42a2dadcccbda99faa4f6961b97c4c36_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

42a2dadcccbda99faa4f6961b97c4c36_JaffaCakes118
Size

93KB
MD5

42a2dadcccbda99faa4f6961b97c4c36
SHA1

0b3fd99f6e1bb42c69b03c7bf56f03e226c94d14
SHA256

3b49a31510166df25691b4b05889634acc0b84710212efe585ca421d8b63e8cf
SHA512

e87c9a9ad6d79b4350559d39a52d34d8ce660ae14e0e2189a26c7c525e4d172cc3ef7e9028f4243104b654f59700af5d07512554fee79645b6d4e72e9339eb94
SSDEEP

1536:WJ31GioMnQ/5cTeyswXRqHCeEgDN5LJAOkpbQ1gdLZ74QeychdRby:I31GioHgPzOCeHN5UagnkQ+fy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42a2dadcccbda99faa4f6961b97c4c36_JaffaCakes118

Files

42a2dadcccbda99faa4f6961b97c4c36_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4f976d8af9d460ecf50f77815bb9cc70

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

advapi32

LsaCreateSecret
RegEnumValueW
LsaQueryInformationPolicy
InitiateSystemShutdownExW
RegOverridePredefKey
OpenTraceW
WmiQueryAllDataA
InitiateSystemShutdownW
RegLoadKeyA
StartServiceCtrlDispatcherW
CryptEnumProviderTypesA
SystemFunction026
CredReadDomainCredentialsW
QueryServiceStatusEx
GetLengthSid
CredEnumerateW
CryptDuplicateHash
AddAccessDeniedObjectAce
FlushTraceA
CredGetSessionTypes
LsaQuerySecret
EncryptionDisable
WmiQuerySingleInstanceMultipleA
AccessCheckByTypeResultListAndAuditAlarmByHandleW
SetNamedSecurityInfoW
CredUnmarshalCredentialA
SetSecurityDescriptorControl
UnregisterTraceGuids
SystemFunction020
TraceMessage
RegOpenKeyExA
LookupPrivilegeDisplayNameW
GetEventLogInformation
AreAnyAccessesGranted
LsaSetSecurityObject

ntmarta

AccProvGrantAccessRights
AccProvGetOperationResults
AccProvCancelOperation
AccProvHandleSetAccessRights
AccProvRevokeAuditRights
AccRewriteSetNamedRights
AccLookupAccountTrustee
AccConvertAccessMaskToActrlAccess
AccRewriteSetHandleRights
AccProvHandleGetAllRights
AccProvHandleGetTrusteesAccess
AccRewriteGetExplicitEntriesFromAcl
AccProvIsAccessAudited
EventNameFree
AccRewriteGetNamedRights
AccProvHandleGetAccessInfoPerObjectType
AccFreeIndexArray
AccLookupAccountName
AccConvertAccessToSD
AccLookupAccountSid
AccSetEntriesInAList
AccRewriteSetEntriesInAcl
AccProvGetAccessInfoPerObjectType
AccConvertSDToAccess
AccGetExplicitEntries
AccConvertAccessToSecurityDescriptor

scecli

SceAddToObjectList
SceSetupUpdateSecurityService
SceGetScpProfileDescription
SceGetAnalysisAreaSummary
SceSvcSetInformationTemplate
SceDcPromoteSecurityEx
SceGenerateRollback
SceSetupBackupSecurity
SceRegisterRegValues
SceSetupUpdateSecurityKey
SceCreateDirectory
SceSvcFree
InitializeChangeNotify
SceProcessSecurityPolicyGPOEx
SceSetupGenerateTemplate
SceOpenProfile
SceAddToNameList
SceConfigureSystem
SceGetDatabaseSetting
SceOpenPolicy
SceSetupUpdateSecurityFile
SceEnforceSecurityPolicyPropagation
SceConfigureConvertedFileSecurity
SceGetServerProductType
SceLookupPrivRightName
SceGetObjectChildren

