4ae5d8fa98f4a8ff2cd65c58b0feb8e6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4ae5d8fa98f4a8ff2cd65c58b0feb8e6_JaffaCakes118
Size

230KB
MD5

4ae5d8fa98f4a8ff2cd65c58b0feb8e6
SHA1

0ec1ed65bf971807719e5e928d7c1298a3f60c41
SHA256

0ae9cf0ffd749729d088f7e62bc650dbfac56b9e449eabdab076834ccf0daedc
SHA512

3133c4d4f6ae41b4a0ade54659d6905928ac3c1f22a00f54d0800ee8fdfeb387e36da18a8b3d886a58792dd3acbbb6d09410ab238bfc0d7b8e843a21cf99b938
SSDEEP

6144:hotm9Ygtm8A0kZtMMSNKTR514wzCQydt4IkvwLHga:hI1gOtfqKTLmwnhY0a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4ae5d8fa98f4a8ff2cd65c58b0feb8e6_JaffaCakes118

Files

4ae5d8fa98f4a8ff2cd65c58b0feb8e6_JaffaCakes118
.dll windows:5 windows x86 arch:x86

a66a6fadb739f0ae999747f7576cb123

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

rasapi32.pdb

Imports

advapi32

RegConnectRegistryW
QueryServiceStatus
FreeSid
AllocateAndInitializeSid
CheckTokenMembership
RegOpenKeyW
RegEnumKeyExW
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
OpenSCManagerW
OpenServiceW
CloseServiceHandle
ControlService
OpenProcessToken
GetTokenInformation
RegEnumKeyW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumValueW
RegDeleteValueW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegSetValueExW
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetSidSubAuthority
OpenThreadToken
GetSidLengthRequired
InitializeSid
SetSecurityDescriptorDacl

kernel32

InterlockedDecrement
InterlockedIncrement
GetVersionExW
CreateDirectoryW
ExpandEnvironmentStringsW
GetSystemWindowsDirectoryW
GetCurrentThread
OpenMutexA
CreateMutexA
ReleaseMutex
CreateFileW
GetFullPathNameW
GlobalSize
HeapAlloc
HeapReAlloc
HeapFree
FreeLibrary
GetProcAddress
GetLastError
LoadLibraryW
GlobalAlloc
GlobalFree
lstrcpynW
FormatMessageW
FormatMessageA
LocalFree
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
lstrcmpiW
lstrlenW
PostQueuedCompletionStatus
GetQueuedCompletionStatus
SetEvent
CloseHandle
CreateThread
WaitForSingleObject
CreateIoCompletionPort
CreateEventW
DelayLoadFailureHook
InitializeCriticalSection
DisableThreadLibraryCalls
GetCurrentProcess
lstrcmpW
ResetEvent
lstrcpyA
Sleep
GetFileAttributesW
lstrcpynA
GlobalReAlloc
lstrlenA
CreateFileA
MoveFileA
DeleteFileA
ReadFile
WriteFile
lstrcatA
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleW
lstrcpyW
GetSystemDirectoryW
CompareStringW
GetCommandLineW
FindClose
FindNextFileW
FindFirstFileW
InterlockedCompareExchange
LoadLibraryA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
OpenEventA
lstrcatW
DeleteCriticalSection
GetCommandLineA
InterlockedExchange
SetEndOfFile
SetFilePointer
ExpandEnvironmentStringsA
WaitForMultipleObjects
CreateEventA
lstrcmpiA
lstrcmpA
IsDBCSLeadByte

msvcrt

wcsncmp
wcslen
wcscpy
strncpy
_wcslwr
_ltoa
qsort
wcsstr
_wcsnicmp
_wtol
_itow
_except_handler3
_snwprintf
_ultow
atol
_strlwr
strncat
_strnicmp
_wcsicmp
strchr
_mbscspn
strrchr
_stricmp
wcscat
_ltow
wcsncpy
wcsncat
wcstoul
strstr
_adjust_fdiv
malloc
_initterm
free
memmove

ntdll

RtlOpenCurrentUser
NtClose
RtlFreeUnicodeString
RtlNtStatusToDosError
RtlAnsiStringToUnicodeString
RtlInitUnicodeString
RtlInitAnsiString
NtQueryValueKey
NtOpenKey
NtSetValueKey
DbgPrint

rasman

RasRpcGetInstalledProtocols
RasRpcGetInstalledProtocolsEx
RasRpcSetUserPreferences
RasGetDeviceNameW
RasSendNotification
RasIsTrustedCustomDll
RasSetCommSettings
RasGetCustomScriptDll
RasRpcGetUserPreferences
RasGetUnicodeDeviceName
RasSetKey
RasGetKey
RasGetPortUserData
RasDoIke
DwRasGetHostByName
RasSetAddressDisable
RasSetPortUserData
RasPortDisconnect
RasmanUninitialize
RasRefreshKerbCreds
RasSendCreds

rpcrt4

I_RpcExceptionFilter
UuidCreate

tapi32

lineGetTranslateCapsW
lineGetCountryW
lineTranslateAddressW

user32

CharNextW
CharPrevW
wsprintfW
SendMessageW
OemToCharBuffA
RegisterWindowMessageA
SendMessageA
SendNotifyMessageA
wsprintfA
CharNextA
IsCharAlphaNumericA
IsCharAlphaA
LoadStringA

