a43fb8f8a0daa4513c41af56e515d445_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a43fb8f8a0daa4513c41af56e515d445_JaffaCakes118
Size

868KB
MD5

a43fb8f8a0daa4513c41af56e515d445
SHA1

702a009dc09c5d39e7d015571286a18f4ee96e20
SHA256

ca17dbcdeff7a5cc1b7c9cd2537d938b4d739151919ccbc6da0b44e357e36d72
SHA512

164303628ef1245eb43a377520af5e21f74c0926cdbeb9af5d74d7eaaf642373488fd3d2a79ad568869e164de668895b77bbddb3344a01aabf15cd39b4da36ca
SSDEEP

24576:jDNYptUWzt1XDtfNBXmFPQ/lvYv3XaMn8I:jDNY/x1xNBmG/VS3q28

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a43fb8f8a0daa4513c41af56e515d445_JaffaCakes118

Files

a43fb8f8a0daa4513c41af56e515d445_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f67cf9e251a6d7aa9bf734a48bd1d392

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryDosDeviceA
SetConsoleOS2OemFormat
GetDiskFreeSpaceExA
LZDone
GetLogicalDriveStringsA
LoadLibraryA
EnumCalendarInfoW
WaitForDebugEvent
GetCurrencyFormatA
GetConsoleDisplayMode
SetFilePointer
FindFirstFileW
lstrlenA
GetSystemTime
VirtualAlloc
CreateSocketHandle
GlobalAlloc
AreFileApisANSI
BuildCommDCBW
GetProcessIoCounters
WriteProfileStringA
GetCurrentThread
GetDriveTypeW
_lclose
DeleteTimerQueue
DeleteVolumeMountPointW
LocalSize
EnumCalendarInfoExA
lstrcmpiW
IsBadHugeReadPtr
SetFileAttributesW
SetConsoleInputExeNameA
GetCommConfig
ActivateActCtx
CancelTimerQueueTimer
SetHandleInformation
lstrcpyA
UnregisterWait
AddConsoleAliasW
SetLocaleInfoA
SetLocaleInfoW
RegisterConsoleVDM
FindActCtxSectionGuid
FatalAppExitA
SetFileTime
DeleteTimerQueueEx
GetEnvironmentStringsA
UnhandledExceptionFilter
SetCommConfig
TryEnterCriticalSection
SetLastError
DosPathToSessionPathA
ReadConsoleOutputCharacterW
GlobalGetAtomNameW
GetThreadSelectorEntry
HeapDestroy
SetConsolePalette
SetCurrentDirectoryA
CreateJobObjectA
GetCurrentProcess
WriteConsoleInputVDMW
EnumResourceNamesA
SetConsoleCursorInfo
GetTempFileNameW

samlib

SamRidToSid
SamAddMultipleMembersToAlias
SamQueryInformationGroup
SamConnectWithCreds
SamiChangeKeys
SamShutdownSamServer
SamQuerySecurityObject
SamDeleteGroup
SamiEncryptPasswords
SamRemoveMultipleMembersFromAlias
SamAddMemberToGroup
SamChangePasswordUser
SamiChangePasswordUser2
SamLookupDomainInSamServer
SamiChangePasswordUser
SamiSetDSRMPasswordOWF
SamFreeMemory
SamRemoveMemberFromGroup
SamCreateGroupInDomain
SamGetMembersInAlias
SamEnumerateAliasesInDomain
SamGetAliasMembership
SamCreateUserInDomain
SamTestPrivateFunctionsUser
SamGetDisplayEnumerationIndex
SamOpenUser
SamQueryInformationAlias
SamCloseHandle
SamOpenDomain
SamCreateUser2InDomain
SamSetInformationUser
SamiSetBootKeyInformation
SamEnumerateDomainsInSamServer
SamLookupNamesInDomain
SamLookupIdsInDomain

