c115e07fa754f02fcf30c1dbeb844aac_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c115e07fa754f02fcf30c1dbeb844aac_JaffaCakes118
Size

184KB
MD5

c115e07fa754f02fcf30c1dbeb844aac
SHA1

30d188318ddae63cf499e05cfeb1973968f8c2d3
SHA256

c307cf427ee1d19845b10bb0571c47a25bb1059c79fd4d1b877e1d5ca3bb4d37
SHA512

b4c77958ace1152f9120ffb5f6e6211f4f9b87433e3dbe4906cd86219e1be24191e54f724c59ec2c43231adcdc19c153303a9023c99579c350714fde26d98d40
SSDEEP

3072:vNVkMEuXBTvlOFEpHinjoRAU80z7gd3Hm3MNWm0rNgB+xzjcK8/dUvg1/gbB:HkMEUJvs+p+QJ7gxm3yQHcNdU49gbB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c115e07fa754f02fcf30c1dbeb844aac_JaffaCakes118

Files

c115e07fa754f02fcf30c1dbeb844aac_JaffaCakes118
.dll windows:6 windows x86 arch:x86

b10f87072ed9e79f086be44a0be20724

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

adsldp.pdb

Imports

msvcrt

_except_handler4_common
_amsg_exit
_initterm
free
malloc
_XcptFilter
_wtoi64
wcstok
swscanf_s
_wtol
_ltow
_itow_s
_wcslwr
wcsstr
_wcsnicmp
qsort
wcschr
memcpy
wcscpy_s
memset
_wcsicmp
swprintf_s
wcscat_s
wcsncpy_s
_purecall

api-ms-win-core-localregistry-l1-1-0

RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner

kernel32

GetCurrentProcess
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
SetUnhandledExceptionFilter
TerminateProcess
FormatMessageW
FreeLibrary
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleW
DisableThreadLibraryCalls
GetProcAddress
GetLastError
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
GetSystemDirectoryW
SetLastError
InterlockedIncrement
InterlockedDecrement
GetTickCount
CompareStringW
LocalFree
LocalAlloc
RaiseException
lstrlenW
DelayLoadFailureHook
InterlockedCompareExchange
LoadLibraryExA
InterlockedExchange
Sleep
QueryPerformanceCounter
GetCurrentThreadId

activeds

ord14
ord15
ord18
ord17
ord12
ord16
ord28
ord27
ord7
ord3
ord31
ord25
ord22
ord26

adsldpc

ADsCreateAttributeDefinition
ADsWriteAttributeDefinition
ADsDeleteAttributeDefinition
ADsEnumClasses
ADsCreateClassDefinition
ADsEnumAttributes
ADsDeleteClassDefinition
LdapcKeepHandleAround
LdapGetSyntaxIdOfAttribute
LdapCacheAddRef
ADsHelperGetCurrentRowMessage
ADsFreeColumn
ADsGetNextColumnName
ADsGetColumn
ADsWriteClassDefinition
ADsGetPreviousRow
FreeObjectInfo
ADsObject
LdapTypeFreeLdapObjects
LdapGetSchemaObjectCount
LdapGetSubSchemaSubEntryPath
LdapMakeSchemaCacheObsolete
BuildLDAPPathFromADsPath2
SchemaGetSyntaxOfAttribute
LdapGetSyntaxOfAttributeOnServer
SchemaGetStringsFromStringTable
LdapValueFree
LdapMsgFree
LdapCloseObject
LdapGetValues
LdapFirstEntry
LdapCountEntries
LdapSearchS
LdapOpenObject
SortAndRemoveDuplicateOIDs
FindSearchTableIndex
intcmp
FindEntryInSearchTable
SchemaClose
LdapAddS
LdapReadAttribute
ADsGetNextRow
SchemaGetClassInfo
SchemaOpen
SchemaGetPropertyInfo
SchemaAddRef
SchemaGetClassInfoByIndex
SchemaGetPropertyInfoByIndex
SchemaGetObjectCount
?GetNextToken@CLexer@@QAEJPAGPAK@Z
PathName
??1CLexer@@QAE@XZ
Component
?SetAtDisabler@CLexer@@QAEXH@Z
InitObjectInfo
?InitializePath@CLexer@@QAEJPAG@Z
??0CLexer@@QAE@XZ
GetDisplayName
IsGCNamespace
BuildADsParentPath
BuildADsPathFromLDAPPath2
LdapReadAttributeFast
LdapOpenObject2
GetDefaultServer
LdapGetNextPageS
LdapSearchExtS
LdapSearchInitPage
ReadPagingSupportedAttr
LdapMemFree
?SetFSlashDisabler@CLexer@@QAEXH@Z
LdapGetDn
LdapNextEntry
LdapSearchAbandonPage
BuildADsPathFromParent
BuildADsParentPathFromObjectInfo2
ADSIPrint
AdsTypeToLdapTypeCopyTime
AdsTypeToLdapTypeCopyGeneralizedTime
AdsTypeToLdapTypeCopyDNWithBinary
AdsTypeToLdapTypeCopyDNWithString
LdapTypeToAdsTypeUTCTime
LdapTypeToAdsTypeGeneralizedTime
LdapTypeToAdsTypeDNWithBinary
LdapTypeToAdsTypeDNWithString
LdapTypeFreeLdapModList
LdapTypeCopyConstruct
LdapValueFreeLen
UnMarshallLDAPToLDAPSynID
LdapNextAttribute
LdapAttributeFree
LdapFirstAttribute
LdapTypeFreeLdapModObject
LdapModifyExtS
ReadSecurityDescriptorControlType
ReadServerSupportsIsADAMControl
ReadServerSupportsIsADControl
LdapAddExtS
LdapDeleteS
GetServerAndPort
AdsTypeFreeAdsObjects
AdsTypeToLdapTypeCopyConstruct
LdapTypeToAdsTypeCopyConstruct
LdapDeleteExtS
LdapcSetStickyServer
BerEncodingQuotaControl
LdapRenameExtS
LdapModDnS
GetLDAPTypeName
LdapInitializeSearchPreferences
LdapTypeBinaryToString
MapLDAPTypeToADSType
MapADSTypeToLDAPType
ADsSetObjectAttributes
ADsGetObjectAttributes
ADsDeleteDSObject
ADsCreateDSObjectExt
ADsSetSearchPreference
ADsExecuteSearch
ADsAbandonSearch
ADsCloseSearchHandle
ADsGetFirstRow
LdapModifyS

wldap32

ord53
ord54
ord12

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b10f87072ed9e79f086be44a0be20724

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-localregistry-l1-1-0

api-ms-win-security-base-l1-1-0

kernel32

activeds

adsldpc

wldap32

Exports

Exports

Sections

.text Size: 158KB - Virtual size: 157KB

.data Size: 16KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 158KB - Virtual size: 157KB

.data
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB