5c8d909588b3c889a2527c464cce3fa8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5c8d909588b3c889a2527c464cce3fa8_JaffaCakes118
Size

323KB
MD5

5c8d909588b3c889a2527c464cce3fa8
SHA1

76d9a58f9aecb0bc72300a236a2bbbae3dbacc70
SHA256

3dce13b39a38489ffb9ecf22af14c9a7852cd934d438cf8ce028e5721e717afe
SHA512

f52a680274c45d993ec38f26555dd6a3adb47520ff9ce0b30fe900d4e132ce6502a1676b5e1fa9864a20111eec6130143c56b656d22de6c0a513d1a2bbddb35f
SSDEEP

6144:D0UlfSVBLdibDkohPCyYNMNLXUOnbxet2Fgj:DhQdYhhku/bxS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c8d909588b3c889a2527c464cce3fa8_JaffaCakes118

Files

5c8d909588b3c889a2527c464cce3fa8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

898120c4b60f22f83f9b5eb0b1631464

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

dnsrslvr.pdb

Imports

msvcrt

_except_handler3
??2@YAPAXI@Z
free
_initterm
malloc
??3@YAXPAX@Z
_wcsicmp
wcslen
_vsnwprintf
rand
wcspbrk
memmove
wcsspn
wcstoul
_itow
wcsrchr
setlocale
wcsncmp
wcsstr
wcsncpy
_purecall
wcscmp
_adjust_fdiv
wcstombs
mbstowcs
iswctype
wcschr
_wcsnicmp

user32

RegisterClipboardFormatW
DestroyWindow
DestroyMenu
TrackPopupMenu
SetFocus
SetForegroundWindow
GetSubMenu
LoadMenuW
GetForegroundWindow
CreateWindowExW
MessageBeep
SetCursor
LoadCursorW
MessageBoxW
GetKeyState
GetSystemMetrics
EnableWindow
GetDlgItem
EndDialog
LoadStringW
CheckDlgButton
SendDlgItemMessageW
GetDlgItemTextW
IsDlgButtonChecked
GetWindowLongW
SetWindowLongW
PostMessageW
GetClassNameW
EnumChildWindows
DefWindowProcW
RegisterClassW
GetClassInfoW
SendMessageW
DialogBoxParamW
CheckMenuItem
SetMenuItemInfoW
EnableMenuItem
WinHelpW
RemoveMenu
SetDlgItemTextW
GetMenuItemID
GetMenuItemInfoW
GetMenuItemCount
SetMenuDefaultItem
LoadImageW
DestroyIcon
GetWindowThreadProcessId
GetWindow
FindWindowW
SwitchToThisWindow
GetLastActivePopup
ShowWindow
SetWindowTextW
InvalidateRect
SystemParametersInfoW
ValidateRect
GetDC
ReleaseDC
GetClientRect
GetWindowTextW
RegisterWindowMessageW
EnumWindows
IsWindow
CheckRadioButton
GetDlgItemInt
MapWindowPoints
KillTimer
SetTimer
GetParent
GetWindowTextLengthW
GetWindowRect
SetWindowPos

ntdsapi

DsMakeSpnW

ole32

CoGetCallContext
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
OleUninitialize
OleInitialize
ReleaseStgMedium
OleSetClipboard
OleGetClipboard

secur32

GetUserNameExW

advapi32

ImpersonateSelf
RevertToSelf
GetFileSecurityW
AccessCheck
FreeSid
LookupAccountSidW
AllocateAndInitializeSid
RegDeleteKeyW
RegCloseKey
RegQueryValueExW
RegEnumKeyExW
GetSecurityInfo
SetEntriesInAclW
SetSecurityInfo
RegOpenKeyExW
RegSetValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTokenInformation
SetSecurityDescriptorOwner
ControlService
StartServiceW
QueryServiceStatus
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegConnectRegistryW
GetUserNameW
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
CheckTokenMembership

shell32

SHChangeNotify
SHGetPathFromIDListW
SHFileOperationW
DragQueryFileW
ShellExecuteW
SHExtractIconsW
SHGetFolderPathW

comctl32

ImageList_Remove
InitCommonControlsEx
ImageList_Destroy
ImageList_SetOverlayImage
ImageList_AddMasked
ImageList_Create
ImageList_GetIcon
ImageList_ReplaceIcon
PropertySheetW
CreatePropertySheetPageW
DestroyPropertySheetPage

kernel32

CancelWaitableTimer
DeleteFileW
CreateWaitableTimerW
SetWaitableTimer
Sleep
lstrcmpiW
lstrcpynW
FormatMessageW
FreeLibrary
LoadLibraryExA
GetFileAttributesW
GetVersionExW
IsBadStringPtrW
SetCurrentDirectoryW
LoadLibraryA
SetFileTime
MulDiv
FindResourceW
LoadResource
CreateDirectoryW
SetFileAttributesW
LockResource
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
OpenProcess
LocalFree
CreateFileW
WriteFile
CloseHandle
DuplicateHandle
GetCurrentDirectoryW
WideCharToMultiByte
lstrcmpA
CreateThread
ExitThread
GetFileTime
GlobalLock
GlobalUnlock
lstrcmpW
CompareStringW
GlobalAlloc
GlobalReAlloc
GlobalFree
EnterCriticalSection
LeaveCriticalSection
FindNextFileW
InitializeCriticalSection
DeleteCriticalSection
LocalReAlloc
FileTimeToSystemTime
SetFilePointer
SetEndOfFile
GetFileType
GetFileSize
ReadFile
GetSystemTime
GetLocalTime
SystemTimeToFileTime
CompareFileTime
InterlockedDecrement
InterlockedIncrement
SearchPathW
GetFullPathNameW
FindFirstFileW
FindClose
GetComputerNameW
GetComputerNameExW
GetDriveTypeW
LocalAlloc
lstrlenW
ExpandEnvironmentStringsW
LoadLibraryW
GetVolumeInformationW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetLastError
DisableThreadLibraryCalls
GetCurrentThread
GetModuleHandleA
GetLocaleInfoW
GetUserDefaultUILanguage
GetDateFormatW
GetProcAddress
IsBadWritePtr
GetUserDefaultLCID
GetTimeFormatW
GetEnvironmentVariableW

rpcrt4

RpcBindingFromStringBindingW
RpcBindingFree
RpcStringFreeW
RpcStringBindingComposeW
RpcEpResolveBinding
RpcBindingSetAuthInfoExW
NdrClientCall2
UuidCreate

gdi32

GetStockObject
DeleteDC
SelectObject
BitBlt
CreateFontIndirectW
GetDeviceCaps
CreateCompatibleDC
GetObjectW
DeleteObject
CreatePalette
CreateDIBitmap
RealizePalette
SelectPalette

comdlg32

CommDlgExtendedError
GetOpenFileNameW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

mpr

WNetGetResourceInformationW
WNetGetConnectionW
WNetGetNetworkInformationW

userenv

UnloadUserProfile

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 242KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

898120c4b60f22f83f9b5eb0b1631464

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

user32

ntdsapi

ole32

secur32

advapi32

shell32

comctl32

kernel32

rpcrt4

gdi32

comdlg32

version

mpr

userenv

Sections

.text Size: 40KB - Virtual size: 39KB

.data Size: 242KB - Virtual size: 245KB

.rsrc Size: 33KB - Virtual size: 32KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 40KB - Virtual size: 39KB

.data
Size: 242KB - Virtual size: 245KB

.rsrc
Size: 33KB - Virtual size: 32KB

.reloc
Size: 6KB - Virtual size: 6KB