94c6a4efcb358ed6d627729056787d0f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

94c6a4efcb358ed6d627729056787d0f_JaffaCakes118
Size

440KB
MD5

94c6a4efcb358ed6d627729056787d0f
SHA1

a4c2a33fa72c98b5c6825e0dceb07f182f61b93e
SHA256

964b07e2a664c966b9fa5b749eeb938d5dc9c568d9a2b1a8e5feb13cd76324f7
SHA512

03ebbc7223630f31c6ee94de627b8b4c4761e98f69e5a68e9777e6380e62aec1e81c220fedd265d53ff72e7f525b2f704dc7b82c421a1b5efb29eb2265bd390b
SSDEEP

12288:98ObdBunJIGmpqJDfLKatLMfeCi6NJ2Qcj1uyMMnMMMMM2:tkJnxRJC4jdMMnMMMMM2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
94c6a4efcb358ed6d627729056787d0f_JaffaCakes118

Files

94c6a4efcb358ed6d627729056787d0f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3d1193423815160c5d71eeffcc84dcd9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

netapi32

NetUserSetInfo
NetSessionGetInfo
NetServerGetInfo
NetGroupSetInfo
NetLocalGroupAddMembers
NetServerSetInfo
NetLocalGroupDelMembers
NetShareGetInfo
NetGroupGetUsers
NetUserGetGroups
NetSessionDel
NetGroupAddUser
NetWkstaGetInfo
NetGroupEnum
NetGroupDelUser
NetLocalGroupGetInfo
NetUserGetInfo
NetFileGetInfo
NetShareSetInfo
NetLocalGroupGetMembers
NetWkstaUserGetInfo
NetGroupAdd
NetServerEnum
NetLocalGroupEnum
NetGetDCName
NetGroupGetInfo
NetApiBufferFree
NetUserModalsSet
NetGetAnyDCName
NetSessionEnum
NetUseGetInfo
NetGroupDel
NetLocalGroupAdd
NetUserGetLocalGroups
NetLocalGroupSetInfo
NetShareEnum
NetShareAdd
NetQueryDisplayInformation
DsRoleGetPrimaryDomainInformation
NetUserDel
DsRoleFreeMemory
NetUserModalsGet
NetShareDel
NetUserAdd
NetLocalGroupDel
NetUserChangePassword

msvcrt

_itow
_purecall
_ftol
_CxxThrowException
wcscat
wcschr
_onexit
_except_handler3
malloc
free
_wcsicmp
wcsrchr
wcscmp
wcslen
_wcsnicmp
_ltow
_adjust_fdiv
_wtol
wcscpy
_initterm
__dllonexit

rpcrt4

RpcStringFreeW

ntdll

RtlAdjustPrivilege
RtlInitUnicodeString
RtlAddAccessAllowedAceEx
RtlRunDecodeUnicodeString
NtAllocateVirtualMemory

advapi32

RegConnectRegistryW
GetUserNameW
GetSidIdentifierAuthority
EnumServicesStatusW
GetLengthSid
RegOpenKeyExW
RegQueryValueExW
OpenServiceW
DeleteService
OpenSCManagerW
RegCloseKey
UnlockServiceDatabase
QueryServiceConfigW
CloseServiceHandle
GetSidSubAuthority
SystemFunction041
RegEnumKeyExW
LookupAccountNameW
LockServiceDatabase
ControlService
QueryServiceStatus
ChangeServiceConfigW
SystemFunction040
GetSidSubAuthorityCount
StartServiceW
CreateServiceW

kernel32

InitializeCriticalSection
LocalFileTimeToFileTime
FreeLibrary
DeleteCriticalSection
GetSystemTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
FileTimeToDosDateTime
FormatMessageW
GetTickCount
CreateSemaphoreW
LoadLibraryW
GetComputerNameW
InterlockedDecrement
GetSystemTimeAsFileTime
TerminateProcess
LocalFree
SystemTimeToTzSpecificLocalTime
WaitForSingleObject
GetProcAddress
GetStartupInfoA
CompareStringW
InterlockedIncrement
GetLastError
LocalAlloc
GetCurrentThreadId
GetACP
EnterCriticalSection
DisableThreadLibraryCalls
DosDateTimeToFileTime
GetModuleHandleW
UnhandledExceptionFilter
SetLastError
ReleaseSemaphore
FileTimeToLocalFileTime
GetCurrentProcess
FileTimeToSystemTime
CloseHandle
GetCurrentProcessId
lstrlenW

oleaut32

VariantCopy

mpr

WNetAddConnection2W
WNetCancelConnection2W

user32

wsprintfW
LoadStringW

ole32

IIDFromString
CLSIDFromString
StringFromCLSID
CoTaskMemFree
CreatePointerMoniker
StringFromGUID2
CoCreateInstance

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 936KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 368KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d1193423815160c5d71eeffcc84dcd9

Headers

File Characteristics

Imports

netapi32

msvcrt

rpcrt4

ntdll

advapi32

kernel32

oleaut32

mpr

user32

ole32

Sections

.text Size: 13KB - Virtual size: 13KB

.data Size: 8KB - Virtual size: 936KB

.idata Size: 4KB - Virtual size: 4KB

.rdata Size: 368KB - Virtual size: 368KB

.rsrc Size: 43KB - Virtual size: 43KB

.reloc Size: 512B - Virtual size: 56B

.text
Size: 13KB - Virtual size: 13KB

.data
Size: 8KB - Virtual size: 936KB

.idata
Size: 4KB - Virtual size: 4KB

.rdata
Size: 368KB - Virtual size: 368KB

.rsrc
Size: 43KB - Virtual size: 43KB

.reloc
Size: 512B - Virtual size: 56B