48c5544648f10b89315afb8ab0942184_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

48c5544648f10b89315afb8ab0942184_JaffaCakes118
Size

499KB
MD5

48c5544648f10b89315afb8ab0942184
SHA1

7bf30feec032ee8b7d4bd960e8d77a66b39e7fac
SHA256

191d44532acffcbb8eaf82679487ffd491274fc8a9af8d5382a95e776cd7e95a
SHA512

6420272a643f3a24ba3c3e06b8350f7d359a1c40a8948ba433f2c6c16da1bf23e592301b69934b68d8ff14bc624d3a9d104c2f82b12a3d04314572b5a550d8bb
SSDEEP

12288:3gkLCQLyAjmMJhgEXhmZFVMMnMMMMMVsq1UVuievhbFrF:leTAjhJhYVMMnMMMMMVeV7evh9F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48c5544648f10b89315afb8ab0942184_JaffaCakes118

Files

48c5544648f10b89315afb8ab0942184_JaffaCakes118
.exe windows:4 windows x86 arch:x86

366d25b08d15b1d0f3c22d86ef4bdf8b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryA
TlsFree
CreateMailslotA
lstrlenA
GetCurrentThreadId
GlobalDeleteAtom
lstrcmpA
GlobalUnlock
IsDBCSLeadByte
GlobalFree
_lclose
LeaveCriticalSection
GlobalAlloc
SetFileTime
MoveFileA
WinExec
FreeResource
LoadLibraryA
SetFileAttributesA
MulDiv
CreateFileA
HeapFree
GetModuleFileNameA
GetTickCount
VirtualProtect
GetProcAddress
GetFileAttributesA
SearchPathA
GetLocalTime
GetShortPathNameA
FreeEnvironmentStringsA
ReadFile
SetLastError
GetLocaleInfoA
InterlockedIncrement
LoadResource
CreateThread
CompareStringA
TlsAlloc
ReleaseSemaphore
FlushInstructionCache
FreeLibrary
CreateEventA
GetSystemDirectoryA
GetStdHandle
TlsSetValue
EnterCriticalSection
GetStringTypeW
IsBadReadPtr
GetFullPathNameA
DeleteFileA
FormatMessageA
GetCurrentProcess
FlushFileBuffers
MultiByteToWideChar
GetUserDefaultLCID
GetCommandLineA
SetStdHandle
FindResourceA
UnlockFile
FindNextFileA
HeapReAlloc
GetStartupInfoA
GetDateFormatA
GetSystemDefaultLCID
LCMapStringA
WaitForSingleObject
CreateProcessW
GetDriveTypeA
GetUserDefaultLangID
LockFile
FindClose
_lread
ExitThread
lstrcpyA
FormatMessageW
CreateSemaphoreA
InitializeCriticalSection
FileTimeToSystemTime
GlobalLock
GetProfileStringA
CreateProcessA
GetTempFileNameA
VirtualAlloc
GetExitCodeProcess
GlobalSize
FindFirstFileA
SetCurrentDirectoryA
GlobalAddAtomA
SetLocalTime
GlobalHandle
GetSystemTime
HeapAlloc
GetModuleFileNameW
_lwrite
GetEnvironmentStrings
HeapSize
lstrcpynA
GetFileType
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
GetSystemInfo
GetWindowsDirectoryA
SetFilePointer
GetACP
TlsGetValue
DeleteCriticalSection
SetEvent
DuplicateHandle
RemoveDirectoryA
HeapDestroy
GetSystemDefaultLangID
GetFileTime
GetStringTypeA
Sleep
CompareStringW
InterlockedDecrement
CloseHandle
GetCurrentProcessId
SystemTimeToFileTime
GetVolumeInformationA
TerminateProcess
RaiseException
IsBadCodePtr
LoadLibraryExA
WriteFile
ResumeThread
GetTempPathA
GetVersion
RtlUnwind
SetEnvironmentVariableA
GetLastError
GetModuleHandleA
_llseek
UnhandledExceptionFilter
lstrcmpiA
GetStringTypeExA
ResetEvent
lstrcmpiW
HeapCreate
GetVersionExA
GlobalReAlloc
GetCurrentDirectoryA
SetEndOfFile
lstrcatA
GetCPInfo
GetTimeZoneInformation
VirtualQuery
SizeofResource
LockResource
FileTimeToLocalFileTime
GetOEMCP
VirtualFree
LCMapStringW
ExitProcess
SetHandleCount

samlib

SamiSetDSRMPassword
SamTestPrivateFunctionsDomain
SamConnectWithCreds
SamRemoveMultipleMembersFromAlias
SamTestPrivateFunctionsUser

ddraw

DirectDrawEnumerateA

mswsock

sethostname

advapi32

RegQueryValueA
RegSetValueExW
DeregisterEventSource
RegCloseKey
RegEnumKeyW
RegSetValueA
RegQueryValueExW
RegSetValueExA
RegOpenKeyExA
RegCreateKeyA
LookupPrivilegeValueA
RegQueryInfoKeyA
InitializeSecurityDescriptor
RegQueryValueExA
SetSecurityDescriptorDacl
RegEnumValueW
RegDeleteKeyW
RegDeleteKeyA
RegOpenKeyW
RegEnumKeyA
RegDeleteValueW
RegEnumValueA
RegDeleteValueA
RegOpenKeyA
ReportEventA
RegCreateKeyW
RegisterEventSourceA
AdjustTokenPrivileges
OpenProcessToken

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 154KB - Virtual size: 1016KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

366d25b08d15b1d0f3c22d86ef4bdf8b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

samlib

ddraw

mswsock

advapi32

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 205KB - Virtual size: 205KB

.rsrc Size: 131KB - Virtual size: 130KB

.data Size: 154KB - Virtual size: 1016KB

.idata Size: 5KB - Virtual size: 5KB

.reloc Size: 512B - Virtual size: 72B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 205KB - Virtual size: 205KB

.rsrc
Size: 131KB - Virtual size: 130KB

.data
Size: 154KB - Virtual size: 1016KB

.idata
Size: 5KB - Virtual size: 5KB

.reloc
Size: 512B - Virtual size: 72B