6ef31ed28f0729678a043f1b00b5aac4_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6ef31ed28f0729678a043f1b00b5aac4_JaffaCakes118
Size

429KB
MD5

6ef31ed28f0729678a043f1b00b5aac4
SHA1

29033f5282335071987d70b48b8025c7b4e414b9
SHA256

2a22b38904cabc8787b2786b67eb131c573fea367573733548b110deb4fff4e8
SHA512

394b2f6435dfc8dd9d85a89718cd6f8a99d83f0f2729ecc022ca884bd97f36d114c3d846ebbd02e5dbefaae5335aca937e685a9d37121b5e5dfa97345a90a431
SSDEEP

12288:2mBsvI0dm8FoTxNj/jQfOmJd7TJFi0I6Q8QLrm:2m6tNMHjQZd7LQ8iq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6ef31ed28f0729678a043f1b00b5aac4_JaffaCakes118

Files

6ef31ed28f0729678a043f1b00b5aac4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e0ce65c28bea2f1e78dce95700b40ab4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ddraw

DirectDrawEnumerateA

ws2_32

WSAConnect
setsockopt

samlib

SamRemoveMultipleMembersFromAlias
SamConnectWithCreds

user32

ShowWindow
GetCursorPos
LockWindowUpdate
SetMenuDefaultItem
DeferWindowPos
OffsetRect
GetTabbedTextExtentA
GetUpdateRgn
CreatePopupMenu
DdeCreateStringHandleA
GetClassInfoA
DdeSetUserHandle
SetWindowsHookExA
GetWindow
GetDCEx
CreateDialogParamA
MapWindowPoints
DefMDIChildProcA
SubtractRect
RegisterClassExA
CharLowerBuffA
BeginDeferWindowPos
AppendMenuA
CharNextA
PostMessageW
CopyRect
DdeDisconnect
GetSystemMetrics
CreateWindowExA
DestroyCursor
CharToOemA
IsClipboardFormatAvailable
LoadBitmapA
ModifyMenuA
GetMenuItemID

kernel32

HeapFree
CloseHandle
MulDiv
GetVersion
SystemTimeToFileTime
GetEnvironmentStrings
InitializeCriticalSection
FindResourceA
LockFile
SetErrorMode
_lclose
FileTimeToSystemTime
FindFirstFileA
lstrcmpA
FindClose
SetStdHandle
GlobalDeleteAtom
FreeEnvironmentStringsA
LoadResource
VirtualAlloc
GetWindowsDirectoryA
GetEnvironmentStringsW
GetTickCount
_lread
GlobalHandle
GetOEMCP
FindNextFileA
GetCommandLineA
GetVolumeInformationA
IsBadCodePtr
LeaveCriticalSection
FileTimeToLocalFileTime
GetProfileStringA
GetStringTypeExA
GlobalFree
WaitForSingleObject
FreeLibrary
SetEndOfFile
GetTempFileNameA
GetCurrentThreadId
GetFileAttributesA
GetSystemInfo
CreateProcessW
TlsFree
GetModuleHandleA
GlobalLock
EnterCriticalSection
_llseek
lstrcmpiW
GetACP
HeapDestroy
CreateProcessA
SetLastError
GlobalUnlock
GetStartupInfoA
GetCurrentProcessId
WinExec
MoveFileA
GetCurrentDirectoryA
LockResource
SetFilePointer
GetSystemTime
InterlockedIncrement
GetStringTypeW
HeapAlloc
CreateSemaphoreA
GetShortPathNameA
SetFileTime
LCMapStringA
DeleteCriticalSection
CreateFileA
InterlockedDecrement
TlsGetValue
GlobalReAlloc
GlobalSize
RaiseException
SizeofResource
CreateThread
VirtualQuery
UnhandledExceptionFilter
ExitThread
GetCurrentProcess
GetStringTypeA
SetHandleCount
FlushFileBuffers
TlsSetValue
SetEvent
ExitProcess
GetLastError
TlsAlloc
FreeResource
GetExitCodeProcess
UnlockFile
GetProcAddress
GetVersionExA
GetDriveTypeA
MultiByteToWideChar
GetSystemDirectoryA
lstrcatA
lstrcpyA
FlushInstructionCache
CompareStringA
GetModuleFileNameW
GetLocalTime
GetSystemDefaultLangID
FormatMessageW
lstrcmpiA
WriteFile
HeapSize
GetLocaleInfoA
DeleteFileA
GetDateFormatA
GetUserDefaultLCID
WideCharToMultiByte
SearchPathA
GetStdHandle
LCMapStringW
CompareStringW
VirtualFree
IsBadReadPtr
ReadFile
RtlUnwind
SetEnvironmentVariableA
GlobalAddAtomA
FreeEnvironmentStringsW
GetModuleFileNameA
SetFileAttributesA
VirtualProtect
TerminateProcess
GlobalAlloc
LoadLibraryA
LoadLibraryExA
GetFileType
CreateDirectoryA
lstrlenA
GetCPInfo
CreateEventA
ResumeThread
ReleaseSemaphore
SetCurrentDirectoryA
OpenProcess
ResetEvent
FormatMessageA
GetUserDefaultLangID
HeapReAlloc
GetSystemDefaultLCID
RemoveDirectoryA
HeapCreate
GetFileTime
Sleep
SetLocalTime
GetTempPathA
lstrcpynA
IsDBCSLeadByte
GetTimeZoneInformation
_lwrite
DuplicateHandle

advapi32

RegQueryValueExW
RegDeleteValueW
DeregisterEventSource
RegCreateKeyW
RegSetValueExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyW
RegOpenKeyExA
AdjustTokenPrivileges
RegEnumValueA
RegQueryValueExA
RegOpenKeyA
ReportEventA
RegCloseKey
LookupPrivilegeValueA
SetSecurityDescriptorDacl
RegSetValueA
InitializeSecurityDescriptor
RegCreateKeyA
RegEnumValueW
OpenProcessToken
RegDeleteValueA
RegOpenKeyW
RegQueryInfoKeyA
RegDeleteKeyA
RegEnumKeyW
RegSetValueExW
RegisterEventSourceA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 133KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0ce65c28bea2f1e78dce95700b40ab4

Headers

File Characteristics

Imports

ddraw

ws2_32

samlib

user32

kernel32

advapi32

Sections

.text Size: 1KB - Virtual size: 1KB

.idata Size: 6KB - Virtual size: 5KB

.rdata Size: 177KB - Virtual size: 177KB

.data Size: 133KB - Virtual size: 1.6MB

.rsrc Size: 109KB - Virtual size: 109KB

.text
Size: 1KB - Virtual size: 1KB

.idata
Size: 6KB - Virtual size: 5KB

.rdata
Size: 177KB - Virtual size: 177KB

.data
Size: 133KB - Virtual size: 1.6MB

.rsrc
Size: 109KB - Virtual size: 109KB