileApisToANSI
SetConsoleCursorPosition
VirtualAlloc
BuildCommDCBW
FreeConsole
IsBadStringPtrA
GetComputerNameExW
MultiByteToWideChar
LocalAlloc
CancelIo
Module32First
GetTimeFormatW
QueryActCtxW
FreeLibrary
lstrcatW
SetConsoleKeyShortcuts
WriteConsoleW
SetConsoleMode
FoldStringA
LeaveCriticalSection
SetUnhandledExceptionFilter
GetStdHandle
OpenEventA
DeleteTimerQueue
VerSetConditionMask
SetConsoleInputExeNameW
GetBinaryType
CreateFileMappingA
OpenJobObjectW
DnsHostnameToComputerNameA
CreateMemoryResourceNotification
GetProcessPriorityBoost
GetConsoleScreenBufferInfo
EnumSystemGeoID
SetConsoleTextAttribute
WriteProcessMemory
OpenSemaphoreW
WideCharToMultiByte
lstrcmpiW
QueryPerformanceCounter
ReadConsoleW
VerifyVersionInfoW
CreateSemaphoreW
WritePrivateProfileStructA
VirtualLock
FileTimeToLocalFileTime
GetComputerNameW
FreeEnvironmentStringsA
InterlockedIncrement
_hread
ConvertThreadToFiber
GetCommState
GlobalLock

sxs

SxsProbeAssemblyInstallation
CreateAssemblyCache
CreateAssemblyNameObject

shlwapi

PathFindExtensionA
PathIsLFNFileSpecA
SHCreateStreamOnFileA
SHRegEnumUSValueW
PathUnExpandEnvStringsW
PathRemoveBlanksW
PathCompactPathA
UrlCanonicalizeA
PathAddExtensionA
UrlIsNoHistoryW
SHRegQueryInfoUSKeyA
SHRegSetPathA
StrToIntA
PathFindExtensionW
PathMatchSpecA
IntlStrEqWorkerW
SHRegOpenUSKeyA
PathSearchAndQualifyW
PathIsSystemFolderW
StrCatBuffW
SHSetThreadRef
PathGetCharTypeW

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.kELh
Size: 1KB - Virtual size: 44KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.DAambj
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 126KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9891a131f6631fca188e3d8ced240c52

Headers

File Characteristics

Imports

user32

mpr

ole32

oleaut32

secur32

ws2_32

netapi32

rpcrt4

ntdsapi

msvcrt

advapi32

kernel32

sxs

shlwapi

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 6KB - Virtual size: 5KB

.kELh Size: 1KB - Virtual size: 44KB

.data Size: 8KB - Virtual size: 40KB

.DAambj Size: 2KB - Virtual size: 2KB

.rsrc Size: 126KB - Virtual size: 232KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 6KB - Virtual size: 5KB

.kELh
Size: 1KB - Virtual size: 44KB

.data
Size: 8KB - Virtual size: 40KB

.DAambj
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 126KB - Virtual size: 232KB