5e6b868a08c8ddbb51a7931a22fb7203_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5e6b868a08c8ddbb51a7931a22fb7203_JaffaCakes118
Size

421KB
MD5

5e6b868a08c8ddbb51a7931a22fb7203
SHA1

227beaf5c3db8fb98985d517d5bf717bc1c85c05
SHA256

c96ff8194815d8eaa402ded5a71e1446b7f20f5bfaa2da092cfb51e587ec59a1
SHA512

83f015b35fb357674da0ac7110c288a05d5b1403feeae8270fb7b33ad0ed20778d3cba513f6f09bd85e39ae684acc25886cb96252a93c56d53222b7f9ea37d01
SSDEEP

6144:JMMnMMMMMaNWq3LNjvskiNQ0yIXJ1eG4CYbBPt2t0pUN5EoXmEXzJxOc+15+:JMMnMMMMMa9oL5gC6FpUTmc+1M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e6b868a08c8ddbb51a7931a22fb7203_JaffaCakes118

Files

5e6b868a08c8ddbb51a7931a22fb7203_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8713acf047d959302a6120b89ef5381f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msi

MsiDatabaseCommit
MsiConfigureProductA
MsiConfigureFeatureW

samlib

SamConnectWithCreds
SamRemoveMultipleMembersFromAlias
SamTestPrivateFunctionsUser
SamiEncryptPasswords

user32

CallMsgFilterA

ntdll

RtlCreateUserThread
NtQueryObject
RtlEqualSid
RtlQueryRegistryValues
RtlUpcaseUnicodeChar
NtMakePermanentObject
NtQueryDefaultLocale
NtTerminateThread
LdrLoadDll
NtQuerySystemInformation
RtlCompareUnicodeString
RtlEqualUnicodeString
RtlExpandEnvironmentStrings_U
NtCreateDirectoryObject
DbgPrint
DbgBreakPoint
NtResetEvent
RtlFreeSid
NtSetInformationObject
RtlOpenCurrentUser
NtCreateSymbolicLinkObject
NtQueryInformationProcess
NtOpenProcessToken
RtlSetDaclSecurityDescriptor
RtlLeaveCriticalSection
NtOpenThreadToken
NtOpenKey
RtlCreateTagHeap
RtlCreateUnicodeString
RtlAnsiStringToUnicodeString
_snwprintf
NtSetInformationProcess
NtOpenProcess
NtSetEvent
NtCreateSemaphore
NtOpenThread
strstr
NtSetValueKey
RtlCopyLuid
NtMakeTemporaryObject
LdrGetProcedureAddress
_wcsicmp
NtDuplicateObject
NtCreateSection
NtQueryInformationToken
RtlAppendUnicodeStringToString
LdrGetDllHandle
wcscat
wcscpy
wcsncpy
NtQueryValueKey
memmove
RtlEnterCriticalSection
RtlCharToInteger
_wcsnicmp
LdrUnloadDll
RtlCreateSecurityDescriptor
swprintf
RtlInitializeCriticalSectionAndSpinCount
NtQuerySymbolicLinkObject
NtCreateEvent
NtOpenSymbolicLinkObject
NtClose
NtNotifyChangeKey
RtlInitString
RtlInitializeCriticalSection
RtlAllocateAndInitializeSid
RtlCopyUnicodeString
RtlPrefixUnicodeString
wcslen

kernel32

VirtualAlloc

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 141KB - Virtual size: 864KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8713acf047d959302a6120b89ef5381f

Headers

DLL Characteristics

File Characteristics

Imports

msi

samlib

user32

ntdll

kernel32

Sections

.text Size: 1KB - Virtual size: 1KB

.rsrc Size: 192KB - Virtual size: 191KB

.reloc Size: 512B - Virtual size: 64B

.rdata Size: 82KB - Virtual size: 82KB

.data Size: 141KB - Virtual size: 864KB

.idata Size: 2KB - Virtual size: 2KB

.text
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 192KB - Virtual size: 191KB

.reloc
Size: 512B - Virtual size: 64B

.rdata
Size: 82KB - Virtual size: 82KB

.data
Size: 141KB - Virtual size: 864KB

.idata
Size: 2KB - Virtual size: 2KB