5e7e2646c4bd4d3aeccb5904c4127d22_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5e7e2646c4bd4d3aeccb5904c4127d22_JaffaCakes118
Size

869KB
MD5

5e7e2646c4bd4d3aeccb5904c4127d22
SHA1

af2dffdfa0d04d17112bb123e0838d757742403f
SHA256

c396898c11e03848fab7e2e6e73f031a891bd4e63861bfa809057a3fb8e9a14c
SHA512

c734c3c69e6dc82c523416c070cae1a589f85bf24dec642f2b4647fcbd02c14e30131ffef1d2e1d9832f94e8e155d0c8ff92888584424d4e83f965fce4c41b93
SSDEEP

12288:ZTd8t+n7DLqRwEr9uTZFUolwtWMMxFnGk3MTwstTaSr3SLY2auOoohCoM7:ldhHLpE8t5lDBXk9aMiLYJJoohtM7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e7e2646c4bd4d3aeccb5904c4127d22_JaffaCakes118

Files

5e7e2646c4bd4d3aeccb5904c4127d22_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6255e7e253a29c14029731202b9fef3f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AccessCheckAndAuditAlarmA
WmiNotificationRegistrationW
CommandLineFromMsiDescriptor
BuildTrusteeWithObjectsAndSidW
GetAclInformation
SaferCreateLevel
GetSidSubAuthorityCount
GetUserNameW
AddAccessDeniedAce
RegOpenUserClassesRoot
SystemFunction018
ConvertSidToStringSidW
SystemFunction025
ConvertToAutoInheritPrivateObjectSecurity
SaferiPopulateDefaultsInRegistry
GetTraceEnableFlags
RegisterTraceGuidsA
QueryAllTracesA
FileEncryptionStatusA
CredReadDomainCredentialsA
GetTraceLoggerHandle
SystemFunction002
ElfReportEventA
GetMultipleTrusteeOperationW
CredWriteA
QueryAllTracesW
CredUnmarshalCredentialW
OpenProcessToken
CreatePrivateObjectSecurityEx
RegisterTraceGuidsW
I_ScPnPGetServiceName
OpenTraceW
RegQueryMultipleValuesA
RegCloseKey
CreatePrivateObjectSecurityWithMultipleInheritance
CryptGenKey
EncryptedFileKeyInfo
UpdateTraceA
EncryptFileW

wldap32

ldap_get_next_page_s
ldap_cleanup
ldap_modify_ext_sW
ldap_modify_sA
ldap_escape_filter_element
ldap_value_freeW
ldap_count_references
ldap_search_extA
ldap_set_optionW
ldap_count_values
ldap_value_free_len
ldap_first_attribute
ldap_modrdnA
ldap_delete_ext_s
ldap_rename_ext_s
ldap_conn_from_msg
ldap_delete_extA
ber_bvdup
ldap_modrdn2_sA
ldap_create_sort_controlW
ldap_modify_extA
ldap_parse_page_controlW
ldap_extended_operationA
ldap_bind_sA
LdapGetLastError
ldap_modrdn_s
LdapUnicodeToUTF8
ldap_controls_free
ldap_control_freeA
ldap_create_vlv_controlW
ldap_bind_s
ldap_close_extended_op
ldap_modrdn2_s
ldap_modify_extW
ldap_add_s
ldap_extended_operation_sA

mmcbase

?InternalLastRefReleased@CMMCStrongReferences@@AAE_NXZ
??0CEventBuffer@@QAE@XZ
??8SC@mmcerror@@QBE_NJ@Z
??4SC@mmcerror@@QAEAAV01@J@Z
?GetComObjectEventSource@@YGAAV?$CEventSource@VCComObjectObserver@@VCVoid@@V2@V2@V2@@@XZ
?FormatErrorIds@@YGXIVSC@mmcerror@@IPAG@Z
?ToHr@SC@mmcerror@@QBEJXZ
?GetSingletonObject@CMMCStrongReferences@@CGAAV1@XZ
?SCODEFromSc@@YGJABVSC@mmcerror@@@Z
?Lock@CEventBuffer@@QAEXXZ
?FormatErrorString@@YGXPBGVSC@mmcerror@@IPAGH@Z
??0SC@mmcerror@@QAE@J@Z
?GetErrorMessage@SC@mmcerror@@QBEXIPAG@Z
?ScFlushPostponed@CEventBuffer@@AAE?AVSC@mmcerror@@XZ
??1?$CEventLock@UAppEvents@@@@QAE@XZ
?GetFacility@SC@mmcerror@@ABE?AW4facility_type@12@XZ
??9SC@mmcerror@@QBE_NJ@Z
??0?$CEventLock@UAppEvents@@@@QAE@XZ
?Release@CMMCStrongReferences@@SGKXZ
?FromLastError@SC@mmcerror@@QAEAAV12@XZ
?SetHinst@SC@mmcerror@@SGXPAUHINSTANCE__@@@Z
?s_hInst@SC@mmcerror@@0PAUHINSTANCE__@@A
?TraceAndClear@SC@mmcerror@@QAEXXZ
?FromWin32@SC@mmcerror@@QAEAAV12@J@Z
?MMCErrorBox@@YGHPBGVSC@mmcerror@@I@Z
?MMCUpdateRegistry@@YGJHPBVCObjectRegParams@@PBVCControlRegParams@@@Z
?IsLocked@CEventBuffer@@QAE_NXZ
?SetMainThreadID@SC@mmcerror@@SGXK@Z
?AddRef@CMMCStrongReferences@@SGKXZ
?LastRefReleased@CMMCStrongReferences@@SG_NXZ
?FatalError@SC@mmcerror@@QBEXXZ
?MMCErrorBox@@YGHPBGI@Z
?FromMMC@SC@mmcerror@@QAEAAV12@J@Z
?s_pDispatcher@CConsoleEventDispatcherProvider@@0PAVCConsoleEventDispatcher@@A
??4CMMCStrongReferences@@QAEAAV0@ABV0@@Z
?MMCErrorBox@@YGHVSC@mmcerror@@I@Z
?MMCErrorBox@@YGHII@Z

