6fde0eb33d6f968ac37ec9b1711df961_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6fde0eb33d6f968ac37ec9b1711df961_JaffaCakes118
Size

372KB
MD5

6fde0eb33d6f968ac37ec9b1711df961
SHA1

a9fe0cdeb4fdbe96726131818f00bd9fc1fc1148
SHA256

d2a915cd20c3a33417398a2ffdba1e0107df4e2a6eebc01a7231dce2998aaefb
SHA512

40881db63c46778422df518cf5da426d1492e5eb147169c0fde7333e7f8e0b43216704ba90a9c916c8922fb2cc07d969c6d1aced2f6cf7ab47b59869c6b50d7e
SSDEEP

6144:i3c5ZgpiCZ+aWAkUOF0JY+rt/O5ayhHF8+N2Y1xWrXf8NAqKUztFyG3QD+zRiQu2:iM5q8aiUNJpNB+N2Y1xIXf8uq1RX3QD8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6fde0eb33d6f968ac37ec9b1711df961_JaffaCakes118

Files

6fde0eb33d6f968ac37ec9b1711df961_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b46796002f411ccc2277dcf40f5f31a9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_purecall
_adjust_fdiv
wcscmp
_except_handler3
free
swscanf
sprintf
wcscat
_wcsicmp
wcslen
wcscpy
wcstok
wcschr
malloc
_wcsnicmp
_initterm

kernel32

GetSystemTime
FileTimeToLocalFileTime
DosDateTimeToFileTime
GetCurrentThreadId
InterlockedIncrement
GetSystemTimeAsFileTime
LocalFree
QueryPerformanceCounter
SystemTimeToFileTime
DeleteCriticalSection
FileTimeToSystemTime
CloseHandle
UnhandledExceptionFilter
LocalAlloc
LeaveCriticalSection
GetTickCount
CompareStringW
GetCurrentProcessId
FileTimeToDosDateTime
GetProcAddress
TerminateProcess
GetACP
GetLastError
LoadLibraryW
EnterCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
LocalFileTimeToFileTime
SetUnhandledExceptionFilter
FormatMessageW
GetCurrentProcess
FreeLibrary
SystemTimeToTzSpecificLocalTime

secur32

LsaFreeReturnBuffer
LsaLookupAuthenticationPackage
LsaDeregisterLogonProcess
LsaCallAuthenticationPackage
LsaConnectUntrusted

netapi32

NetUserChangePassword
NetUserSetInfo

advapi32

SystemFunction040
LogonUserW
ImpersonateLoggedOnUser
SystemFunction041
RevertToSelf

user32

wsprintfW

ntdll

NtAllocateVirtualMemory
NtAddAtom

ole32

CoCreateInstance

adsldpc

LdapModifyS
ADsObject
FreeObjectInfo
LdapOpenObject
LdapCloseObject
GetDefaultServer
LdapReadAttributeFast
LdapValueFree
LdapCompareExt
BuildADsPathFromLDAPPath
BuildLDAPPathFromADsPath2
ChangeSeparator
ReadServerSupportsIsADControl

Sections

.text
Size: 263KB - Virtual size: 262KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b46796002f411ccc2277dcf40f5f31a9

Headers

File Characteristics

Imports

msvcrt

kernel32

secur32

netapi32

advapi32

user32

ntdll

ole32

adsldpc

Sections

.text Size: 263KB - Virtual size: 262KB

.rsrc Size: 44KB - Virtual size: 44KB

.data Size: 53KB - Virtual size: 1.2MB

.rdata Size: 11KB - Virtual size: 10KB

.text
Size: 263KB - Virtual size: 262KB

.rsrc
Size: 44KB - Virtual size: 44KB

.data
Size: 53KB - Virtual size: 1.2MB

.rdata
Size: 11KB - Virtual size: 10KB