70489b536c1372fbc90ac5f779c53ddb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

70489b536c1372fbc90ac5f779c53ddb_JaffaCakes118
Size

35KB
MD5

70489b536c1372fbc90ac5f779c53ddb
SHA1

6562527c94654880cab3a158931ad39b9e52503c
SHA256

91d0aa68f5c753a721fe5bf29e73d7a7f48bc578a262f163430564fedd58b270
SHA512

1aeadfb95f4c90e603336aee30138acfa4fcb63fde43a4843338dbc7dd613213f2b229961fa6e0e4b41cf8587e6073d1863d11b4373b4c161c9d819b1a366f49
SSDEEP

768:KgnGfBpTLkc9IipqmQA+M2cbUF66HkxCo2:rnELYc9dqm+EUFPHkw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70489b536c1372fbc90ac5f779c53ddb_JaffaCakes118

Files

70489b536c1372fbc90ac5f779c53ddb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

abc9135415d06f4bbfc73b030b7f9272

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

secur32

LsaCallAuthenticationPackage
LsaFreeReturnBuffer
GetUserNameExW
LsaDeregisterLogonProcess
LsaConnectUntrusted

shell32

CommandLineToArgvW

advapi32

GetSidSubAuthorityCount
EqualSid
RegCloseKey
CryptAcquireContextW
BuildTrusteeWithObjectsAndSidW
GetLengthSid
RegSetValueExW
IsValidSid
CryptReleaseContext
CopySid
FreeSid
GetSidSubAuthority
InitializeSecurityDescriptor
GetExplicitEntriesFromAclW
LsaNtStatusToWinError
RegOpenKeyExW
BuildTrusteeWithSidW
RegQueryValueExW
LsaOpenPolicy
CryptGenRandom
RegCreateKeyExW
RegDeleteKeyW
RegQueryValueExA
LsaFreeMemory
ConvertStringSDToSDDomainW
GetSecurityDescriptorControl
LsaClose
AllocateAndInitializeSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorLength
LsaQueryInformationPolicy
GetSecurityDescriptorDacl
RegEnumKeyExW
SetEntriesInAclW
MakeSelfRelativeSD
RegOpenKeyExA
GetSidIdentifierAuthority

imm32

ImmAssociateContext

user32

LoadMenuW
LoadStringW
DrawIcon
MessageBoxW
CreateWindowExW
SetCursor
DestroyMenu
EndPaint
CharToOemW
UpdateWindow
SetWindowLongW
MessageBoxIndirectW
WinHelpW
CreatePopupMenu
BeginPaint
GetSystemMetrics
SetDlgItemTextW
GetParent
SetFocus
RegisterClipboardFormatW
LoadBitmapW
GetWindowTextLengthW
GetMessageW
GetMenuItemCount
GetWindowLongW
ShowWindow
ScreenToClient
wsprintfW
GetClientRect
LoadIconW
EnableWindow
ChildWindowFromPointEx
GetWindowTextW
SetWindowTextW
CallWindowProcW
DispatchMessageW
DestroyWindow
GetSubMenu
GetDlgItem
PeekMessageW
LoadCursorW
GetActiveWindow
DefWindowProcW
GetMenuItemInfoW
PtInRect
GetDlgCtrlID
PostThreadMessageW
PostMessageW
GetDesktopWindow
GetWindowRect
InsertMenuW
IsWindow
DestroyIcon
SendMessageW

dsprop

IsSheetAlreadyUp
BringSheetToForeground
CrackName
DSPROP_GetGCSearchOnDomain

dnsapi

DnsValidateName_W

ole32

CoCreateGuid
StringFromCLSID
ReleaseStgMedium
CoTaskMemAlloc
CreateStreamOnHGlobal
CoUninitialize
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CLSIDFromString
CoInitialize
StringFromGUID2

ntdsapi

DsRemoveDsServerW
DsFreeDomainControllerInfoW
DsReplicaSyncW
DsGetDomainControllerInfoW
DsReplicaConsistencyCheck
DsBindW

adsldpc

ADsGetPreviousRow

shlwapi

PathAppendW

gdi32

DeleteObject
GetTextExtentPoint32W
GetTextMetricsW

kernel32

GetProcessHeap
CompareStringW
GetModuleFileNameW
InitializeCriticalSection
GlobalFree
EnterCriticalSection
lstrlenW
InterlockedDecrement
SizeofResource
VirtualAlloc
Sleep
GlobalSize
LockResource
HeapFree
LeaveCriticalSection
GetCurrentProcess
GetTimeFormatW
GetModuleHandleW
GlobalLock
FormatMessageW
GetCurrentThreadId
HeapAlloc
GetSystemWindowsDirectoryW
GetCurrentProcessId
GetCommandLineW
GetProcAddress
LoadResource
InterlockedIncrement
DeleteCriticalSection
LoadLibraryA
FreeLibrary
lstrcmpiW
GlobalUnlock
lstrcmpW
SystemTimeToTzSpecificLocalTime
TerminateProcess
FlushInstructionCache
IsBadWritePtr
QueryPerformanceCounter
GetComputerNameW
GlobalAlloc
UnhandledExceptionFilter
FindResourceW
WaitForMultipleObjectsEx
GetTickCount
GetSystemTimeAsFileTime
lstrcpyW
SystemTimeToFileTime
lstrlenA
LocalAlloc
SetLastError
CompareFileTime
lstrcpynW
GetWindowsDirectoryW
GetDateFormatW
LocalFree
MultiByteToWideChar
LoadLibraryExW
DnsHostnameToComputerNameW
GetSystemDirectoryW
LoadLibraryW
InterlockedExchange
VirtualFree
SetUnhandledExceptionFilter
GetLastError

ntdll

RtlCreateUnicodeString
RtlCompareUnicodeString
RtlFreeUnicodeString

crypt32

CryptUnprotectData
CertFreeCertificateContext
CryptDecodeObject
CertFindExtension
CertNameToStrW
CertCompareCertificateName
CryptQueryObject
CryptProtectData

msvcrt

_wputenv
wcslen
_wgetenv
_wcslwr
free
__RTDynamicCast
wcstok
wcschr
wcscat
_vsnwprintf
_wcsdup
wcstol
_wsetlocale
wcsstr
_wcsnicmp
swscanf
__RTtypeid
_wtoi
_wtol
wcscmp
_adjust_fdiv
realloc
__CxxFrameHandler
_onexit
_beginthreadex
memmove
wcsncmp
malloc
wcsncat
qsort
_purecall
_except_handler3
_wcsicmp
tolower
wcscpy
_initterm
__dllonexit
wcsncpy

Sections

.text
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

abc9135415d06f4bbfc73b030b7f9272

Headers

File Characteristics

Imports

secur32

shell32

advapi32

imm32

user32

dsprop

dnsapi

ole32

ntdsapi

adsldpc

shlwapi

gdi32

kernel32

ntdll

crypt32

msvcrt

Sections

.text Size: 512B - Virtual size: 396B

.idata Size: 27KB - Virtual size: 27KB

.data Size: - Virtual size: 144KB

.rsrc Size: 5KB - Virtual size: 4KB

.rdata Size: 1KB - Virtual size: 1KB

.text
Size: 512B - Virtual size: 396B

.idata
Size: 27KB - Virtual size: 27KB

.data
Size: - Virtual size: 144KB

.rsrc
Size: 5KB - Virtual size: 4KB

.rdata
Size: 1KB - Virtual size: 1KB