kernel32

GetNumberOfConsoleMouseButtons
ReadConsoleW
HeapDestroy
WaitCommEvent
CreateIoCompletionPort
CreateActCtxA
EndUpdateResourceW
GetCurrentThread
GetStartupInfoA
GlobalAddAtomW
InvalidateConsoleDIBits
SetConsoleMaximumWindowSize
ReadConsoleOutputAttribute
GetPrivateProfileSectionA
GetEnvironmentStringsA
TransactNamedPipe
LoadLibraryA
FlushInstructionCache
GetVolumePathNamesForVolumeNameW
GetCalendarInfoW
FindResourceExA
IsSystemResumeAutomatic
GetFullPathNameA
FreeLibrary
EnumTimeFormatsW
SetConsoleCtrlHandler
VirtualProtectEx
lstrcmpiW
HeapCreate
SetCriticalSectionSpinCount
VirtualAlloc
GlobalLock

netapi32

I_NetServerPasswordSet2
NetServerDiskEnum
NlBindingAddServerToCache
DsDeregisterDnsHostRecordsW
DsAddressToSiteNamesA
NetGetAnyDCName
NetDfsAddFtRoot
NetGroupAdd
NetDfsGetClientInfo
DsGetSiteNameW
NetUserEnum
NetShareEnum
NetServerEnum
NetApiBufferAllocate
DsRoleCancel
NetpHexDump
NetApiBufferFree
I_NetServerTrustPasswordsGet
NetReplExportDirGetInfo
NetServerTransportDel
RxNetAccessDel
DsGetDcOpenW
NetFileClose
I_NetLogonSendToSam
NetSessionDel
I_BrowserServerEnum
NetUseAdd

dhcpcsvc

DhcpStaticRefreshParams
DhcpCApiInitialize
DhcpCApiCleanup
DhcpRenewIpAddressLeaseEx
McastApiCleanup
McastApiStartup
DhcpRenewIpAddressLease
DhcpFallbackRefreshParams
McastGenUID
DhcpRequestOptions
McastRequestAddress
DhcpRequestParams
DhcpDeRegisterOptions
DhcpDeRegisterParamChange
DhcpLeaseIpAddressEx
McastReleaseAddress
DhcpAcquireParametersByBroadcast
DhcpPersistentRequestParams
McastRenewAddress
DhcpRemoveDNSRegistrations
McastEnumerateScopes
DhcpUndoRequestParams
DhcpHandlePnPEvent
DhcpRegisterOptions
DhcpNotifyConfigChangeEx
DhcpOpenGlobalEvent
DhcpNotifyConfigChange
DhcpLeaseIpAddress
DhcpReleaseParameters
DhcpAcquireParameters
DhcpReleaseIpAddressLease
DhcpRegisterParamChange

Sections

.text
Size: 208KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 446KB - Virtual size: 448KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6255e7e253a29c14029731202b9fef3f

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

wldap32

mmcbase

kernel32

netapi32

dhcpcsvc

Sections

.text Size: 208KB - Virtual size: 212KB

.rdata Size: 212KB - Virtual size: 216KB

.data Size: 512B - Virtual size: 1.9MB

.rsrc Size: 446KB - Virtual size: 448KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 208KB - Virtual size: 212KB

.rdata
Size: 212KB - Virtual size: 216KB

.data
Size: 512B - Virtual size: 1.9MB

.rsrc
Size: 446KB - Virtual size: 448KB

.reloc
Size: 1024B - Virtual size: 4KB