Exports

Exports

DDMGetPhonebookInfo
DwCloneEntry
DwDeleteSubEntry
DwEnumEntriesForAllUsers
DwEnumEntryDetails
DwRasRefreshKerbScCreds
DwRasUninitialize
RasAutoDialSharedConnection
RasAutodialAddressToNetwork
RasAutodialEntryToNetwork
RasClearConnectionStatistics
RasClearLinkStatistics
RasConnectionNotificationA
RasConnectionNotificationW
RasCreatePhonebookEntryA
RasCreatePhonebookEntryW
RasDeleteEntryA
RasDeleteEntryW
RasDeleteSubEntryA
RasDeleteSubEntryW
RasDialA
RasDialW
RasDialWow
RasEditPhonebookEntryA
RasEditPhonebookEntryW
RasEnumAutodialAddressesA
RasEnumAutodialAddressesW
RasEnumConnectionsA
RasEnumConnectionsW
RasEnumConnectionsWow
RasEnumDevicesA
RasEnumDevicesW
RasEnumEntriesA
RasEnumEntriesW
RasEnumEntriesWow
RasFreeEapUserIdentityA
RasFreeEapUserIdentityW
RasGetAutodialAddressA
RasGetAutodialAddressW
RasGetAutodialEnableA
RasGetAutodialEnableW
RasGetAutodialParamA
RasGetAutodialParamW
RasGetConnectResponse
RasGetConnectStatusA
RasGetConnectStatusW
RasGetConnectStatusWow
RasGetConnectionStatistics
RasGetCountryInfoA
RasGetCountryInfoW
RasGetCredentialsA
RasGetCredentialsW
RasGetCustomAuthDataA
RasGetCustomAuthDataW
RasGetEapUserDataA
RasGetEapUserDataW
RasGetEapUserIdentityA
RasGetEapUserIdentityW
RasGetEntryDialParamsA
RasGetEntryDialParamsW
RasGetEntryHrasconnA
RasGetEntryHrasconnW
RasGetEntryPropertiesA
RasGetEntryPropertiesW
RasGetErrorStringA
RasGetErrorStringW
RasGetErrorStringWow
RasGetHport
RasGetLinkStatistics
RasGetNapStatus
RasGetProjectionInfoA
RasGetProjectionInfoW
RasGetSubEntryHandleA
RasGetSubEntryHandleW
RasGetSubEntryPropertiesA
RasGetSubEntryPropertiesW
RasHangUpA
RasHangUpW
RasHangUpWow
RasInvokeEapUI
RasIsRouterConnection
RasIsSharedConnection
RasQueryRedialOnLinkFailure
RasQuerySharedAutoDial
RasQuerySharedConnection
RasRenameEntryA
RasRenameEntryW
RasScriptExecute
RasScriptGetEventCode
RasScriptGetIpAddress
RasScriptInit
RasScriptReceive
RasScriptSend
RasScriptTerm
RasSetAutodialAddressA
RasSetAutodialAddressW
RasSetAutodialEnableA
RasSetAutodialEnableW
RasSetAutodialParamA
RasSetAutodialParamW
RasSetCredentialsA
RasSetCredentialsW
RasSetCustomAuthDataA
RasSetCustomAuthDataW
RasSetEapUserDataA
RasSetEapUserDataW
RasSetEntryDialParamsA
RasSetEntryDialParamsW
RasSetEntryPropertiesA
RasSetEntryPropertiesW
RasSetOldPassword
RasSetSharedAutoDial
RasSetSubEntryPropertiesA
RasSetSubEntryPropertiesW
RasValidateEntryNameA
RasValidateEntryNameW
RasfileClose
RasfileDeleteLine
RasfileFindFirstLine
RasfileFindLastLine
RasfileFindMarkedLine
RasfileFindNextKeyLine
RasfileFindNextLine
RasfileFindPrevLine
RasfileFindSectionLine
RasfileGetKeyValueFields
RasfileGetLine
RasfileGetLineMark
RasfileGetLineText
RasfileGetLineType
RasfileGetSectionName
RasfileInsertLine
RasfileLoad
RasfileLoadInfo
RasfilePutKeyValueFields
RasfilePutLineMark
RasfilePutLineText
RasfilePutSectionName
RasfileWrite
SharedAccessResponseListToString
SharedAccessResponseStringToList
UnInitializeRAS

Sections

.text
Size: 215KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a66a6fadb739f0ae999747f7576cb123

Headers

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

ntdll

rasman

rpcrt4

tapi32

user32

Exports

Exports

Sections

.text Size: 215KB - Virtual size: 214KB

.data Size: 1024B - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 11KB - Virtual size: 239KB

.text
Size: 215KB - Virtual size: 214KB

.data
Size: 1024B - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 11KB - Virtual size: 239KB