3ef4438a71940fc1eef0c1abaa80c7dc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3ef4438a71940fc1eef0c1abaa80c7dc_JaffaCakes118
Size

499KB
MD5

3ef4438a71940fc1eef0c1abaa80c7dc
SHA1

17ae581fd8a9aa6860e14c64226e3864679b2d9c
SHA256

5209292325ea0ec0352ab18d9887c2048bd3f74b67c01aa5b1fb5a5593d0fd78
SHA512

9f6b3eab4bb3035829b198859307a9d6f13edcf49e8eea6108598ebbac76fbfbf2a4d6bd39761d922ef31d57562605a51ed7a5ac2d59142ecc232bc94207ed6a
SSDEEP

12288:kOrWJp++HEun6xGXns72TFdRMMnMMMMMQ0RJorcm:kOqrdHEv6JfMMnMMMMMxo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ef4438a71940fc1eef0c1abaa80c7dc_JaffaCakes118

Files

3ef4438a71940fc1eef0c1abaa80c7dc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e140a19a9aedf848476bf4b00c05002c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ddraw

DirectDrawEnumerateA

samlib

SamRemoveMultipleMembersFromAlias
SamConnectWithCreds
SamTestPrivateFunctionsDomain

ws2_32

setsockopt

advapi32

RegCreateKeyW
InitializeSecurityDescriptor
RegDeleteKeyA
RegSetValueExA
RegEnumValueA
RegCreateKeyA
RegEnumKeyA
RegisterEventSourceA
SetSecurityDescriptorDacl
OpenProcessToken
AdjustTokenPrivileges
RegQueryInfoKeyA
RegDeleteValueA
RegOpenKeyW
RegCloseKey
DeregisterEventSource
ReportEventA
RegOpenKeyExA
RegOpenKeyA
RegSetValueA
RegQueryValueExW
RegSetValueExW
RegDeleteKeyW
LookupPrivilegeValueA
RegQueryValueExA
RegEnumKeyW
RegEnumValueW
RegDeleteValueW
RegQueryValueA

kernel32

GlobalAddAtomA
LoadLibraryA
UnhandledExceptionFilter
lstrcatA
TlsSetValue
GetStringTypeW
SetFileAttributesA
WideCharToMultiByte
GetDateFormatA
SetEvent
HeapSize
WinExec
InterlockedIncrement
GetFileType
GlobalUnlock
SetStdHandle
FormatMessageA
SetEndOfFile
VirtualProtect
MoveFileA
IsBadReadPtr
GetEnvironmentStrings
GetCPInfo
FlushFileBuffers
LCMapStringA
DuplicateHandle
GetTempPathA
LCMapStringW
GetSystemInfo
GetExitCodeProcess
_lread
LockResource
GetStringTypeExA
GetModuleHandleA
lstrcpyA
TerminateProcess
FormatMessageW
GlobalAlloc
GetSystemDefaultLCID
FileTimeToLocalFileTime
ResetEvent
GetStartupInfoA
MulDiv
SetFilePointer
GetCurrentDirectoryA
GetTempFileNameA
FlushInstructionCache
lstrcmpiA
VirtualFree
RtlUnwind
TlsAlloc
GlobalLock
Sleep
GetFileAttributesA
IsBadCodePtr
lstrcpynA
CreateThread
GetSystemDefaultLangID
GetVersionExA
HeapReAlloc
FindResourceA
CloseHandle
HeapFree
CompareStringW
FindClose
IsDBCSLeadByte
FreeLibrary
GetSystemDirectoryA
FindFirstFileA
GlobalHandle
VirtualAlloc
CreateSemaphoreA
GetStdHandle
ReleaseSemaphore
MultiByteToWideChar
CreateProcessA
GetShortPathNameA
GetEnvironmentStringsW
ReadFile
GetCommandLineA
HeapCreate
InterlockedDecrement
GetDriveTypeA
GetVersion
GetCurrentThreadId
SystemTimeToFileTime
GetWindowsDirectoryA
ResumeThread
DeleteCriticalSection
_llseek
CreateDirectoryA
EnterCriticalSection
UnlockFile
ExitProcess
SetHandleCount
GetModuleFileNameA
HeapAlloc
GetTimeZoneInformation
CreateEventA
_lwrite
GetStringTypeA
CreateMailslotA
SearchPathA
WriteFile
GetProfileStringA
GetCurrentProcess
GetLocaleInfoA
FreeResource
SetErrorMode
LoadResource
GetOEMCP
CreateFileA
InitializeCriticalSection
FileTimeToSystemTime
FindNextFileA
SetCurrentDirectoryA
GlobalSize
SetLocalTime
lstrcmpiW
GetProcAddress
lstrcmpA
HeapDestroy
GetACP
LeaveCriticalSection
GetLastError
RaiseException
CreateProcessW
GetFileTime
GetCurrentProcessId
GlobalReAlloc
SetFileTime
GetUserDefaultLCID
GlobalFree
GetSystemTime
RemoveDirectoryA
_lclose
DeleteFileA
VirtualQuery
LockFile
GetLocalTime
GlobalDeleteAtom
FreeEnvironmentStringsW
TlsFree
TlsGetValue
SetEnvironmentVariableA
SizeofResource
ExitThread
LoadLibraryExA
GetModuleFileNameW
GetVolumeInformationA
SetLastError
FreeEnvironmentStringsA
lstrlenA
GetTickCount
GetFullPathNameA
CompareStringA
WaitForSingleObject

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 154KB - Virtual size: 1016KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e140a19a9aedf848476bf4b00c05002c

Headers

DLL Characteristics

File Characteristics

Imports

ddraw

samlib

ws2_32

advapi32

kernel32

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 205KB - Virtual size: 205KB

.idata Size: 5KB - Virtual size: 5KB

.data Size: 154KB - Virtual size: 1016KB

.rsrc Size: 131KB - Virtual size: 130KB

.reloc Size: 512B - Virtual size: 64B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 205KB - Virtual size: 205KB

.idata
Size: 5KB - Virtual size: 5KB

.data
Size: 154KB - Virtual size: 1016KB

.rsrc
Size: 131KB - Virtual size: 130KB

.reloc
Size: 512B - Virtual size: 64B