a295fd7b84f1e36e796842b3b198c699_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a295fd7b84f1e36e796842b3b198c699_JaffaCakes118
Size

62KB
MD5

a295fd7b84f1e36e796842b3b198c699
SHA1

af6e269fd0b2f1d7af16835a72ad7d3ff9d4a970
SHA256

8dec5f0b3ff2ef5f1ce1735f752508c5aba43a61cb03c888c143f9a3af9d2ba9
SHA512

205546ef989d4499c9ed762ad766b8f638f72aaa6282c6296b3763868426a0e3c9675329202b714d9c90bf2297c4305b9c32c111354bb00b31d95261a210c22e
SSDEEP

1536:70WhggxLt9IxN+ADhbHX9SprMqYSngrwqZePdFqUv9+bCM237dsXtj:70WggplAuVD7gJvDChg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a295fd7b84f1e36e796842b3b198c699_JaffaCakes118

Files

a295fd7b84f1e36e796842b3b198c699_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5794f06cbb1869f8c5c29d8f65b3b4d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt40

isgraph
??7ios@@QBEHXZ
_except_handler2
_CIatan2
_onexit
_fileinfo
??0ios@@IAE@ABV0@@Z
?close@ofstream@@QAEXXZ
??_7ofstream@@6B@
?seekp@ostream@@QAEAAV1@J@Z
_ismbbprint
__p__acmdln
_putw
?pptr@streambuf@@IBEPADXZ
??_8ostream@@7B@
_fsopen
??6ostream@@QAEAAV0@K@Z
?getline@istream@@QAEAAV1@PACHD@Z
??0fstream@@QAE@H@Z
??6ostream@@QAEAAV0@I@Z
atoi
_wexecl

adsldpc

LdapGetNextPageS
SchemaGetPropertyInfo
ConvertSidToString
FindEntryInSearchTable
ReadPagingSupportedAttr
UnMarshallLDAPToLDAPSynID
BuildADsParentPath
ADsGetObjectAttributes
LdapModifyExtS
ADSIGetFirstRow
SchemaGetClassInfoByIndex
SchemaGetPropertyInfoByIndex
?SetExclaimnationDisabler@CLexer@@QAEXH@Z
LdapModDnS
LdapGetSchemaObjectCount
ADsWriteClassDefinition
LdapReadAttribute2
MapLDAPTypeToADSType
LdapCacheAddRef
ChangeSeparator
LdapFirstAttribute
ADsGetNextColumnName
ADsCreateClassDefinition
LdapReadAttributeFast
intcmp
ADSICloseDSObject

kernel32

GetThreadLocale
SetComPlusPackageInstallStatus
AddAtomA
LZRead
DebugActiveProcessStop
CompareStringW
GetCurrentProcessId
HeapFree
LockFile
GetOEMCP
GetTickCount
GetModuleHandleW
SetConsoleMode
HeapSummary
GetCPInfo
GetNamedPipeHandleStateA
SetThreadIdealProcessor
FatalAppExitW
TransactNamedPipe
SetTimerQueueTimer
WriteFile
GetLocalTime
_hread
GetModuleFileNameA
_lwrite
QueryPerformanceCounter
lstrcpyA
WaitForMultipleObjects
DeleteAtom
GetFileTime
LoadLibraryA
CreateActCtxA
WaitForDebugEvent
GetCurrentThreadId
ReadConsoleOutputAttribute
LocalUnlock
CreateJobSet
SetFirmwareEnvironmentVariableA
GetConsoleAliasesLengthA
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
GetPrivateProfileStringA
Module32FirstW
LoadLibraryW
InterlockedPopEntrySList
ScrollConsoleScreenBufferA
GetStartupInfoW
FormatMessageW
VirtualAlloc
lstrcmpA
GetCompressedFileSizeA
BuildCommDCBAndTimeoutsW
GetProcAddress
Module32First
IsProcessInJob
GetExitCodeProcess
FindActCtxSectionStringW
OpenMutexA
RegisterWaitForSingleObjectEx
GetComPlusPackageInstallStatus
LoadModule
GetThreadSelectorEntry
LockFileEx

query

?GetGUID@CMemDeSerStream@@UAEXAAU_GUID@@@Z
?IsValid@COccRestriction@@QBEHXZ
?SetPriority@CGenericCiProxy@@QAEXKK@Z
?SetNumberOfColumns@CCatState@@QAEXI@Z
?GetDouble@CMemDeSerStream@@UAENXZ
?DataWriteRead@CRequestClient@@QAEXPAXK0KAAK@Z
??1CKeyArray@@QAE@XZ
CIMakeICommand
??1CWorkQueue@@QAE@XZ
??1CCatalogAdmin@@QAE@XZ
?Close@CPipeClient@@IAEXXZ
?AcquireRead@CPropertyStore@@AAEXAAVCReadWriteLockRecord@@@Z
??1CNatLanguageRestriction@@QAE@XZ
?SetI4@CStorageVariant@@QAEXJI@Z
?Done@CFwAsyncWorkItem@@QAEXXZ
?FormFullTree@CTextToTree@@QAEPAUtagDBCOMMANDTREE@@XZ
?_FindOrAddValueNode@CDbPropertyRestriction@@AAEPAVCDbScalarValue@@XZ
?AddRef@CEnumString@@UAGKXZ
??0CMemSerStream@@QAE@PAEK@Z
?ParseCatalogURL@@YGJPBGAAV?$XPtrST@G@@1@Z

wldap32

ldap_add
ldap_init
ldap_bind_s
ldap_err2stringW
ldap_modrdn_s
ldap_ufn2dnA
ldap_create_sort_controlW
cldap_openA
ldap_modify_ext
ldap_delete_extW
ldap_first_entry
ldap_first_attributeW
ldap_escape_filter_elementW
ldap_search_ext_s
LdapUTF8ToUnicode
ldap_free_controlsA
ldap_get_optionA
ldap_count_entries
ldap_next_attributeW
ldap_search_ext_sW
ldap_sslinit
LdapUnicodeToUTF8
ldap_bindA
ldap_startup
ldap_control_freeA

oleaut32

VarUI1FromI4
VarDecRound
OleTranslateColor
VarBoolFromCy
VarBoolFromI4
VarBstrFromUI2
VarBstrFromI4
VarUI1FromUI2
VarDecFromI2
SafeArrayCreateVector
DispGetIDsOfNames
VarOr
VarI8FromDisp
VarDecInt
VarR4FromDate
VarI8FromUI2
VarFormatCurrency
VarBoolFromUI8
SafeArrayAllocData
VarI2FromI1
VarWeekdayName
RegisterActiveObject
VarUI8FromCy
VarUI2FromI8
OleLoadPicture
VarDateFromI1
SysAllocStringLen
OaBuildVersion
VarUI4FromI2
VarUI8FromStr
LPSAFEARRAY_Marshal
OleLoadPicturePath
GetRecordInfoFromTypeInfo
VarUI8FromI1
VariantChangeTypeEx
VarI4FromBool
VarAbs
VarUI8FromUI4
VarUI8FromR8
VarUI2FromCy
VarDecAdd
SafeArrayGetElemsize
VarR4FromUI2
DllCanUnloadNow
VarParseNumFromStr
VarI8FromDate
SafeArrayRedim

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 14KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5794f06cbb1869f8c5c29d8f65b3b4d1

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt40

adsldpc

kernel32

query

wldap32

oleaut32

Sections

.text Size: 13KB - Virtual size: 13KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 14KB - Virtual size: 95KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 328B

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 14KB - Virtual size: 95KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 328B