4a046bec3c92691786a3ac41a3e8715a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4a046bec3c92691786a3ac41a3e8715a_JaffaCakes118
Size

191KB
MD5

4a046bec3c92691786a3ac41a3e8715a
SHA1

286e035cb6e0b506fe26eac2e98972c28a420201
SHA256

147ae22f52a2679ebf1eeac01a5da693324ac6f0dfa6655ed022f2c273715ef5
SHA512

efc9f59b2917156cceedcd8e8f36113db30fe2939d921baa07bca843e2d9ee68418670d48c5fdb9814862f637115770220467964c1bcc797f816ee4878be42ae
SSDEEP

3072:UrNwEsGSeX84MbMZYufSzm7Fv3/y1yzWqVuS7/3a/WJ+Ow7SU6Dx+RY0Qm3xLD/9:mK7GS7TbMKuKy7Fvqg6YD7/3a/WJ+Ou5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a046bec3c92691786a3ac41a3e8715a_JaffaCakes118

Files

4a046bec3c92691786a3ac41a3e8715a_JaffaCakes118
.dll windows:5 windows x86 arch:x86

41c43360082af713ecda688c98104f88

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mqad.pdb

Imports

mqsec

MQSec_GetWorldSid
MQSec_MakeSelfRelative
MQSec_GetDefaultSecDescriptor
MQSec_GetProcessUserSid
MQSec_GetThreadUserSid
MQSec_CopySecurityDescriptor
MQSec_GetLocalMachineSid
MQSec_UnpackPublicKey
MQSec_GetUserType
MQSec_MergeSecurityDescriptors
MQSec_ConvertSDToNT4Format
MQSec_ConvertSDToNT5Format
MQSec_SetPrivilegeInThread
MQSec_IsAnonymusSid

mqutil

?mqrpcUnbindQMService@@YGJPAPAXPAPAG@Z
mqrpcSetLocalRpcMutualAuth
?ComposeLocalEndPoint@@YGXPBGPAPAG@Z
GetFalconKeyValue

msvcrt

wcslen
__CxxFrameHandler
_purecall
wcscpy
swprintf
??0exception@@QAE@ABV0@@Z
_CxxThrowException
_except_handler3
wcscmp
wcschr
_wcsicmp
wcscat
wcsncpy
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
free
malloc
wcsstr
wcsncmp
_snwprintf
mbstowcs
gmtime
mktime

msvcp60

??1bad_alloc@std@@UAE@XZ
??0bad_alloc@std@@QAE@PBD@Z
?nothrow@std@@3Unothrow_t@1@B
??0bad_alloc@std@@QAE@ABV01@@Z

netapi32

NetApiBufferFree
DsGetDcNameW
DsGetSiteNameW

rpcrt4

RpcStringBindingComposeW
NdrClientCall2
RpcBindingFree
RpcStringFreeW
RpcBindingFromStringBindingW

advapi32

GetNamedSecurityInfoW
SetEntriesInAclW
SetNamedSecurityInfoW
SetSecurityDescriptorOwner
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegCreateKeyExW
RegSetValueExW
RegCloseKey
GetSecurityDescriptorLength
GetSecurityDescriptorSacl
IsValidSecurityDescriptor
InitializeSecurityDescriptor
MakeSelfRelativeSD
TraceMessage

kernel32

LocalFree
SetLastError
InterlockedCompareExchange
RaiseException
GetTickCount
EnterCriticalSection
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsBadWritePtr
GetModuleHandleW
GetCurrentThreadId
QueryPerformanceCounter
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
GetCurrentProcessId

user32

CharLowerW

oleaut32

VariantInit
SysFreeString
VariantClear
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayCreateVector
SafeArrayPutElement
SafeArrayCreate
SysAllocString

activeds

ord20
ord18
ord6
ord9
ord15

Exports

Exports

MQADBeginDeleteNotification
MQADCreateObject
MQADDeleteObject
MQADDeleteObjectGuid
MQADEndDeleteNotification
MQADEndQuery
MQADFreeMemory
MQADGetADsPathInfo
MQADGetComputerSites
MQADGetComputerVersion
MQADGetObjectProperties
MQADGetObjectPropertiesGuid
MQADGetObjectSecurity
MQADGetObjectSecurityGuid
MQADInit
MQADNotifyDelete
MQADQMGetObjectSecurity
MQADQMSetMachineProperties
MQADQueryAllLinks
MQADQueryAllSites
MQADQueryConnectors
MQADQueryForeignSites
MQADQueryLinks
MQADQueryMachineQueues
MQADQueryNT4MQISServers
MQADQueryQueues
MQADQueryResults
MQADQuerySiteServers
MQADQueryUserCert
MQADSetObjectProperties
MQADSetObjectPropertiesGuid
MQADSetObjectSecurity
MQADSetObjectSecurityGuid
MQADSetupInit

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

41c43360082af713ecda688c98104f88

Headers

File Characteristics

PDB Paths

Imports

mqsec

mqutil

msvcrt

msvcp60

netapi32

rpcrt4

advapi32

kernel32

user32

oleaut32

activeds

Exports

Exports

Sections

.text Size: 118KB - Virtual size: 118KB

.data Size: 61KB - Virtual size: 61KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 118KB - Virtual size: 118KB

.data
Size: 61KB - Virtual size: 61KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB