3f46a11aeefcb810fc8653fb8df45dbd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3f46a11aeefcb810fc8653fb8df45dbd_JaffaCakes118
Size

846KB
MD5

3f46a11aeefcb810fc8653fb8df45dbd
SHA1

35174cf07c2c9b8a4e6097d27e0a21dfb7f25046
SHA256

1d9965c2755e3292bb72b99efac7af7fa728e51fece67f112cdf17657055bdac
SHA512

50fd6f850d887a1131800aac6cb278a3b0c169346b5cf8f79093b4ef919f85a8ac4c483f3a0efd7298aad38390175d5296011643bc8205015ad35bd7f3eb9006
SSDEEP

24576:DIdGTb26mrKWYFbVvExi5/qAh8IRNlLKGVX28IsJ72Xb0rSAa:sGq6mr1YFH/phxRuROLha

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f46a11aeefcb810fc8653fb8df45dbd_JaffaCakes118

Files

3f46a11aeefcb810fc8653fb8df45dbd_JaffaCakes118
.exe windows:5 windows x86 arch:x86

797ef4c58ee1abec06319a6bca0d0c12

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

polstore

IPSecCopyISAKMPData
IPSecCreateFilterData
IPSecSetNegPolData
IPSecDeleteNFAData
IPSecDeleteNegPolData
IPSecEnumISAKMPData
IPSecEnumFilterData
IPSecClosePolicyStore
IPSecCopyNFAData
IPSecFreeFilterSpecs
IPSecGetFilterData
IPSecSetISAKMPData
IPSecCreateISAKMPData
IPSecFreeFilterData
IPSecAllocPolStr

crypt32

CryptBinaryToStringA
CertSerializeCertificateStoreElement
CryptMsgGetParam
CertFreeCertificateContext
CryptEnumKeyIdentifierProperties
CertRegisterSystemStore
RegEnumValueU
CertGetCertificateChain
CryptMsgEncodeAndSignCTL
I_CertProtectFunction
CryptSetKeyIdentifierProperty
CryptGetOIDFunctionValue
CertAddCertificateLinkToStore
CertGetPublicKeyLength
CryptAcquireCertificatePrivateKey
CertControlStore
CryptEnumOIDInfo
CryptEnumOIDFunction

adsldpc

BuildADsParentPathFromObjectInfo
LdapReadAttribute
ReallocADsStr
LdapValueFreeLen
GetSyntaxOfAttribute
LdapSearchST
SchemaGetClassInfo
ADsExecuteSearch
LdapRenameExtS
ADsEnumClasses
ADsWriteClassDefinition
LdapAttributeFree
LdapOpenObject2
ADsDeleteAttributeDefinition
ADsHelperGetCurrentRowMessage
LdapFirstAttribute
ADsCloseSearchHandle

rasman

RasGetCustomScriptDll
RasSecurityDialogReceive
RasConnectionEnum
RasDeviceEnum
RasGetDevConfig
RasRegisterRedialCallback
RasRpcSetUserPreferences
RasGetUserCredentials
RasPortReceive
RasFindPrerequisiteEntry
RasSecurityDialogSend
RasInitialize
RasmanUninitialize
RasEnumLanNets
RasRpcGetCountryInfo

kernel32

UnregisterWaitEx
AddLocalAlternateComputerNameA
LoadLibraryA
GetDevicePowerState
SetCriticalSectionSpinCount
GetTickCount
IsProcessInJob
FindNextVolumeMountPointA
FreeLibraryAndExitThread
GetTapeParameters
AllocConsole
FillConsoleOutputCharacterW
VirtualAlloc
InitializeSListHead
FlushConsoleInputBuffer
SetSystemTimeAdjustment
GetConsoleInputExeNameW
IsValidCodePage

dsuiext

DsGetIcon
DllInstall
DsBrowseForContainerW
DsBrowseForContainerA
DsGetFriendlyClassName

Sections

.text
Size: 731KB - Virtual size: 731KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

797ef4c58ee1abec06319a6bca0d0c12

Headers

DLL Characteristics

File Characteristics

Imports

polstore

crypt32

adsldpc

rasman

kernel32

dsuiext

Sections

.text Size: 731KB - Virtual size: 731KB

.rdata Size: 107KB - Virtual size: 107KB

.data Size: 4KB - Virtual size: 1.5MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 948B

.text
Size: 731KB - Virtual size: 731KB

.rdata
Size: 107KB - Virtual size: 107KB

.data
Size: 4KB - Virtual size: 1.5MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 948B