4b4a04885974679824e31ca1f0b89622_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4b4a04885974679824e31ca1f0b89622_JaffaCakes118
Size

1.2MB
MD5

4b4a04885974679824e31ca1f0b89622
SHA1

d303a8fe36a245671e94a61a796de8eb28915a3d
SHA256

0bc0e3f4a4c79662c0d1b1fcbb2d50c855b4ddb2ac4cae6239c92811c572b003
SHA512

7600f2fae9b7532af62dc2794b08016c1db9af419c444f562cfcd232731273cedb8b4b43be3e0b17fc3eb56552dc1ffc63707f1de232bac5bd0c88f0d01b5bcb
SSDEEP

24576:YTW/wrnRX2ELfU8I94ny/is5c2cCg+7xvTfYLDRQ2w1E:Y2wrRGEK5/RXPVKRe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b4a04885974679824e31ca1f0b89622_JaffaCakes118

Files

4b4a04885974679824e31ca1f0b89622_JaffaCakes118
.exe windows:5 windows x86 arch:x86

04bf7d7b00ff66f91c985747c5a5be3e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

adsldpc

ADsEncodeBinaryData
ConvertU2TrusteeToSid
ADsHelperGetCurrentRowMessage
LdapReadAttributeFast
LdapModDnS
ReallocADsStr
ADsDecodeBinaryData
ReallocADsMem
LdapValueFree
LdapInitializeSearchPreferences
ADSIExecuteSearch
SchemaAddRef
LdapSearchExtS
LdapCloseObject
MapADSTypeToLDAPType
LdapTypeFreeLdapObjects
ADsSetObjectAttributes
GetDefaultServer
LdapTypeToAdsTypeDNWithBinary
ADSIFreeColumn
LdapTypeCopyConstruct
LdapTypeToAdsTypeCopyConstruct
FreeADsStr
LdapModifyExtS
AllocADsMem
LdapSearchST
UnMarshallLDAPToLDAPSynID
LdapFirstAttribute
LdapRenameExtS
ADSIGetColumn
ReadSecurityDescriptorControlType
ADSIGetFirstRow
ADsGetNextRow
LdapCrackUserDNtoNTLMUser2
IsGCNamespace
LdapTypeBinaryToString
AdsTypeToLdapTypeCopyDNWithBinary
LdapMsgFree
LdapReadAttribute
ADsGetFirstRow
SchemaOpen

kernel32

SystemTimeToFileTime
ReleaseMutex
EnterCriticalSection
GetProcessHeap
lstrcmpA
GetSystemTimes
VirtualAlloc
HeapAlloc
lstrcpyA
WaitForMultipleObjects
ReadFileScatter
OpenMutexA
HeapSize
VirtualFree
ExitProcess
CloseHandle
GetSystemTime
SetFilePointer
WriteFile
InitializeCriticalSection
GetSystemTimeAdjustment
WriteFileEx
HeapDestroy
LeaveCriticalSection
SetFirmwareEnvironmentVariableA
HeapCreate
CreateFileA
GetLastError
GetFirmwareEnvironmentVariableA
ReadFile
ConnectNamedPipe
PeekNamedPipe
CreateMutexA
HeapSetInformation
CreateNamedPipeA
HeapFree

user32

UpdateWindow
EndPaint
GetMessageA
RegisterClassA
SendMessageA
DispatchMessageA
BeginPaint
DefWindowProcA
DestroyWindow
CreateWindowExA
ShowWindow
TranslateMessage

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

04bf7d7b00ff66f91c985747c5a5be3e

Headers

DLL Characteristics

File Characteristics

Imports

adsldpc

kernel32

user32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.data Size: 24KB - Virtual size: 23KB

.rsrc Size: 9KB - Virtual size: 3.0MB

.text
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 24KB - Virtual size: 23KB

.rsrc
Size: 9KB - Virtual size: 3.0MB