69253fe834b359d0c121ebd7067ca729_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

69253fe834b359d0c121ebd7067ca729_JaffaCakes118
Size

863KB
MD5

69253fe834b359d0c121ebd7067ca729
SHA1

56415df0ee6665cbcd07f90f975ba0af442611b8
SHA256

ef4e6f9c20f71b6e14ccc4572651537eeaf68e439ae9c85cba72b144110720bd
SHA512

52e620bd08ed3e8da64c311a8b336b18dcf70ee6b9c1f0a8aa71f2c87bcba38943c38b1c7b0261be108ddc519c20f69ec219408539a53c783bcbeaf9133b3616
SSDEEP

24576:KovWMQQUFZOVeHZkwzObv9pfJl+5F9j6YwNA+:YMQdF4wHZkw+9pf7+7YYr+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
69253fe834b359d0c121ebd7067ca729_JaffaCakes118

Files

69253fe834b359d0c121ebd7067ca729_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2cace4885a4819a1f3049771a8f86552

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wldap32

ldap_memfreeA
ldap_create_sort_controlW
ldap_modify_extA
ldap_msgfree
ldap_sasl_bindW
ldap_search_stW
ldap_first_attributeA
ldap_search_sA
ldap_parse_resultA
ldap_compare_ext_sW
ldap_encode_sort_controlA
ldap_init
ldap_compare_sW
ldap_get_valuesA
ldap_ufn2dn
ldap_err2stringW
ldap_parse_vlv_controlW
ldap_value_freeW
ldap_modify_ext_s
ldap_dn2ufnW
ber_init
cldap_open
ldap_parse_referenceW
ber_next_element
ldap_set_option

ufat

?QueryLongName@FATDIR@@QAEEJPAVWSTRING@@@Z
?Index12@FAT@@ABEKK@Z
??1CLUSTER_CHAIN@@UAE@XZ
??0CLUSTER_CHAIN@@QAE@XZ
?Initialize@REAL_FAT_SA@@UAEEPAVLOG_IO_DP_DRIVE@@PAVMESSAGE@@E@Z
?QueryEaSetClusterNumber@EA_HEADER@@QBEGG@Z
FormatEx
??0EA_HEADER@@QAE@XZ
?Initialize@FAT_DIRENT@@QAEEPAXE@Z
?Write@CLUSTER_CHAIN@@UAEEXZ
??0EA_SET@@QAE@XZ
Chkdsk
?Initialize@EA_SET@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z
?InitFATChkDirty@REAL_FAT_SA@@QAEEPAVLOG_IO_DP_DRIVE@@PAVMESSAGE@@@Z
??1REAL_FAT_SA@@UAE@XZ
?QueryName@FAT_DIRENT@@QBEEPAVWSTRING@@@Z
??1EA_SET@@UAE@XZ
?QueryNthCluster@FAT@@QBEKKK@Z
?Set12@FAT@@AAEXKK@Z
??0FAT_SA@@QAE@XZ
Recover
?IsValidCreationTime@FAT_DIRENT@@QBEEXZ
?QueryAllocatedClusters@FAT@@QBEKXZ
?Read@REAL_FAT_SA@@UAEEPAVMESSAGE@@@Z
??1ROOTDIR@@UAE@XZ
?QueryFreeSectors@REAL_FAT_SA@@QBEKXZ
??1FAT_SA@@UAE@XZ
?Read@CLUSTER_CHAIN@@UAEEXZ
?Initialize@FAT_DIRENT@@QAEEPAX@Z
?QueryCreationTime@FAT_DIRENT@@QBEEPAT_LARGE_INTEGER@@@Z
?QueryCensusAndRelocate@FAT_SA@@QAEEPAU_CENSUS_REPORT@@PAVINTSTACK@@PAE@Z
?Initialize@EA_HEADER@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z
?SearchForDirEntry@FATDIR@@QAEPAXPBVWSTRING@@@Z
??0REAL_FAT_SA@@QAE@XZ
??1FILEDIR@@UAE@XZ
?FreeChain@FAT@@QAEXK@Z
?QueryLastAccessTime@FAT_DIRENT@@QBEEPAT_LARGE_INTEGER@@@Z
??1FAT_DIRENT@@UAE@XZ
??0FAT_DIRENT@@QAE@XZ
??0FILEDIR@@QAE@XZ
?IsValidLastAccessTime@FAT_DIRENT@@QBEEXZ
ChkdskEx
?Initialize@CLUSTER_CHAIN@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z
?AllocChain@FAT@@QAEKKPAK@Z
?QueryLastWriteTime@FAT_DIRENT@@QBEEPAT_LARGE_INTEGER@@@Z

kernel32

EnumResourceNamesA
GetSystemPowerStatus
GetCurrentThreadId
GetCurrentThread
FindResourceExA
GetDateFormatA
GlobalUnlock
RequestWakeupLatency
lstrcmpW
GetNamedPipeHandleStateA
LocalReAlloc
lstrcmpA
GetEnvironmentStringsA
SuspendThread
WriteConsoleA
VDMConsoleOperation
SetFileTime
ChangeTimerQueueTimer
SwitchToThread
GetCurrentActCtx
GetConsoleAliasesLengthA
IsValidLanguageGroup
SetFileAttributesW
GetNamedPipeHandleStateW
GetConsoleAliasesW
GetComputerNameExA
CancelTimerQueueTimer
GlobalFindAtomW
GetCompressedFileSizeW
PrivMoveFileIdentityW
FatalAppExitW
SetLastError
GlobalAlloc
Thread32First
VirtualAlloc
SetConsoleNumberOfCommandsA
SetDefaultCommConfigA
UnregisterWait
GetACP
SetCommBreak
CreateHardLinkW
GetEnvironmentVariableW
LoadLibraryA
GetWindowsDirectoryA
GetCommMask
RtlZeroMemory

