ad2f5207e562994ea71a345dc6b6bdf2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ad2f5207e562994ea71a345dc6b6bdf2_JaffaCakes118
Size

421KB
MD5

ad2f5207e562994ea71a345dc6b6bdf2
SHA1

d6a004ad815583603f005f26f093720142afcbc6
SHA256

71aea22787d519af4cb5a437c511d826be411227acd58513a3e3a0b3a9dfe746
SHA512

ab5315d0a2236a666adad7b8528e3d32fe839f711c13c496d40b287890ffdbd6ee364ff60ad3178fbcbcb925ba855b6c80adb2b4dab206328f784f381b235f0c
SSDEEP

12288:LMMnMMMMMLlur07q6Ow+iNlsMXShiWIYXP3yfV209DBEW99M:LMMnMMMMMLQo7qXw+i0cmigPIvE4M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad2f5207e562994ea71a345dc6b6bdf2_JaffaCakes118

Files

ad2f5207e562994ea71a345dc6b6bdf2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4206cc3cb61c00f8bc1a295a985f4ef1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc

user32

CallMsgFilterA

ntdll

RtlFreeSid
NtQueryDefaultLocale
RtlCreateSecurityDescriptor
RtlExpandEnvironmentStrings_U
NtResetEvent
NtQueryValueKey
RtlCopyUnicodeString
RtlInitializeCriticalSection
RtlOpenCurrentUser
RtlSetDaclSecurityDescriptor
RtlCharToInteger
NtQueryInformationProcess
NtSetInformationProcess
NtOpenProcess
RtlQueryRegistryValues
NtMakePermanentObject
memmove
LdrLoadDll
RtlAnsiStringToUnicodeString
RtlEqualSid
NtSetEvent
wcslen
RtlPrefixUnicodeString
NtClose
NtQueryObject
NtSetInformationObject
RtlInitializeCriticalSectionAndSpinCount
RtlCreateTagHeap
NtQuerySystemInformation
NtOpenProcessToken
RtlUpcaseUnicodeChar
RtlEqualUnicodeString
NtCreateDirectoryObject
swprintf
NtDuplicateObject
_snwprintf
strstr
_wcsicmp
RtlLeaveCriticalSection
wcsncpy
NtCreateEvent
NtMakeTemporaryObject
NtOpenKey
NtNotifyChangeKey
RtlInitString
LdrUnloadDll
LdrGetDllHandle
RtlCreateUnicodeString
RtlEnterCriticalSection
NtCreateSemaphore
NtOpenThread
NtCreateSection
RtlAllocateAndInitializeSid
RtlAppendUnicodeStringToString
NtOpenThreadToken
wcscat
NtQueryInformationToken
NtCreateSymbolicLinkObject
NtTerminateThread
RtlCreateUserThread
DbgPrint
wcscpy
DbgBreakPoint
NtOpenSymbolicLinkObject
NtSetValueKey
RtlCopyLuid
RtlCompareUnicodeString
_wcsnicmp
NtQuerySymbolicLinkObject
LdrGetProcedureAddress

msi

MsiDatabaseCommit
MsiConfigureFeatureW
MsiConfigureProductA
MsiConfigureProductW

samlib

SamTestPrivateFunctionsUser
SamRemoveMultipleMembersFromAlias
SamiEncryptPasswords
SamConnectWithCreds

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 141KB - Virtual size: 864KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4206cc3cb61c00f8bc1a295a985f4ef1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ntdll

msi

samlib

Sections

.text Size: 1KB - Virtual size: 1KB

.rsrc Size: 192KB - Virtual size: 191KB

.reloc Size: 512B - Virtual size: 72B

.rdata Size: 82KB - Virtual size: 82KB

.data Size: 141KB - Virtual size: 864KB

.idata Size: 2KB - Virtual size: 2KB

.text
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 192KB - Virtual size: 191KB

.reloc
Size: 512B - Virtual size: 72B

.rdata
Size: 82KB - Virtual size: 82KB

.data
Size: 141KB - Virtual size: 864KB

.idata
Size: 2KB - Virtual size: 2KB