7323d7b0456eba2cca37fd694d9047e3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7323d7b0456eba2cca37fd694d9047e3_JaffaCakes118
Size

378KB
MD5

7323d7b0456eba2cca37fd694d9047e3
SHA1

219eee91aaac7764c54d68ccc8f91d18d1018052
SHA256

b0bf941c2fface1447644339f7d602df71bc5e98aa85937898495ce9694ade57
SHA512

57975341b2427ce281e5b1246876230eec5e4b2ddb43ef77c8e70c56b7517d94420f80092bdc6d5d214871fe1bc99a0902662d6bc00dce2bc382e0ec91703987
SSDEEP

6144:np8e6SFibUnpFCGWq+V/uovRod2S0JVdYTm42kpcEC7nE2SS5e3GVMMnMMMMMa9d:p8EiwnpofV/uosT0JVum4N9CLVLe3WM6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7323d7b0456eba2cca37fd694d9047e3_JaffaCakes118

Files

7323d7b0456eba2cca37fd694d9047e3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ff2b795873673cad48794d2f8a4e1c50

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

StringFromCLSID
CreatePointerMoniker
StringFromGUID2
CoTaskMemFree
CoCreateInstance
CLSIDFromString
IIDFromString

netapi32

NetLocalGroupAdd
NetServerSetInfo
NetLocalGroupDel
NetShareSetInfo
NetShareGetInfo
NetLocalGroupDelMembers
NetWkstaUserGetInfo
NetServerEnum
NetUserModalsSet
NetGetAnyDCName
NetGroupGetUsers
NetShareEnum
NetGroupDelUser
NetUserDel
NetUserAdd
NetLocalGroupEnum
NetGroupSetInfo
DsRoleFreeMemory
NetSessionGetInfo
NetUserChangePassword
NetUserSetInfo
DsRoleGetPrimaryDomainInformation
NetFileGetInfo
NetUserModalsGet
NetShareAdd
NetUseGetInfo
NetLocalGroupAddMembers
NetUserGetGroups
NetGroupEnum
NetGroupAddUser
NetLocalGroupGetInfo
NetApiBufferFree
NetServerGetInfo
NetShareDel
NetLocalGroupGetMembers
NetSessionEnum
NetWkstaGetInfo
NetUserGetLocalGroups
NetGroupGetInfo
NetLocalGroupSetInfo
NetSessionDel
NetQueryDisplayInformation
NetGetDCName
NetGroupDel
NetUserGetInfo
NetGroupAdd

ntdll

RtlAdjustPrivilege
RtlRunDecodeUnicodeString
NtAllocateVirtualMemory
RtlAddAccessAllowedAceEx
RtlSecondsSince1970ToTime

msvcrt

_initterm
__dllonexit
malloc
_itow
_ftol
_adjust_fdiv
_onexit
wcslen
wcscpy
_ltow
_wtol
_except_handler3
wcsrchr
_CxxThrowException
_purecall
free
wcschr
_wcsicmp
wcscat
wcscmp
_wcsnicmp

user32

LoadStringW
wsprintfW

rpcrt4

RpcStringFreeW

advapi32

GetUserNameW
SystemFunction041
SystemFunction040
ControlService
GetSidSubAuthority
DeleteService
RegConnectRegistryW
RegQueryValueExW
LockServiceDatabase
StartServiceW
OpenServiceW
OpenSCManagerW
RegOpenKeyExW
UnlockServiceDatabase
QueryServiceStatus
GetSidSubAuthorityCount
CloseServiceHandle
EnumServicesStatusW
QueryServiceConfigW
ChangeServiceConfigW
LookupAccountNameW
RegCloseKey
CreateServiceW
GetSidIdentifierAuthority
RegEnumKeyExW
GetLengthSid

mpr

WNetAddConnection2W
WNetCancelConnection2W

kernel32

EnterCriticalSection
GetTickCount
FreeLibrary
GetComputerNameW
CreateSemaphoreW
DisableThreadLibraryCalls
LocalAlloc
SystemTimeToTzSpecificLocalTime
DosDateTimeToFileTime
GetCurrentThreadId
CloseHandle
lstrlenW
UnhandledExceptionFilter
InitializeCriticalSection
WaitForSingleObject
ReleaseSemaphore
SetUnhandledExceptionFilter
GetSystemTime
LeaveCriticalSection
FormatMessageW
GetSystemTimeAsFileTime
FileTimeToSystemTime
QueryPerformanceCounter
GetCurrentProcessId
GetACP
FileTimeToLocalFileTime
GetLastError
InterlockedDecrement
LocalFileTimeToFileTime
GetCurrentProcess
InterlockedIncrement
SetLastError
GetModuleHandleW
LocalFree
FileTimeToDosDateTime
SystemTimeToFileTime
LoadLibraryW
GetProcAddress
DeleteCriticalSection
GetStartupInfoA

oleaut32

VariantCopy

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 313KB - Virtual size: 313KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff2b795873673cad48794d2f8a4e1c50

Headers

File Characteristics

Imports

ole32

netapi32

ntdll

msvcrt

user32

rpcrt4

advapi32

mpr

kernel32

oleaut32

Sections

.text Size: 11KB - Virtual size: 11KB

.data Size: 7KB - Virtual size: 1.2MB

.idata Size: 4KB - Virtual size: 4KB

.rdata Size: 313KB - Virtual size: 313KB

.rsrc Size: 40KB - Virtual size: 40KB

.text
Size: 11KB - Virtual size: 11KB

.data
Size: 7KB - Virtual size: 1.2MB

.idata
Size: 4KB - Virtual size: 4KB

.rdata
Size: 313KB - Virtual size: 313KB

.rsrc
Size: 40KB - Virtual size: 40KB