b849624b0a16e081a8053aeea9131703_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b849624b0a16e081a8053aeea9131703_JaffaCakes118
Size

860KB
MD5

b849624b0a16e081a8053aeea9131703
SHA1

39bdc4264e7efeeb8ff11747948d90a738cbc671
SHA256

94f6d6997a61948a4f42fa3e3b2220d2c07e3c8a133adc0eb1dbd1f659b3ac8e
SHA512

07b15b2ad09195b4e6e3f622e2e35e5ca397e7012396c4bbbae4b0c970662f410c18ce4aea509bf14b814bc365ab2c675a29dc3393efea211b3d05c15ff59074
SSDEEP

24576:bD7oRLSl0y5WkkwQtvfSSk+FG5E6R7U9KZYD:/7oRLUz5DkLvfSSvIrR7Ur

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b849624b0a16e081a8053aeea9131703_JaffaCakes118

Files

b849624b0a16e081a8053aeea9131703_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d5c6d10d3d5ff617afc37101fa16585a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

OpenProcessToken
GetTrusteeTypeW
MD5Final
MD4Update
LsaNtStatusToWinError
LsaSetTrustedDomainInfoByName
RegQueryValueW
AddUsersToEncryptedFile
GetFileSecurityA
UpdateTraceW
RegOpenUserClassesRoot
MakeAbsoluteSD2
SetInformationCodeAuthzLevelW
LsaDeleteTrustedDomain
WmiExecuteMethodA
SystemFunction001
LsaEnumeratePrivilegesOfAccount
BuildTrusteeWithSidA
RegCreateKeyA
ConvertStringSDToSDRootDomainW
RegSetKeySecurity
CredIsMarshaledCredentialA
SystemFunction011
CryptGetUserKey
RegSetValueA

msvcrt40

_adj_fdiv_m16i
??1streambuf@@UAE@XZ
_telli64
?str@ostrstream@@QAEPADXZ
fputwc
?cerr@@3Vostream_withassign@@A
_environ
_ismbcpunct
_winver
__p__daylight
vfprintf
?str@strstream@@QAEPADXZ
??_7streambuf@@6B@
??5istream@@QAEAAV0@AAH@Z
atexit
setbuf
_adj_fdiv_m32
?flush@@YAAAVostream@@AAV1@@Z
__wgetmainargs
?open@fstream@@QAEXPBDHH@Z
??_Elogic_error@@UAEPAXI@Z
??_7ifstream@@6B@
_wfreopen
?read@istream@@QAEAAV1@PAEH@Z
_getsystime
_wchmod
_ismbcl1
wcstol
??_Eostream@@UAEPAXI@Z
_findnexti64
?hex@@YAAAVios@@AAV1@@Z
_itow
??_Distream@@QAEXXZ
??4strstream@@QAEAAV0@AAV0@@Z
?rdbuf@stdiostream@@QBEPAVstdiobuf@@XZ
?unexpected@@YAXXZ
_commit
?init@ios@@IAEXPAVstreambuf@@@Z
pow
??0fstream@@QAE@ABV0@@Z
??1iostream@@UAE@XZ
??0ostream@@QAE@PAVstreambuf@@@Z
__p___argv
??_7stdiobuf@@6B@
putwc

shlwapi

UrlCreateFromPathA
SHRegQueryInfoUSKeyA
UrlIsNoHistoryA
SHIsLowMemoryMachine
StrCatW
UrlCanonicalizeW
StrIsIntlEqualW
SHDeleteEmptyKeyW
StrFromTimeIntervalA
SHQueryValueExA
PathRemoveFileSpecW
SHRegEnumUSValueA
StrStrA
SHOpenRegStream2W
SHReleaseThreadRef
PathCommonPrefixA
SHRegDeleteUSValueW
SHRegWriteUSValueA
AssocQueryKeyW
PathGetDriveNumberW
UrlEscapeA
StrChrIW
PathQuoteSpacesW
SHRegGetUSValueA
SHRegWriteUSValueW
PathStripPathA
StrRChrIW
PathMakeSystemFolderA
PathRemoveBlanksW
PathFindNextComponentA
UrlCombineA
PathRemoveBackslashA
PathIsURLW
PathIsNetworkPathW
PathStripToRootW
PathMatchSpecA
ChrCmpIA
SHRegSetPathW
PathRelativePathToW
PathUnExpandEnvStringsW
AssocQueryStringW
SHRegCreateUSKeyW
SHRegOpenUSKeyW

imagehlp

SymEnumerateModules
CheckSumMappedFile
ImageRemoveCertificate
ImageRvaToSection
SymGetLineFromName64
SearchTreeForFile
UpdateDebugInfoFile
UnmapDebugInformation
SymGetSymPrev64
SymUnDName64
ImageGetDigestStream
ImageEnumerateCertificates
EnumerateLoadedModules
SymGetSymNext64
MapDebugInformation
MapAndLoad
ImagehlpApiVersionEx
SymGetModuleBase64
ImageNtHeader
SymGetModuleInfoW
SymGetTypeInfo
SymUnloadModule
SymRegisterFunctionEntryCallback64
SetImageConfigInformation
RemoveRelocations
UnDecorateSymbolName
GetImageConfigInformation
ImageRvaToVa
SymRegisterFunctionEntryCallback
RemovePrivateCvSymbolicEx
SymGetTypeFromName
SymGetSymFromAddr64
SymEnumSymbols
SymEnumerateSymbolsW

