5fa39529d379f24eae982d53c02ebe72_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5fa39529d379f24eae982d53c02ebe72_JaffaCakes118
Size

422KB
MD5

5fa39529d379f24eae982d53c02ebe72
SHA1

76314faf2095d7a40e79c723c55f971fb5572e7f
SHA256

553d8cd572c78a177c52dbc23c66832578877ea485b67223f6bab43a67685e0c
SHA512

82ecae3e5bd19b1f578c5ee63e340a056f63972d8d3fa28b1ca88e402c78c084928930dbb93997f0f2d9ad554b23a8a92fe139ef7b7a677ba7f45d010c91540d
SSDEEP

12288:ljbMMnMMMMM6Urx6plaMobWG6kOBhcboRh9cCcuRyaVIcO1r:lXMMnMMMMM6UNSWbJrOHNNcmyUIcE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5fa39529d379f24eae982d53c02ebe72_JaffaCakes118

Files

5fa39529d379f24eae982d53c02ebe72_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4d45d1b9ad391b44665070d4f835f54e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msi

MsiConfigureFeatureW
MsiCollectUserInfoW
MsiDatabaseCommit

user32

CallMsgFilterA

ntdll

RtlCompareUnicodeString
NtCreateDirectoryObject
NtOpenProcess
DbgBreakPoint
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
RtlLeaveCriticalSection
wcscat
RtlEqualUnicodeString
RtlSetDaclSecurityDescriptor
NtClose
RtlUpcaseUnicodeChar
NtQuerySystemInformation
RtlInitializeCriticalSectionAndSpinCount
NtNotifyChangeKey
_wcsicmp
NtQueryDefaultLocale
NtMakePermanentObject
LdrLoadDll
RtlInitializeCriticalSection
RtlPrefixUnicodeString
RtlEnterCriticalSection
NtQueryObject
NtSetEvent
NtCreateSection
strstr
NtCreateSymbolicLinkObject
RtlAllocateAndInitializeSid
wcscpy
NtTerminateThread
RtlEqualSid
NtQueryInformationToken
NtSetInformationObject
RtlInitString
NtOpenThread
LdrUnloadDll
wcsncpy
NtMakeTemporaryObject
wcslen
memmove
NtSetValueKey
RtlCreateUserThread
NtCreateSemaphore
LdrGetProcedureAddress
NtSetInformationProcess
RtlOpenCurrentUser
RtlCreateTagHeap
NtCreateEvent
RtlExpandEnvironmentStrings_U
NtQueryValueKey
RtlQueryRegistryValues
LdrGetDllHandle
DbgPrint
RtlCreateUnicodeString
RtlCreateSecurityDescriptor
RtlAppendUnicodeStringToString
NtOpenKey
NtDuplicateObject
NtQueryInformationProcess
RtlCopyUnicodeString
RtlCharToInteger
NtOpenThreadToken
RtlCopyLuid
swprintf
_snwprintf
_wcsnicmp
RtlFreeSid
NtResetEvent
RtlAnsiStringToUnicodeString
NtOpenProcessToken

samlib

SamConnectWithCreds
SamiEncryptPasswords
SamTestPrivateFunctionsUser
SamRemoveMultipleMembersFromAlias

kernel32

VirtualAlloc

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 872KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 349KB - Virtual size: 349KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d45d1b9ad391b44665070d4f835f54e

Headers

DLL Characteristics

File Characteristics

Imports

msi

user32

ntdll

samlib

kernel32

Sections

.text Size: 1KB - Virtual size: 1KB

.data Size: 12KB - Virtual size: 872KB

.idata Size: 2KB - Virtual size: 2KB

.rsrc Size: 349KB - Virtual size: 349KB

.rdata Size: 55KB - Virtual size: 55KB

.reloc Size: 512B - Virtual size: 64B

.text
Size: 1KB - Virtual size: 1KB

.data
Size: 12KB - Virtual size: 872KB

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 349KB - Virtual size: 349KB

.rdata
Size: 55KB - Virtual size: 55KB

.reloc
Size: 512B - Virtual size: 64B