8da841452d2d08ec99dad0a6c404f30c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8da841452d2d08ec99dad0a6c404f30c_JaffaCakes118
Size

864KB
MD5

8da841452d2d08ec99dad0a6c404f30c
SHA1

da85e0202330ec1827915d211d430c12b1d56168
SHA256

a1f966e956ee0457232bc0c1b393ba8fe0039c9afa92d1ba1c650cfa54e81ce2
SHA512

55395fab914794b3dee87564f94c214d3f0fe371cb6933f9aa151cdc4d12edc6fd412c592e7efd9e8d1a6f80abfcd72a0146f128760d3887204f24921b86c476
SSDEEP

24576:3zBVIxBgYruBe7hMJtzvU3Kd0wZF1RhcJwncPC:DByEBed+iKd0wvWJwc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8da841452d2d08ec99dad0a6c404f30c_JaffaCakes118

Files

8da841452d2d08ec99dad0a6c404f30c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b697eaf3cf663b0060b5dc601b36a4d3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

samlib

SamGetMembersInAlias
SamEnumerateGroupsInDomain
SamCreateGroupInDomain
SamiSetBootKeyInformation
SamRemoveMemberFromAlias
SamSetInformationAlias
SamEnumerateDomainsInSamServer
SamOpenAlias
SamGetDisplayEnumerationIndex
SamQueryInformationUser
SamGetCompatibilityMode
SamChangePasswordUser
SamCreateUserInDomain
SamTestPrivateFunctionsUser
SamGetAliasMembership
SamQueryInformationDomain
SamSetInformationGroup
SamFreeMemory
SamiSetDSRMPasswordOWF
SamRidToSid
SamChangePasswordUser2
SamQueryInformationAlias
SamAddMultipleMembersToAlias
SamDeleteUser
SamiChangePasswordUser
SamiChangePasswordUser2
SamGetGroupsForUser
SamRemoveMemberFromForeignDomain
SamEnumerateUsersInDomain
SamOpenDomain
SamTestPrivateFunctionsDomain
SamAddMemberToGroup

kernel32

GetPrivateProfileStringW
CopyFileExA
ChangeTimerQueueTimer
CancelDeviceWakeupRequest
GetBinaryTypeW
SetThreadIdealProcessor
SetConsoleInputExeNameW
ReadConsoleW
FoldStringA
GetUserGeoID
WritePrivateProfileSectionA
EnumTimeFormatsW
GetNumberOfConsoleMouseButtons
QueryPerformanceCounter
GetBinaryType
SetComputerNameW
lstrcmpA
RegisterWaitForSingleObjectEx
SetProcessAffinityMask
WriteConsoleInputW
SetMessageWaitingIndicator
VerifyConsoleIoHandle
GetLongPathNameA
GlobalFlags
WriteProfileSectionW
LoadLibraryA
SetThreadPriorityBoost
VerLanguageNameA
GetGeoInfoA
SetLocalPrimaryComputerNameA
LocalLock
SetFileValidData
SetLastError
SetComputerNameExW
GetHandleContext
EnumUILanguagesW
GetProfileIntA
RtlFillMemory
WriteConsoleInputA
SetVolumeLabelA
BindIoCompletionCallback
InitializeSListHead
FindAtomW
ReadFileScatter
TlsAlloc
OpenFileMappingW
lstrcmpW
LZInit
lstrlen
FlushInstructionCache
GlobalUnWire
GetTimeFormatA
GetStdHandle
InterlockedFlushSList
ReadConsoleOutputAttribute
GetDiskFreeSpaceA
WritePrivateProfileSectionW
OpenWaitableTimerW
QueryDosDeviceA
ReplaceFile
WaitNamedPipeA
SetThreadLocale
HeapSize
SetVolumeLabelW
LocalReAlloc
GetPrivateProfileStringA
FreeEnvironmentStringsW
IsValidLocale
WideCharToMultiByte
WaitNamedPipeW
RtlMoveMemory
EnumLanguageGroupLocalesA
GetEnvironmentStringsW
SetConsoleTitleA
GetProfileSectionA
GetConsoleAliasExesLengthW
VirtualAlloc
OpenMutexW
GetCurrentThread
GetThreadPriorityBoost
DeleteTimerQueue

iphlpapi

FlushIpNetTable
SetIpForwardEntry
CreateIpNetEntry
UnenableRouter
NotifyRouteChange
GetRTTAndHopCount
_PfGetInterfaceStatistics@16
GetIfTable
DeleteIpNetEntry
GetIpStatisticsEx
GetNetworkParams
GetUdpStatistics
RestoreMediaSense
_PfRemoveFiltersFromInterface@20
GetFriendlyIfIndex
Icmp6SendEcho2
InternalGetIpNetTable
_PfDeleteLog@0
_PfRemoveGlobalFilterFromInterface@8
GetAdapterIndex
_PfMakeLog@4
IpReleaseAddress
NTPTimeToNTFileTime
IcmpCloseHandle
do_echo_req
CreateProxyArpEntry
NotifyAddrChange
InternalDeleteIpForwardEntry
InternalCreateIpForwardEntry
InternalSetIfEntry
GetTcpStatisticsEx
IpRenewAddress
GetAdaptersAddresses
CreateIpForwardEntry
IcmpSendEcho
_PfUnBindInterface@4
SetIfEntry
GetIpAddrTable
GetIpStatistics
InternalSetIpNetEntry
SetIpNetEntry