adsldpc

AdsTypeToLdapTypeCopyTime
InitObjectInfo
ADsGetNextColumnName
FindSearchTableIndex
LdapGetValues
LdapSearchS
ADsGetPreviousRow
LdapTypeBinaryToString
BuildLDAPPathFromADsPath2
LdapNextAttribute
ConvertSidToString
LdapGetSchemaObjectCount
GetSyntaxOfAttribute
ADSIGetColumn
AdsTypeToLdapTypeCopyDNWithBinary
LdapRenameExtS
ADSIDeleteDSObject
SchemaClose
ADsHelperGetCurrentRowMessage
BerBvFree
LdapGetValuesLen
BuildADsParentPath
ADSIGetObjectAttributes
AdsTypeToLdapTypeCopyDNWithString
BuildADsPathFromLDAPPath
SchemaIsClassAContainer
ADsEnumAttributes

wldap32

ldap_parse_sort_controlA
ldap_memfreeA
ldap_search_init_page
ldap_extended_operationW
LdapUnicodeToUTF8
ber_bvdup
ber_peek_tag
ldap_compare_sA
ldap_count_entries
ldap_parse_resultA
ldap_simple_bind_sW
ldap_controls_free
ldap_set_optionA
ldap_check_filterA
ldap_control_freeA
ldap_openW
ldap_bind_sA
ldap_compare_ext_sA
ldap_value_free_len
ber_bvecfree
ldap_count_valuesA
ldap_addW
ldap_modrdn2_sW
ldap_simple_bind_s
ldap_bindA
ldap_deleteW
ldap_extended_operation_sA
ldap_parse_sort_control
ldap_modrdnW
ber_bvfree
ldap_parse_extended_resultA
ldap_rename_ext_s
ldap_delete_extA
ldap_parse_vlv_controlW
LdapUTF8ToUnicode
ldap_dn2ufnW
ldap_compare_ext_sW
ldap_get_values
ldap_get_valuesA

oleaut32

VarAnd
OleLoadPictureFileEx
VarCyFromUI1
DispCallFunc
VarR4FromUI1
LoadTypeLibEx
VarFormatFromTokens
VarR4FromDate
VarCyFromI1
VarBstrFromBool
RegisterTypeLib
VarCyAdd
VarUI2FromI4
SafeArraySetIID
VarUI4FromUI8
VarOr
VarFormatDateTime
VarR4FromBool
VarR8FromR4
VarDecFromI1
LPSAFEARRAY_UserMarshal
VarI4FromUI4
VarI1FromI4
VarDecFromI2
VarMonthName
VarI1FromUI8
VarI4FromDec
VarCyFromR4
VarBstrFromDec
VarCyFromI8
VarDateFromUI2
VarDateFromI1
VarR8FromCy
LPSAFEARRAY_Marshal
VarDecFromBool
BSTR_UserFree
VarDecFromUI8
VariantClear
VarMod
VarUI1FromDec
VarUI2FromUI1
VarBstrFromUI2
VarDateFromBool
VarUI2FromUI8

kernel32

TlsSetValue
OpenEventW
EnumerateLocalComputerNamesW
QueryPerformanceFrequency
NlsGetCacheUpdateCount
GetVolumeNameForVolumeMountPointA
GetFileTime
DeleteCriticalSection
GetSystemDirectoryA
SetComputerNameA
IsBadStringPtrA
IsProcessInJob
SetEndOfFile
GetCommandLineW
GetDriveTypeW
EnumTimeFormatsA
LoadLibraryA
GlobalSize
LeaveCriticalSection
CreateDirectoryExW
GlobalFindAtomA
QueryPerformanceCounter
SwitchToFiber
GetConsoleWindow
Process32NextW
SetConsoleLocalEUDC
SetStdHandle
SuspendThread
GetFullPathNameA
GetConsoleProcessList
GetConsoleCommandHistoryLengthW
OpenProfileUserMapping
IsWow64Process
EnumResourceNamesA
LZCreateFileW
TlsFree
EnterCriticalSection
GetOverlappedResult
SetFileApisToOEM
WriteConsoleOutputCharacterA
InterlockedExchange
SetConsoleMenuClose
SetComputerNameExA
SetCurrentDirectoryA
SetConsoleKeyShortcuts
VirtualAlloc
GetDefaultCommConfigW
FatalAppExitW
GetComputerNameA
ReadConsoleOutputCharacterW

Sections

.text
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 342KB - Virtual size: 342KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 369KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d5c6d10d3d5ff617afc37101fa16585a

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

msvcrt40

shlwapi

imagehlp

adsldpc

wldap32

oleaut32

kernel32

Sections

.text Size: 144KB - Virtual size: 144KB

.rdata Size: 342KB - Virtual size: 342KB

.data Size: 369KB - Virtual size: 1.8MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 944B

.text
Size: 144KB - Virtual size: 144KB

.rdata
Size: 342KB - Virtual size: 342KB

.data
Size: 369KB - Virtual size: 1.8MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 944B