746606065b1f4d9be292d601048fd38e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

746606065b1f4d9be292d601048fd38e_JaffaCakes118
Size

56KB
MD5

746606065b1f4d9be292d601048fd38e
SHA1

f0a6bedcba64982969bd438f24a66dac47a9894d
SHA256

ab306b9c0948f28f3c2a90fb57a1ee0ba8ac9d2c48c65c4aadc870d5516d8cd9
SHA512

5f6a1b225de3d1cb7810a09506da6b6b16fd94a5b173228af6858c470dab67d46e8ada8b2f886b9b9b30baea45c421f0c262c4a5eabcf925ba2fbdefc97139ab
SSDEEP

768:FexQW4jnVcMEieMzAwIHkinmJalYzAxodQl+PvTBMpQHKe13:AuW4rytMzIHkjNzIoel+BkmKe13

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
746606065b1f4d9be292d601048fd38e_JaffaCakes118

Files

746606065b1f4d9be292d601048fd38e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

922c5ce4109c97d51ccfd72f90ff9f7f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptFindLocalizedName
CryptCloseAsyncHandle
RegQueryInfoKeyU
CertVerifySubjectCertificateContext
CertGetCRLContextProperty
I_CryptGetDefaultCryptProv
CertCompareCertificate
CertSerializeCTLStoreElement
I_CryptAddRefLruEntry
CertFreeCertificateContext
CryptHashMessage
CryptSignMessageWithKey
CryptBinaryToStringA
CertRDNValueToStrW
CertFindCertificateInCRL
CertUnregisterPhysicalStore
I_CryptWalkAllLruCacheEntries
CryptEncodeObjectEx
CertStrToNameW
CertFreeCertificateChainEngine
I_CryptGetAsn1Decoder
CertGetIssuerCertificateFromStore
CryptSignMessage
CryptEnumOIDInfo
CertDeleteCTLFromStore
I_CryptRegisterSmartCardStore
I_CryptUninstallAsn1Module
CertEnumSystemStoreLocation
RegDeleteValueU

kernel32

EnumLanguageGroupLocalesW
WaitNamedPipeW
SetErrorMode
GetWriteWatch
WriteProfileStringW
FindFirstVolumeMountPointW
CreateProcessInternalW
LZOpenFileA
GetGeoInfoA
EnumDateFormatsExA
lstrcpyA
FlushConsoleInputBuffer
InterlockedDecrement
HeapCreate
SetHandleInformation
UTRegister
GetDateFormatA
BuildCommDCBW
CopyFileA
SetConsoleWindowInfo
SetProcessPriorityBoost
AddConsoleAliasA
DeleteFileW
LoadLibraryA
FindFirstChangeNotificationW
SetClientTimeZoneInformation
GetStringTypeExW
FoldStringW
WriteProfileStringA
GetHandleInformation
IsProcessorFeaturePresent
VirtualAlloc
FillConsoleOutputAttribute

lz32

CopyLZFile
LZCopy
LZRead
LZOpenFileA
LZInit
GetExpandedNameW
LZSeek
LZOpenFileW
LZDone
LZClose
LZCloseFile
LZStart
LZCreateFileW
GetExpandedNameA

credui

CredUIInitControls
CredUIPromptForCredentialsW
CredUIStoreSSOCredA
CredUIPromptForCredentialsA
DllGetClassObject
DllUnregisterServer
CredUICmdLinePromptForCredentialsA
CredUIParseUserNameA
DllRegisterServer
CredUIStoreSSOCredW
CredUICmdLinePromptForCredentialsW
DllCanUnloadNow
CredUIConfirmCredentialsW
CredUIConfirmCredentialsA
CredUIParseUserNameW
CredUIReadSSOCredA
CredUIReadSSOCredW

samlib

SamAddMultipleMembersToAlias
SamiLmChangePasswordUser
SamiEncryptPasswords
SamEnumerateDomainsInSamServer
SamLookupNamesInDomain
SamLookupDomainInSamServer
SamEnumerateUsersInDomain
SamiSetDSRMPasswordOWF
SamDeleteUser
SamConnectWithCreds
SamGetDisplayEnumerationIndex
SamiChangePasswordUser2
SamiChangeKeys
SamShutdownSamServer
SamSetInformationAlias
SamGetCompatibilityMode
SamFreeMemory
SamAddMemberToGroup
SamOpenDomain
SamCloseHandle
SamConnect
SamSetInformationGroup

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

922c5ce4109c97d51ccfd72f90ff9f7f

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

kernel32

lz32

credui

samlib

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 18KB - Virtual size: 109KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 224B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 18KB - Virtual size: 109KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 224B