dnsapi

Dns_GetRandomXid
DnsRecordListFree
DnsExtractRecordsFromMessage_UTF8
DnsNameCompareEx_A
NetInfo_ResetServerPriorities
DnsCreateStandardDnsNameCopy
DnsWriteQuestionToBuffer_W
DnsRemoveRegistrations
Dns_WriteDottedNameToPacket
GetCurrentTimeInSeconds
DnsRecordSetCopyEx
DnsNotifyResolverClusterIp
DnsCreateStringCopy
DnsFindAuthoritativeZone
DnsModifyRecordsInSet_W
Dns_AddRecordsToMessage
Dns_WriteRecordStructureToPacketEx
Dns_UpdateLibEx
DnsUpdateTest_UTF8
DnsNameCompare_A
DnsGetCacheDataTable
DnsRecordStringForWritableType
DnsUnicodeToUtf8
Dns_SkipToRecord
DnsRecordSetCompare
Dns_InitializeWinsock
DnsQueryExW
Dns_UpdateLib
DnsQuery_UTF8
Dns_ParseMessage
DnsReleaseContextHandle
DnsModifyRecordsInSet_A
Dns_SendEx
Dns_ReadPacketNameAllocate
DnsRecordTypeForName
DnsAcquireContextHandle_W
DnsFlushResolverCacheEntry_W
DnsQueryConfigDword
DnsIsStatusRcode
NetInfo_Free
DnsFlushResolverCacheEntry_UTF8
DnsRecordCompare
DnsRecordCopyEx
Dns_PingAdapterServers

imagehlp

ImageGetCertificateHeader
SplitSymbols
BindImageEx
GetImageConfigInformation
SymRegisterFunctionEntryCallback
SymUnDName
MapDebugInformation
ImageGetDigestStream
SearchTreeForFile
SymFromName
SymGetSymFromAddr64
MapFileAndCheckSumA
ImageLoad
SymUnDName64
SymGetLineFromAddr
ImageDirectoryEntryToData
SymGetLineFromName
SymGetSymFromAddr
RemovePrivateCvSymbolic
SymEnumerateSymbols
ImageRemoveCertificate
SymGetModuleInfo
FindDebugInfoFileEx
SymGetSymPrev64
ReBaseImage64
SymLoadModule

msi

MsiCreateTransformSummaryInfoW
MsiInvalidateFeatureCache
MsiGetProductCodeW
MsiGetUserInfoW
MsiRecordGetFieldCount
MsiConfigureFeatureFromDescriptorW
MsiSourceListForceResolutionA
MsiGetFeatureValidStatesW
MsiOpenPackageW
MsiQueryFeatureStateA
MsiSetTargetPathW
MsiGetComponentPathW
MsiInstallMissingFileW
MsiDatabaseGetPrimaryKeysW
MsiGetPropertyA
MsiEnumPatchesW
MsiRecordGetStringW
MsiRecordSetStreamW
MsiProvideComponentFromDescriptorA
MsiReinstallProductA
MsiProvideComponentA
MsiQueryFeatureStateW
MsiSummaryInfoPersist
MsiGetSummaryInformationA
MsiDatabaseGetPrimaryKeysA
MsiEnumComponentsA
MsiGetComponentStateA
MsiCreateAndVerifyInstallerDirectory
MsiVerifyPackageA
MsiSequenceW
MsiDatabaseGenerateTransformW
MsiGetShortcutTargetW
MsiConfigureProductW
MsiIsProductElevatedA
MsiDoActionA

advapi32

SetNamedSecurityInfoExW
OpenProcessToken
RegOpenKeyA
LsaSetSystemAccessAccount
RegQueryMultipleValuesW
GetSidIdentifierAuthority
I_ScSetServiceBitsA
BuildTrusteeWithObjectsAndSidW
WmiSetSingleItemW
InitiateSystemShutdownA
RegLoadKeyA
BackupEventLogW
AccessCheckByTypeAndAuditAlarmA
GetSecurityInfo
CredReadW
InitializeSid
A_SHAFinal
A_SHAInit
IsTokenUntrusted
GetEventLogInformation
LsaEnumerateAccounts
IsValidAcl
InitializeAcl
SystemFunction035
RegOpenKeyExA
OpenEncryptedFileRawA
AccessCheck
EqualDomainSid
SystemFunction024
CloseServiceHandle
LsaICLookupNamesWithCreds
SystemFunction001
CryptDuplicateKey
AddAuditAccessAce
RegConnectRegistryW
ElfClearEventLogFileW
SystemFunction036
CredWriteA

Sections

.text
Size: 167KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 585KB - Virtual size: 588KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 107KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2cace4885a4819a1f3049771a8f86552

Headers

DLL Characteristics

File Characteristics

Imports

wldap32

ufat

kernel32

dnsapi

imagehlp

msi

advapi32

Sections

.text Size: 167KB - Virtual size: 168KB

.rdata Size: 585KB - Virtual size: 588KB

.data Size: 107KB - Virtual size: 1.6MB

.rsrc Size: 1KB - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 167KB - Virtual size: 168KB

.rdata
Size: 585KB - Virtual size: 588KB

.data
Size: 107KB - Virtual size: 1.6MB

.rsrc
Size: 1KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 4KB