c91be69561aaa1af3ceec4e72e0f645e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c91be69561aaa1af3ceec4e72e0f645e_JaffaCakes118
Size

402KB
MD5

c91be69561aaa1af3ceec4e72e0f645e
SHA1

b4f4317bfa1717b041b82e01be76f8a8b44af4ac
SHA256

2f8c6d5e6c23e2d7c5dee985885dfac28706b98ccca6b4d8f58b1d3a9ee734d1
SHA512

2d7d860fd53395a3dc74dd94931afcba62902fd507c0e6391470e2509d8de8341bf82fbd38821ea68e0d571866e18125637ce09ec92540b5d99110bcb5798617
SSDEEP

12288:Oawfwug2miHgOM0pjS2IVSPHsQWJGC1dEVAYujx:v+DHgOMe7I4H4JGAdEVA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c91be69561aaa1af3ceec4e72e0f645e_JaffaCakes118

Files

c91be69561aaa1af3ceec4e72e0f645e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

94e0e4abf56f14461aa2c36878eddce1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

adsldpc

ADSIModifyRdn
ADsGetColumn
ADSICloseSearchHandle
LdapIsClassNameValidOnServer
BuildADsParentPath
intcmp
LdapcSetStickyServer
ADSIGetFirstRow
AdsTypeToLdapTypeCopyConstruct
LdapCacheAddRef
LdapSearchST
ADsGetLastError
ADsCreateDSObjectExt
LdapGetDn
LdapTypeToAdsTypeUTCTime
BuildADsPathFromLDAPPath2
FindSearchTableIndex
LdapReadAttributeFast
ADSIGetNextRow
ADsSetLastError
LdapGetNextPageS
ADsEnumAttributes
ADsDecodeBinaryData
ADsCloseSearchHandle
SchemaGetStringsFromStringTable
LdapTypeBinaryToString
ADsGetPreviousRow

kernel32

WriteTapemark
GetProcAddress
GetProcessIoCounters
CommConfigDialogA
GetCPInfo
GetModuleHandleW
SetLocalPrimaryComputerNameW
CreateJobObjectW
GetSystemWow64DirectoryW
GetFileSizeEx
SetLocaleInfoA
GetCommandLineA
IsBadStringPtrW
FindFirstVolumeMountPointW
ResetEvent
FindFirstFileExA
TlsSetValue
MoveFileExW
SetConsoleTitleA
BaseUpdateAppcompatCache
GetConsoleCursorMode
GetStartupInfoA
HeapCreate
ContinueDebugEvent
EnumerateLocalComputerNamesA
GetPrivateProfileSectionW
GlobalFindAtomA
VirtualAlloc
EnumTimeFormatsW
Toolhelp32ReadProcessMemory
LoadLibraryA

rasman

RasGetDeviceName
RasGetBuffer
RasPortGetStatistics
RasAddConnectionPort
RasGetInfoEx
RasPortClearStatistics
RasDeviceEnum
RasRpcGetSystemDirectory
RasPortClose
RasGetEapUserInfo
RasGetDevConfig
RasBundleClearStatistics
RasReferenceCustomCount
RasGetDialParams
RasFreeBuffer
RasDoIke
RasGetPortUserData
RasGetNdiswanDriverCaps
RasRpcRemoteSetUserPreferences
RasRpcEnumConnections

mapi32

MAPIUninitialize
CreateIProp@24
ScGenerateMuid@4
EncodeID@12
MAPILogonEx
SwapPlong@8
InstallFilterHook@4
FtNegFt@8
MAPIAllocateMore@12
cmc_logoff
EnableIdleRoutine@8
HrQueryAllRows@24
FBadPropTag@4
MAPIOpenFormMgr@8
MAPISendMail
HrValidateIPMSubtree@20
OpenTnefStreamEx@32
FPropExists@8
SzFindCh@8
UlFromSzHex@4

iaspolcy

DllUnregisterServer
DllGetClassObject
DllCanUnloadNow
DllRegisterServer

xolehlp

DtcGetTransactionManagerExA
DtcGetTransactionManagerEx
DtcGetTransactionManagerExW
DtcGetTransactionManager
DtcGetTransactionManagerC
GetDtcLocaleResourceHandle

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 145KB - Virtual size: 511KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

94e0e4abf56f14461aa2c36878eddce1

Headers

File Characteristics

Imports

adsldpc

kernel32

rasman

mapi32

iaspolcy

xolehlp

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 148KB - Virtual size: 148KB

.data Size: 145KB - Virtual size: 511KB

.tls Size: 512B - Virtual size: 4B

.rsrc Size: 99KB - Virtual size: 99KB

.reloc Size: 512B - Virtual size: 336B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 148KB - Virtual size: 148KB

.data
Size: 145KB - Virtual size: 511KB

.tls
Size: 512B - Virtual size: 4B

.rsrc
Size: 99KB - Virtual size: 99KB

.reloc
Size: 512B - Virtual size: 336B