4c774f3948c9555338de8e9074e4d3a5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4c774f3948c9555338de8e9074e4d3a5_JaffaCakes118
Size

864KB
MD5

4c774f3948c9555338de8e9074e4d3a5
SHA1

03935b8a6524845b2c8e528acb4dacc8038d8346
SHA256

a29d82681af59082744ca3f9894bb609a111ad03f408522e6f36f1ed16963b14
SHA512

e6fbfa6a6cbe0a04a2d3c808842d0fefb3b842f64a5c339003025b3732292ac3f8aa7d199aa330a47f97fe6c8a9dd8a1834cae0bfa5eefdf741a4bde91934f79
SSDEEP

24576:FKwthxDlfTOp0s7BByV2i5Bw+ksmF8qJE:FdhxZfW0s7yY9F+n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c774f3948c9555338de8e9074e4d3a5_JaffaCakes118

Files

4c774f3948c9555338de8e9074e4d3a5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b69da9f2ec76c770388feac63575e810

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSVirtualChannelRead
WTSLogoffSession
WTSQueryUserConfigA
WTSDisconnectSession
WTSVirtualChannelPurgeInput
WTSFreeMemory
WTSCloseServer
WTSEnumerateSessionsA
WTSVirtualChannelQuery
WTSSetUserConfigW
WTSEnumerateProcessesW
WTSEnumerateSessionsW
WTSQueryUserToken
WTSSetUserConfigA
WTSWaitSystemEvent
WTSVirtualChannelOpen
WTSEnumerateServersW
WTSSetSessionInformationW
WTSVirtualChannelWrite
WTSQuerySessionInformationW
WTSSendMessageW
WTSTerminateProcess
WTSSetSessionInformationA
WTSEnumerateServersA
WTSOpenServerA
WTSUnRegisterSessionNotification
WTSRegisterSessionNotification
WTSQueryUserConfigW
WTSVirtualChannelPurgeOutput
WTSVirtualChannelClose
WTSQuerySessionInformationA
WTSEnumerateProcessesA
WTSOpenServerW
WTSSendMessageA
WTSShutdownSystem

crtdll

clock
_mbsdec
??3@YAXPAX@Z
strerror
mktime
_dup
_mbsstr
towlower
pow
_ismbblead
_mbstok
cos
__pxcptinfoptrs
_endthread
_strnextc
_putw
wcstok
_fputwchar
modf
_mbscspn
_creat
gets
wctomb
_ultoa
atexit
longjmp

wldap32

ldap_result2error
ldap_bindA
ldap_search_init_pageA
ldap_start_tls_sA
ldap_memfreeW
ber_free
ldap_unbind
ber_alloc_t
ldap_start_tls_sW
ldap_next_attribute
ldap_parse_extended_resultW
ldap_count_valuesA
ldap_initW
ldap_search_stW
ldap_memfreeA
ldap_search_ext_s
ldap_get_values_lenW
ldap_compare_ext_s
ldap_extended_operationA
ldap_create_vlv_controlW
ldap_rename_ext
ldap_create_sort_controlA
ldap_get_values_lenA
ldap_add_extA
ldap_encode_sort_controlW
ldap_value_free
ldap_abandon
ldap_err2stringA
ldap_modrdn2_sW
ber_first_element
ldap_initA
ldap_get_next_page
ldap_parse_vlv_controlW
ldap_delete_ext
ldap_rename_ext_s
ldap_err2stringW
ldap_modify_sW
ldap_control_freeW
ldap_create_page_control
ldap_addA

odbctrac

TraceSQLGetDiagRecW
FireVSDebugEvent
TraceSQLSetConnectOption
TraceSQLGetConnectAttrW
TraceSQLDriverConnectW
TraceSQLExecDirect
TraceSQLPutData
TraceSQLDriverConnect
TraceSQLFetch
TraceSQLTablePrivileges
TraceSQLExecute
TraceSQLStatistics
TraceSQLAllocHandleStd
TraceSQLNativeSqlW
TraceSQLMoreResults
TraceSQLGetConnectOptionW
TraceSQLFreeEnv
TraceSQLSetPos
TraceSQLSetScrollOptions
TraceSQLNumParams
TraceSQLColumnPrivilegesW
TraceSQLGetCursorName
TraceSQLEndTran
TraceSQLDrivers
TraceSQLSpecialColumns
TraceSQLExecDirectW
TraceSQLGetInfoW
TraceSQLTablesW
TraceSQLForeignKeys
TraceSQLSetConnectOptionW
TraceSQLAllocHandleStdW

msvcrt

__getmainargs
__set_app_type
__p__commode
exit

lz32

LZOpenFileW
LZCreateFileW
LZClose
LZStart
LZSeek
GetExpandedNameW
LZCopy
CopyLZFile
LZCloseFile
LZDone
GetExpandedNameA
LZRead
LZInit
LZOpenFileA

kernel32

BuildCommDCBA
CreateHardLinkW
TerminateThread
GetAtomNameW
GetConsoleAliasW
SetConsoleScreenBufferSize
FoldStringW
CreateTapePartition
ConnectNamedPipe
CompareStringW
LCMapStringA
LZCreateFileW
VirtualQueryEx
SearchPathW
PrivMoveFileIdentityW
SetCommMask
CreateSemaphoreW
WriteConsoleOutputW
VirtualAlloc
EnterCriticalSection
WriteConsoleInputVDMA
GetSystemDefaultUILanguage
GetUserGeoID
Toolhelp32ReadProcessMemory
WriteConsoleInputW
TerminateJobObject
GetVDMCurrentDirectories
MapViewOfFileEx
GetConsoleAliasExesW
LoadModule
LoadLibraryA
GetFileInformationByHandle
GetCurrentActCtx
EndUpdateResourceA
WriteFile
FindResourceExW
LeaveCriticalSection
LoadLibraryExA
CreateDirectoryExW
EnumDateFormatsA
IsValidLocale

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 609KB - Virtual size: 609KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 90KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b69da9f2ec76c770388feac63575e810

Headers

DLL Characteristics

File Characteristics

Imports

wtsapi32

crtdll

wldap32

odbctrac

msvcrt

lz32

kernel32

Sections

.text Size: 162KB - Virtual size: 162KB

.rdata Size: 609KB - Virtual size: 609KB

.data Size: 90KB - Virtual size: 1.5MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 162KB - Virtual size: 162KB

.rdata
Size: 609KB - Virtual size: 609KB

.data
Size: 90KB - Virtual size: 1.5MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B