msdart

?_WriteLockSpin@CReaderWriterLock3@@AAEXXZ
?InsertTail@CDoubleList@@QAEXQAVCListEntry@@@Z
?_CmpExch@CReaderWriterLock@@AAE_NJJ@Z
?GetDefaultSpinCount@CFakeLock@@SGGXZ
?_LockSpin@CReaderWriterLock2@@AAEX_N@Z
?SetSpinCount@CReaderWriterLock2@@QAE_NG@Z
SetMemHook
?_TryLock@CSpinLock@@AAE_NXZ
?GetDefaultSpinAdjustmentFactor@CSmallSpinLock@@SGNXZ
??0CLKRHashTableStats@@QAE@XZ
?ReadLock@CReaderWriterLock2@@QAEXXZ
MPInitializeCriticalSection
?WriteLock@CReaderWriterLock2@@QAEXXZ
?ReadLock@CLKRHashTable@@QBEXXZ
?IsWin2k@CMdVersionInfo@@SAHXZ
??4CDoubleList@@QAEAAV0@ABV0@@Z
?GetDefaultSpinCount@CCritSec@@SGGXZ
?InitializeVersionInfo@CMdVersionInfo@@CAHXZ
?WriteLock@CSpinLock@@QAEXXZ
??0CSpinLock@@QAE@XZ
?SetSpinCount@CCritSec@@SGKPAPAVCCriticalSection@@K@Z
?IsReadLocked@CFakeLock@@QBE_NXZ
?Last@CLockedDoubleList@@QAEQAVCListEntry@@XZ
?SetDefaultSpinAdjustmentFactor@CSmallSpinLock@@SGXN@Z
?IsReadLocked@CReaderWriterLock@@QBE_NXZ
?_H0@CLKRLinearHashTable@@CGKKK@Z
?SetDefaultSpinAdjustmentFactor@CSpinLock@@SGXN@Z
?ConvertSharedToExclusive@CReaderWriterLock2@@QAEXXZ
?IsWriteLocked@CSmallSpinLock@@QBE_NXZ
?_CmpExch@CReaderWriterLock3@@AAE_NJJ@Z
?GetSpinCount@CCritSec@@QBEGXZ
?_CalcKeyHash@CLKRHashTable@@ABEKK@Z
?GetSpinCount@CReaderWriterLock@@QBEGXZ
?IsWin95@CMdVersionInfo@@SAHXZ
?_IsLocked@CSpinLock@@ABE_NXZ
?GetSpinCount@CReaderWriterLock2@@QBEGXZ
?GetStatistics@CLKRLinearHashTable@@QBE?AVCLKRHashTableStats@@XZ
?WriteUnlock@CSpinLock@@QAEXXZ

gdi32

GdiComment
GdiInitializeLanguagePack
GetFontData
GetPaletteEntries
PolyPolyline
GetPath
RemoveFontResourceExW
EudcUnloadLinkW
ExtCreatePen
EngStretchBlt
GdiSwapBuffers
GetDIBColorTable
GetMapMode
GdiEntry9
DdEntry13
SetColorAdjustment
gdiPlaySpoolStream
GdiRealizationInfo
FONTOBJ_pfdg
GetCharABCWidthsI
GdiGetPageCount
UpdateICMRegKeyA
GetViewportOrgEx
SetMetaRgn
Pie
CreateBitmapIndirect

msvcrt40

_cputs
labs
?seekoff@stdiobuf@@UAEJJW4seek_dir@ios@@H@Z
_msize
?in_avail@streambuf@@QBEHXZ
??_8strstream@@7Bostream@@@
_lseek
??_Estdiobuf@@UAEPAXI@Z
strpbrk
?writepad@ostream@@AAEAAV1@PBD0@Z
_wfindnext
?close@fstream@@QAEXXZ
fgetc
_mbctoupper
??_7stdiobuf@@6B@
??_7ostream@@6B@
_stricoll
swscanf
??5istream@@QAEAAV0@AAI@Z
_ismbcupper
feof
strcpy
__RTCastToVoid
__p__fmode
??4streambuf@@QAEAAV0@ABV0@@Z
??_Gstreambuf@@UAEPAXI@Z
__p___initenv
_spawnvp
?_query_new_handler@@YAP6AHI@ZXZ
_CIatan
_ultow
_wfsopen
_adj_fptan
_ismbckata
_ismbstrail

Sections

.text
Size: 194KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 188KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 479KB - Virtual size: 480KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b697eaf3cf663b0060b5dc601b36a4d3

Headers

DLL Characteristics

File Characteristics

Imports

samlib

kernel32

iphlpapi

msdart

gdi32

msvcrt40

Sections

.text Size: 194KB - Virtual size: 196KB

.rdata Size: 188KB - Virtual size: 192KB

.data Size: 512B - Virtual size: 1.9MB

.rsrc Size: 479KB - Virtual size: 480KB

.reloc Size: 1KB - Virtual size: 4KB

.text
Size: 194KB - Virtual size: 196KB

.rdata
Size: 188KB - Virtual size: 192KB

.data
Size: 512B - Virtual size: 1.9MB

.rsrc
Size: 479KB - Virtual size: 480KB

.reloc
Size: 1KB - Virtual size: 4KB