ba3b277201908244bbb099ff55766f5a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ba3b277201908244bbb099ff55766f5a_JaffaCakes118
Size

425KB
MD5

ba3b277201908244bbb099ff55766f5a
SHA1

734b2e0ce762368b55860fc5e34c00eafc7c3e4f
SHA256

0c697803ebb0e0db1d793ec44536066c8af161c59e2791a33d753890d3423342
SHA512

35000281235976c563b5f550d75cbe7a0c21aaea391b06e2b3746d8648c6db6b935024c09ce30d832d4ba74979aec5dcc413836a9b72b709d629451cc49989b7
SSDEEP

12288:KyNPGKMMnMMMMM+j+8WZ76ungaf7me3mFhj+Wo6Qt7ShS:KyNNMMnMMMMM+jMZe+giCKW3/QtWhS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba3b277201908244bbb099ff55766f5a_JaffaCakes118

Files

ba3b277201908244bbb099ff55766f5a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

479f60b53eaeea468c0d01354dc911ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ddraw

DirectDrawEnumerateA

user32

CallMsgFilterA

samlib

SamiEncryptPasswords
SamRemoveMultipleMembersFromAlias
SamTestPrivateFunctionsUser
SamConnectWithCreds

kernel32

lstrcmpA
GetSystemDirectoryA
FormatMessageW
LoadLibraryExA
GetModuleFileNameA
ResetEvent
GetFileType
CreateDirectoryA
lstrlenA
WaitForSingleObject
FindFirstFileA
FreeLibrary
GetVersion
GetSystemDefaultLangID
GetTimeZoneInformation
GetFullPathNameA
Sleep
SetEvent
HeapDestroy
GetCurrentThreadId
LCMapStringA
SetFileTime
DuplicateHandle
GlobalAddAtomA
GetStringTypeExA
CreateEventA
UnlockFile
GlobalReAlloc
WinExec
FormatMessageA
WriteFile
FlushFileBuffers
LeaveCriticalSection
MultiByteToWideChar
GetDriveTypeA
lstrcpyA
HeapFree
FindClose
LockResource
EnterCriticalSection
GetDateFormatA
GetVolumeInformationA
TlsFree
CreateSemaphoreA
SearchPathA
TlsSetValue
GlobalDeleteAtom
GetCurrentDirectoryA
FindResourceA
VirtualQuery
GetLastError
GetFileTime
ExitThread
IsDBCSLeadByte
SizeofResource
FlushInstructionCache
ResumeThread
GlobalFree
GetOEMCP
RtlUnwind
SetFilePointer
GlobalUnlock
GetTempFileNameA
IsBadReadPtr
DeleteFileA
GetStringTypeW
lstrcpynA
GetSystemTime
GlobalSize
GlobalLock
InterlockedIncrement
GetACP
VirtualFree
CompareStringA
TlsAlloc
GetVersionExA
GetCommandLineA
FindNextFileA
lstrcmpiA
MoveFileA
_lclose
_lread
LoadResource
HeapCreate
GetEnvironmentStrings
CloseHandle
GetCurrentProcess
GetStartupInfoA
GetFileAttributesA
SetLastError
GetExitCodeProcess
_llseek
GetEnvironmentStringsW
IsBadCodePtr
FreeResource
GetShortPathNameA
GetModuleHandleA
HeapReAlloc
LoadLibraryA
DeleteCriticalSection
FileTimeToLocalFileTime
SetEndOfFile
SetEnvironmentVariableA
VirtualAlloc
ReadFile
WideCharToMultiByte
GetCPInfo

msi

MsiAdvertiseProductW
MsiDatabaseCommit
MsiConfigureFeatureW

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 24KB - Virtual size: 872KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 359KB - Virtual size: 358KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

479f60b53eaeea468c0d01354dc911ca

Headers

DLL Characteristics

File Characteristics

Imports

ddraw

user32

samlib

kernel32

msi

Sections

.text Size: 1KB - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 3KB

.data Size: 24KB - Virtual size: 872KB

.reloc Size: 512B - Virtual size: 64B

.rdata Size: 36KB - Virtual size: 35KB

.rsrc Size: 359KB - Virtual size: 358KB

.text
Size: 1KB - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 3KB

.data
Size: 24KB - Virtual size: 872KB

.reloc
Size: 512B - Virtual size: 64B

.rdata
Size: 36KB - Virtual size: 35KB

.rsrc
Size: 359KB - Virtual size: 358KB