wldap32

ldap_next_attributeW
ldap_openW
ldap_deleteW
ldap_encode_sort_controlW
ldap_search_init_pageA
ber_bvdup
ldap_get_dnA
ldap_addW
ldap_compare_ext_s
ldap_first_attributeW
ber_flatten
ber_next_element
ldap_control_freeW
ldap_count_values
ldap_init
ber_scanf
ldap_conn_from_msg
ldap_sasl_bind_sA
ldap_control_free
ldap_compareW
ldap_free_controlsA
ldap_simple_bind_sW
ldap_count_valuesA
ldap_escape_filter_element
ldap_ufn2dnA
ldap_value_free_len

kernel32

SetFileShortNameA
MapUserPhysicalPages
GlobalFree
AddConsoleAliasW
BaseCheckAppcompatCache
CancelTimerQueueTimer
GetProcessTimes
BaseDumpAppcompatCache
WaitForSingleObject
GetPrivateProfileSectionNamesA
HeapLock
GlobalAlloc
PeekNamedPipe
GetUserDefaultLCID
IsDBCSLeadByteEx
InterlockedExchangeAdd
VirtualAlloc
SetLocaleInfoA
GetFullPathNameA
FindNextVolumeW
VDMConsoleOperation
FreeEnvironmentStringsW
HeapUnlock
FindActCtxSectionStringA
GetConsoleMode
SetStdHandle
GetCurrentThread
GetCPInfoExW
ReadConsoleOutputA
CreateWaitableTimerW
LoadLibraryA
LZSeek
SetCommState
CopyFileExA
GetModuleHandleA
GetVersionExW
SetFileAttributesA

winsta

WinStationConnectA
_WinStationReInitializeSecurity
WinStationEnumerateLicenses
ServerGetInternetConnectorStatus
WinStationGetAllProcesses
WinStationGetLanAdapterNameA
WinStationSendMessageA
WinStationWaitSystemEvent
WinStationTerminateProcess
ServerLicensingDeactivateCurrentPolicy
ServerLicensingUnloadPolicy
ServerLicensingGetPolicyInformationA
WinStationIsHelpAssistantSession
_WinStationShadowTargetSetup
WinStationNameFromLogonIdA
_WinStationNotifyDisconnectPipe
WinStationQueryUpdateRequired
WinStationSetInformationW
WinStationShadowStop
ServerLicensingGetAvailablePolicyIds
_WinStationNotifyLogon
_WinStationAnnoyancePopup
WinStationSendMessageW
WinStationRenameW
WinStationSetInformationA
WinStationGetTermSrvCountersValue
WinStationQueryInformationW
WinStationFreeGAPMemory
ServerLicensingFreePolicyInformation
WinStationEnumerateW
_WinStationBeepOpen
_WinStationUpdateClientCachedCredentials
WinStationQueryLogonCredentialsW
_WinStationNotifyNewSession
_WinStationWaitForConnect
_WinStationBreakPoint

sqlunirl

_DlgDirListComboBox_@20
_GetPrivateProfileSection_@16
_MessageBoxIndirect_@4
_SetDefaultCommConfig_@12
_GetICMProfile_@12
_FindExecutable_@12
_SetDlgItemText@12
_RegQueryInfoKey_@48
_DefFrameProc_@20
_RegSetValue_@20
_OpenSCManager_@12
_GetFileAttributesEx_@12
_ObjectOpenAuditAlarm_@48
_CreateProcessAsUser_@44
_CompareString_@24
_CallMsgFilter_@8
_AddFontResource_@4
_RegisterClipboardFormat_@4
_RegLoadKey_@12
_ObjectCloseAuditAlarm_@12
_WriteConsoleInput_@16
_DrawTextEx_@24
_OpenWindowStation_@12
_CreateProcess_@40
_OpenSemaphore_@12
__hwrite_@12
_GetProp@8
_PropertySheet_@4
_FindNextFile_@8

Exports

Exports

InstallU
PluginCommand
PluginMain
PluginName
PluginType
PluginVersion
WSPStartup

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f976d8af9d460ecf50f77815bb9cc70

Headers

File Characteristics

Imports

advapi32

ntmarta

scecli

wldap32

kernel32

winsta

sqlunirl

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 36KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 35KB - Virtual size: 80KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 860B

.text
Size: 36KB - Virtual size: 36KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 35KB - Virtual size: 80KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 860B