64b7c46f27156037e50ffe7e323dc3d1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

64b7c46f27156037e50ffe7e323dc3d1_JaffaCakes118
Size

85KB
MD5

64b7c46f27156037e50ffe7e323dc3d1
SHA1

3dd22a8adfba46d61efb5d4c4f3c33b043e0dc8f
SHA256

d849a356b8010fca3b4c4f810dccf77f8e17e088ee79d9b676fc89efe33ec967
SHA512

64031730771c81c8deb264083995496cdcbf8646d0ad0c2d0f98d517c1b076c456101eb8d8039cf2baf7922ce42f27beeff3fae63efdf90c35c7c14b11e5813b
SSDEEP

1536:fBWyAkiJ5MOl09N+HEw5XgBHaHSmhb+EJWdeYAYgJgZD5f+KY:E/5b0nS5SKSIb+AqnrNtY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64b7c46f27156037e50ffe7e323dc3d1_JaffaCakes118

Files

64b7c46f27156037e50ffe7e323dc3d1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4ac445329b514386a9ab2c0747d37c87

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wldap32

ldap_bind_s
ber_next_element
ldap_searchW
ldap_get_next_page_s
ldap_memfreeW
ldap_bindA
ldap_get_next_page
ldap_search_ext
ldap_search_stA
ldap_get_values
ber_peek_tag
ldap_create_page_controlW
ldap_bind_sA
ldap_simple_bind_sA
ldap_ufn2dnA
ldap_get_dnW
ldap_stop_tls_s
ldap_simple_bind_s
ldap_delete_sW
ldap_create_page_control
ldap_rename_ext_sW

tcpmonui

??0CTcpMibABC@@QAE@XZ
??4CTcpMibABC@@QAEAAV0@ABV0@@Z
LocalAddPortUI
??0CPortABC@@QAE@XZ
??_7CPortABC@@6B@
??_7CTcpMibABC@@6B@
?Read@CPortABC@@UAEKQAXPAEKPAK@Z
InitializePrintMonitorUI
??4CPortABC@@QAEAAV0@ABV0@@Z
??1CTcpMibABC@@UAE@XZ
??1CPortABC@@UAE@XZ
LocalConfigurePortUI
??0CTcpMibABC@@QAE@ABV0@@Z

msvcrt20

_wchmod
_fileno
_seterrormode
_waccess
_flsbuf
_vsnprintf
_ftol
??1istream_withassign@@UAE@XZ
strtok
abs
_setmbcp
_iob
tolower
_ismbcsymbol
_fpieee_flt

kernel32

GetSystemTimeAsFileTime
SetTapeParameters
QueryPerformanceCounter
IsDebuggerPresent
DeviceIoControl
GetStartupInfoA
LoadLibraryA
GetFileSize
lstrcpyn
WriteConsoleW
EnumResourceTypesW
DosPathToSessionPathA
HeapCreate
GetCurrentProcessId
VirtualProtect
lstrcmp
GetCurrentThreadId
VerLanguageNameA
SleepEx
GetTickCount
SetConsoleTitleW
GetThreadTimes
GlobalFindAtomW
GlobalFlags
FreeLibraryAndExitThread
VirtualAlloc
DeleteFiber
MapViewOfFile
GetExpandedNameW
EnumSystemLanguageGroupsA
GetTimeFormatW
GetLastError
GetComputerNameA
GetTapeParameters

glmf32

glsNumuiv
glsReadFunc
glsNumfv
glsUTF8toUCS2z
glsUCS4toUTF8
glsGetError
glsIsContext
glsGetContextubz
glsGetAllContexts
glsBeginGLS
glsUnsupportedCommand
glsNumlv
glsGetContextFunc
glsGetStreamSize

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ac445329b514386a9ab2c0747d37c87

Headers

DLL Characteristics

File Characteristics

Imports

wldap32

tcpmonui

msvcrt20

kernel32

glmf32

Sections

.text Size: 34KB - Virtual size: 34KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 19KB - Virtual size: 81KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 332B

.text
Size: 34KB - Virtual size: 34KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 19KB - Virtual size: 81KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 332B