ws2_32

WSAInstallServiceClassA
WSAGetServiceClassInfoW
WSCUpdateProvider
accept
WSAStartup
WSANtohl
getaddrinfo
select
WSALookupServiceBeginW
WSAAsyncGetServByPort
WSAWaitForMultipleEvents
WSARemoveServiceClass
WSCEnableNSProvider
WSAIoctl
WSAEnumNetworkEvents
WSANtohs
WSAAccept
WSAResetEvent
WSADuplicateSocketA
WSAProviderConfigChange
bind
WSAAsyncGetProtoByName
WSACloseEvent
WSCGetProviderPath
ioctlsocket
recv
closesocket
setsockopt
WSALookupServiceEnd
WSAEnumProtocolsW
WSASetServiceW
WSASend
ntohs
WSCInstallNameSpace
WSAGetServiceClassNameByClassIdA
WSALookupServiceNextW
WSACreateEvent
WSACleanup
WSAConnect
WSApSetPostRoutine
getsockname
WSAStringToAddressW
WSAAsyncGetProtoByNumber
WSAUnhookBlockingHook
WSCUnInstallNameSpace
WSALookupServiceBeginA
WSAEventSelect
WSAIsBlocking
WSAGetOverlappedResult
WSARecvDisconnect
WSAGetQOSByName
WSAAddressToStringA
htonl
WSAAddressToStringW
shutdown
WEP
send
WSACancelAsyncRequest
WSASetLastError
WSAAsyncGetHostByAddr
gethostname
WSAEnumProtocolsA
WSAInstallServiceClassW
WSASocketW
WSARecvFrom
WSASendTo
sendto
listen

sqlunirl

_CreateEnhMetaFile_@16
_PostMessage@16
_RegEnumKeyEx_@32
_GetTempFileName_@16
_lstrcpyn_@12
_NDdeGetShareSecurity_@24
_FindFirstChangeNotification_@12
_GetKeyNameText_@12
_CreateEvent_@16
_GetProfileSection_@12
_BuildCommDCBAndTimeouts_@12
_FindAtom_@4
_GetDiskFreeSpace_@20
_GetProp@8
_LoadCursor@8
_TextOut@20
_MessageBoxEx_@20
_EnumResourceLanguages_@20
_SetProp@12
_AddAtom_@4
_DlgDirList_@20
_CreateFont@56
_lstrcmp_@8
_GetFileVersionInfo_@16
_WritePrivateProfileString_@16
_GetVolumeInformation_@32
_LoadMenuIndirect_@4
_UpdateResource_@24
_EnumResourceTypes_@12
_CreateMetaFile_@4
_FindFirstFile_@8
_BeginUpdateResource_@8
_EnumDisplaySettings_@12
_CreateMutex_@12
_WritePrivateProfileSection_@12
_GetPrivateProfileSection_@16
_IsCharLower_@4
_LogonUser_@24

advapi32

ConvertSidToStringSidW
SetTokenInformation
WmiSetSingleInstanceW
CloseEventLog
BuildTrusteeWithObjectsAndNameW
PrivilegeCheck
DuplicateEncryptionInfoFile
InitializeSecurityDescriptor
LsaSetDomainInformationPolicy
LsaQueryInfoTrustedDomain
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetServiceDisplayNameW
WmiQueryGuidInformation
QueryServiceConfigW
ImpersonateSelf
AddAuditAccessObjectAce
CredEnumerateW
CryptVerifySignatureW
CommandLineFromMsiDescriptor
SaferiPopulateDefaultsInRegistry
RemoveTraceCallback
StopTraceA
GetServiceDisplayNameA
I_ScSetServiceBitsW
GetInheritanceSourceA
ElfReadEventLogA
GetFileSecurityW
WmiDevInstToInstanceNameW
LsaQueryTrustedDomainInfoByName
RegisterTraceGuidsA

Sections

.text
Size: 198KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 419KB - Virtual size: 420KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 248KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f67cf9e251a6d7aa9bf734a48bd1d392

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

samlib

ws2_32

sqlunirl

advapi32

Sections

.text Size: 198KB - Virtual size: 200KB

.rdata Size: 419KB - Virtual size: 420KB

.data Size: 512B - Virtual size: 1.7MB

.rsrc Size: 248KB - Virtual size: 252KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 198KB - Virtual size: 200KB

.rdata
Size: 419KB - Virtual size: 420KB

.data
Size: 512B - Virtual size: 1.7MB

.rsrc
Size: 248KB - Virtual size: 252KB

.reloc
Size: 1024B - Virtual size: 4KB