bafcd7a96e4aa5bfbd6712e89bb4461a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bafcd7a96e4aa5bfbd6712e89bb4461a_JaffaCakes118
Size

173KB
MD5

bafcd7a96e4aa5bfbd6712e89bb4461a
SHA1

991bb542186eeafcc3c27255013b27602a36c983
SHA256

78906a11dd90fb63e1898c607802a219c8882c5ab2228e6236084eac5be032dd
SHA512

f64276f921546a724aa48f8d39f6485d36e04d3e92be3dda6d7a85d21c4dddd7deacb1f8e1c47e57f23a4bfc7b9331952d87199eecab978ac3676d6729339eb5
SSDEEP

3072:1vU3HSO81+UtCIJoNr208sksjIzQcjbl/Ic60DMPxviOwG98yQbw/iKj03VkDUMX:xBO81rtBJP08IIVl/Id0gxKrRyQbEjmd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bafcd7a96e4aa5bfbd6712e89bb4461a_JaffaCakes118

Files

bafcd7a96e4aa5bfbd6712e89bb4461a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4be864f0e9dd49a1730c9e2a7b6be8d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsFree
SetLocalTime
HeapCreate
SystemTimeToFileTime
_lread
HeapSize
GetModuleFileNameA
SetEnvironmentVariableA
GlobalUnlock
GetFullPathNameA
LCMapStringW
CreateEventA
FindNextFileA
GetUserDefaultLCID
FreeResource
UnlockFile
GlobalHandle
GetCPInfo
SearchPathA
GetWindowsDirectoryA
GetTimeZoneInformation
GetFileType
IsBadReadPtr
FreeEnvironmentStringsW
SetStdHandle
RtlUnwind
GetCurrentProcess
GetLastError
SetFileTime
SetFileAttributesA
GetStartupInfoA
TlsGetValue
LoadLibraryA
DeleteFileA
GlobalReAlloc
LoadResource
WinExec
CreateSemaphoreA
HeapReAlloc
RaiseException
FileTimeToSystemTime
TlsAlloc
ResetEvent
GetDateFormatA
Sleep
GetLocaleInfoA
LoadLibraryExA
SetFilePointer
lstrcmpA
FreeLibrary
CreateThread
HeapFree
InitializeCriticalSection
GetModuleFileNameW
GlobalLock
EnterCriticalSection
MulDiv
CompareStringA
FlushInstructionCache
lstrcatA
VirtualAlloc
GetTempPathA
FreeEnvironmentStringsA
IsBadCodePtr
WriteFile
CloseHandle
CreateProcessA
VirtualQuery
IsDBCSLeadByte
GetStringTypeA
GetDriveTypeA
GetStdHandle
MultiByteToWideChar
LockFile
GetSystemDirectoryA
GlobalAddAtomA
SetEvent
InterlockedIncrement
GetVersionExA
FileTimeToLocalFileTime
GetEnvironmentStringsW
SetEndOfFile
GlobalAlloc
FormatMessageW
FindClose
DuplicateHandle
GetFileAttributesA
OpenProcess
GetLocalTime
ReleaseSemaphore
LeaveCriticalSection
lstrcpyA
_lwrite
MoveFileA
HeapAlloc
SizeofResource
ReadFile
UnhandledExceptionFilter
ExitProcess
GetProcAddress
VirtualFree
GetOEMCP
GetExitCodeProcess
GlobalSize
SetLastError
GetTickCount
TerminateProcess
GetStringTypeW
GetSystemTime
GetProfileStringA
FlushFileBuffers
GetVersion
HeapDestroy
DeleteCriticalSection
GetFileTime
FindResourceA
VirtualProtect
GlobalDeleteAtom
LockResource
FormatMessageA
FindFirstFileA
GetCommandLineA
GetEnvironmentStrings
CreateDirectoryA
lstrcmpiW
LCMapStringA
_llseek
lstrcpynA
GetModuleHandleA
ExitThread
GetSystemDefaultLCID
CreateProcessW
CreateFileA
InterlockedDecrement
SetCurrentDirectoryA
TlsSetValue
GetCurrentDirectoryA
GetCurrentThreadId
GetUserDefaultLangID
GetACP
lstrcmpiA
GetTempFileNameA
GetCurrentProcessId
SetHandleCount
_lclose
GlobalFree
GetVolumeInformationA
GetSystemInfo
SetErrorMode
CompareStringW
GetStringTypeExA
WaitForSingleObject
ResumeThread
WideCharToMultiByte
lstrlenA
GetShortPathNameA
GetSystemDefaultLangID

ws2_32

WSAConnect
setsockopt

advapi32

LookupPrivilegeValueA
RegDeleteValueA
RegOpenKeyW
DeregisterEventSource
RegQueryValueExW
RegDeleteValueW
RegQueryInfoKeyA
RegCreateKeyA
RegCreateKeyW
RegOpenKeyExA
InitializeSecurityDescriptor
RegDeleteKeyA
RegEnumValueW
RegSetValueExW
RegSetValueExA
SetSecurityDescriptorDacl
RegDeleteKeyW
RegEnumValueA
ReportEventA
AdjustTokenPrivileges
RegQueryValueA
RegQueryValueExA
RegEnumKeyA
RegisterEventSourceA
RegSetValueA
RegEnumKeyW
RegCloseKey
OpenProcessToken
RegOpenKeyA

samlib

SamLookupNamesInDomain
SamConnectWithCreds
SamConnect

ddraw

DirectDrawEnumerateA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 136KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4be864f0e9dd49a1730c9e2a7b6be8d2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

advapi32

samlib

ddraw

Sections

.text Size: 1KB - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 5KB

.data Size: 136KB - Virtual size: 360KB

.rsrc Size: 26KB - Virtual size: 26KB

.rdata Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 64B

.text
Size: 1KB - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 5KB

.data
Size: 136KB - Virtual size: 360KB

.rsrc
Size: 26KB - Virtual size: 26KB

.rdata
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 64B