ad29f65ee347ab8c65795b77d8d98e3c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ad29f65ee347ab8c65795b77d8d98e3c_JaffaCakes118
Size

172KB
MD5

ad29f65ee347ab8c65795b77d8d98e3c
SHA1

56e2b3e401d4d2265a17fabd0b854793cb9f316a
SHA256

921d9709e500dfaff5e73fabd67905686a5b73b64d257784aae6ad7c2d3a6be2
SHA512

a14521dd1e4603d61fce2f18ce04316fe5c81ffc5a1add7a39f8888c7ce1dd2a62c1df1da28d8a3b563c82b796ddea1eabf1da38cdea6d72d7d2a26a70a15c0a
SSDEEP

3072:B4G53hZtOfaQO91oED2U8uV6a7R+T8Nym1gdi7tc8uwVYNIs:qGphPOxO32UT5b1gdi7u8w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad29f65ee347ab8c65795b77d8d98e3c_JaffaCakes118

Files

ad29f65ee347ab8c65795b77d8d98e3c_JaffaCakes118
.dll windows:5 windows x86 arch:x86

ff3b75b16953401fd8eb4d0d8b389870

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

adsldp.pdb

Imports

activeds

ord3
ord25
ord22
ord26
ord27
ord28
ord16
ord12
ord17
ord18
ord15
ord14
ord7

adsldpc

LdapTypeToAdsTypeUTCTime
LdapTypeToAdsTypeGeneralizedTime
LdapTypeToAdsTypeDNWithBinary
LdapTypeToAdsTypeDNWithString
LdapTypeFreeLdapModList
LdapTypeFreeLdapModObject
LdapTypeCopyConstruct
LdapValueFreeLen
BuildADsPathFromParent
LdapNextAttribute
LdapAttributeFree
LdapFirstAttribute
LdapModifyExtS
ReadSecurityDescriptorControlType
ReadServerSupportsIsADControl
LdapAddExtS
LdapDeleteS
AdsTypeFreeAdsObjects
AdsTypeToLdapTypeCopyConstruct
LdapTypeToAdsTypeCopyConstruct
LdapDeleteExtS
LdapcSetStickyServer
LdapRenameExtS
LdapModDnS
GetLDAPTypeName
LdapInitializeSearchPreferences
LdapTypeBinaryToString
MapLDAPTypeToADSType
AdsTypeToLdapTypeCopyDNWithString
ADsSetObjectAttributes
ADsGetObjectAttributes
ADsCreateDSObjectExt
ADsDeleteDSObject
ADsSetSearchPreference
ADsExecuteSearch
ADsAbandonSearch
ADsCloseSearchHandle
ADsGetFirstRow
ADsGetNextRow
ADsGetPreviousRow
ADsGetColumn
ADsGetNextColumnName
ADsFreeColumn
ADsEnumAttributes
ADsCreateAttributeDefinition
ADsWriteAttributeDefinition
ADsDeleteAttributeDefinition
ADsEnumClasses
ADsCreateClassDefinition
ADsWriteClassDefinition
ADsDeleteClassDefinition
LdapcKeepHandleAround
LdapGetSyntaxIdOfAttribute
LdapCacheAddRef
ADsHelperGetCurrentRowMessage
BuildADsParentPathFromObjectInfo2
AdsTypeToLdapTypeCopyDNWithBinary
AdsTypeToLdapTypeCopyTime
LdapSearchAbandonPage
ReadPagingSupportedAttr
AdsTypeToLdapTypeCopyGeneralizedTime
LdapSearchInitPage
LdapSearchExtS
LdapNextEntry
LdapGetNextPageS
LdapGetDn
?SetFSlashDisabler@CLexer@@QAEXH@Z
LdapMemFree
IsGCNamespace
GetDefaultServer
LdapOpenObject2
LdapReadAttributeFast
BuildADsPathFromLDAPPath2
BuildADsParentPath
GetDisplayName
??0CLexer@@QAE@PAG@Z
InitObjectInfo
??1CLexer@@QAE@XZ
?SetAtDisabler@CLexer@@QAEXH@Z
Component
PathName
?GetNextToken@CLexer@@QAEJPAGPAK@Z
SchemaGetObjectCount
SchemaGetPropertyInfoByIndex
SchemaGetClassInfoByIndex
SchemaAddRef
SchemaGetPropertyInfo
SchemaOpen
SchemaGetClassInfo
LdapModifyS
LdapReadAttribute
LdapAddS
SchemaClose
FindEntryInSearchTable
intcmp
FindSearchTableIndex
SortAndRemoveDuplicateOIDs
LdapOpenObject
LdapSearchS
LdapCountEntries
LdapFirstEntry
LdapGetValues
LdapCloseObject
LdapMsgFree
LdapValueFree
SchemaGetStringsFromStringTable
LdapGetSyntaxOfAttributeOnServer
SchemaGetSyntaxOfAttribute
BuildLDAPPathFromADsPath2
LdapMakeSchemaCacheObsolete
LdapGetSubSchemaSubEntryPath
LdapGetSchemaObjectCount
LdapTypeFreeLdapObjects
ADsObject
FreeObjectInfo
UnMarshallLDAPToLDAPSynID
MapADSTypeToLDAPType

advapi32

SystemFunction040
RegSetValueExW
RegOpenKeyExW
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
RegQueryValueExW
RegEnumKeyExW
SystemFunction041
RegCloseKey

kernel32

FreeLibrary
SetLastError
LeaveCriticalSection
LoadLibraryW
GetLastError
DisableThreadLibraryCalls
GetModuleHandleW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
GetProcAddress
FormatMessageW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
CloseHandle
lstrlenW
LocalAlloc
LocalFree
CompareStringW
GetTickCount
InterlockedDecrement
InterlockedIncrement

msvcrt

_except_handler3
_adjust_fdiv
malloc
_initterm
free
_wtoi64
wcstok
swscanf
_wtol
_ltow
_itow
swprintf
_wcsnicmp
qsort
wcschr
wcscpy
wcscmp
_wcsicmp
wcscat
wcsncpy
_purecall
wcslen
sprintf

netapi32

NetApiBufferFree

ntdll

RtlInitUnicodeString

ole32

CoCreateInstance
CoTaskMemFree
StringFromGUID2
CLSIDFromString
IIDFromString
StringFromCLSID
CreatePointerMoniker

oleaut32

VariantInit
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
SafeArrayGetElement
SafeArrayPutElement
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantCopyInd
SysAllocString
VariantTimeToSystemTime
VariantClear
DispGetIDsOfNames
LoadRegTypeLi
DispInvoke
SetErrorInfo
CreateErrorInfo
SystemTimeToVariantTime
SysFreeString

user32

wsprintfW

wldap32

ord12
ord53

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff3b75b16953401fd8eb4d0d8b389870

Headers

File Characteristics

PDB Paths

Imports

activeds

adsldpc

advapi32

kernel32

msvcrt

netapi32

ntdll

ole32

oleaut32

user32

wldap32

Exports

Exports

Sections

.text Size: 147KB - Virtual size: 147KB

.data Size: 15KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 147KB - Virtual size: 147KB

.data
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB