a902a6dbf66684e21397b125b75f48d2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a902a6dbf66684e21397b125b75f48d2_JaffaCakes118
Size

859KB
MD5

a902a6dbf66684e21397b125b75f48d2
SHA1

37d0ea417256b4b69f9bd1ce9d2501ebcb9baf8f
SHA256

76428ee34825645e64104b7e9c4b31056220779b44be2f97ca47f03723e8255a
SHA512

ed0b5f08bc332f7674f2695fa0b14b4ef24e3cab616eff5dede2d384c0d158ee6ade431a5119a62c6c4fb93cb7e1bad5dac31bba62736dbe56592da1373dde73
SSDEEP

24576:UJfEBXpI9snfBaudU3WHkgAQ5DY9VNKM0fQdV:UJfEBZIyJD+3WHHDGKOV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a902a6dbf66684e21397b125b75f48d2_JaffaCakes118

Files

a902a6dbf66684e21397b125b75f48d2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c905d63df0fe9ea9d92775d293223794

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

scecli

SceFreeProfileMemory
SceGetObjectChildren
SceDcPromoteSecurity
SceCopyBaseProfile
SceGenerateRollback
SceCloseProfile
SceDcPromoteSecurityEx
SceOpenPolicy
SceIsSystemDatabase
SceSetupGenerateTemplate
SceSetupUpdateSecurityService
SceSetupUpdateSecurityKey
SceGetScpProfileDescription
SceGetServerProductType
SceAnalyzeSystem
SceSvcConvertSDToText
SceCommitTransaction
SceSetDatabaseSetting
SceFreeMemory
SceGetDatabaseSetting
SceCompareSecurityDescriptors
SceGetAnalysisAreaSummary
SceAddToObjectList
SceConfigureConvertedFileSecurity
SceSetupUpdateSecurityFile
SceAppendSecurityProfileInfo
SceDcPromoCreateGPOsInSysvol
SceSvcSetInformationTemplate
SceGetSecurityProfileInfo

winmm

mciGetDeviceIDFromElementIDW
waveOutReset
mmTaskBlock
timeGetDevCaps
midiInGetID
midiStreamClose
mmioStringToFOURCCW
midiOutGetDevCapsW
midiInOpen
mciSendCommandW
mixerClose
joy32Message
PlaySoundA
joyGetPos
waveInGetDevCapsW
mciExecute
wid32Message
mixerMessage
timeBeginPeriod
waveInMessage
midiStreamOpen
waveOutGetErrorTextW
timeKillEvent
joyGetThreshold
PlaySoundW
midiOutGetNumDevs
CloseDriver
waveOutWrite
midiStreamPosition

kernel32

GetCurrentProcess
lstrcpy
GetLogicalDriveStringsA
GetConsoleDisplayMode
DuplicateHandle
_hread
GlobalReAlloc
Thread32First
CreateSemaphoreA
SetComputerNameW
SetLocalPrimaryComputerNameW
LZClose
EnumerateLocalComputerNamesA
IsValidLanguageGroup
SetConsoleNlsMode
GetSystemTimeAdjustment
IsBadStringPtrW
CreateToolhelp32Snapshot
GetProcessVersion
GetModuleFileNameA
SetProcessWorkingSetSize
InvalidateConsoleDIBits
EnumCalendarInfoExW
OutputDebugStringW
FindVolumeClose
QueueUserWorkItem
GetPrivateProfileSectionNamesA
lstrcmpA
ChangeTimerQueueTimer
QueryPerformanceCounter
RegisterWowBaseHandlers
FindFirstVolumeW
SuspendThread
FindFirstVolumeA
GetConsoleCursorMode
UnhandledExceptionFilter
DebugSetProcessKillOnExit
GetCompressedFileSizeA
CreateIoCompletionPort
lstrcpyn
GetExpandedNameA
GlobalGetAtomNameA
TlsSetValue
FindFirstVolumeMountPointA
GetFileAttributesA
BaseFlushAppcompatCache
SetHandleInformation
SetDefaultCommConfigA
MoveFileExW
UnlockFile
OpenConsoleW
GetComputerNameW
GetLargestConsoleWindowSize
BaseInitAppcompatCacheSupport
SetThreadPriority
ReadDirectoryChangesW
GetDiskFreeSpaceA
RtlFillMemory
VirtualAllocEx
GetConsoleOutputCP
ReadConsoleOutputAttribute
GetOEMCP
SetConsoleInputExeNameA
BaseUpdateAppcompatCache
GetCurrentActCtx
GetSystemDirectoryA
ScrollConsoleScreenBufferA
MapViewOfFile
GetProfileIntA
CreateMemoryResourceNotification
SetLocaleInfoA
VirtualAlloc
InterlockedPopEntrySList
CreateJobSet
_hwrite
LoadLibraryA

adsldpc

LdapTypeToAdsTypeDNWithBinary
LdapValueFreeLen
ADsFreeColumn
ADSIOpenDSObject
MapLDAPTypeToADSType
LdapFirstEntry
FindEntryInSearchTable
AdsTypeToLdapTypeCopyConstruct
ADSIGetPreviousRow
SchemaOpen
LdapCountEntries
?GetNextToken@CLexer@@QAEJPAGPAK@Z
ADsCreateDSObjectExt
ADSIExecuteSearch
FindSearchTableIndex
BuildADsPathFromLDAPPath2
ADsGetNextColumnName
BuildLDAPPathFromADsPath2
LdapResult
LdapDeleteExtS
GetLDAPTypeName
FreeObjectInfo
SchemaAddRef
LdapTypeToAdsTypeGeneralizedTime
ADSIAbandonSearch

Sections

.text
Size: 365KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 334KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 156KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c905d63df0fe9ea9d92775d293223794

Headers

DLL Characteristics

File Characteristics

Imports

scecli

winmm

kernel32

adsldpc

Sections

.text Size: 365KB - Virtual size: 365KB

.rdata Size: 334KB - Virtual size: 334KB

.data Size: 156KB - Virtual size: 1.6MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 365KB - Virtual size: 365KB

.rdata
Size: 334KB - Virtual size: 334KB

.data
Size: 156KB - Virtual size: 1.6MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B