d1b4a2bbf3a4b28cb1e336e6dac3140e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d1b4a2bbf3a4b28cb1e336e6dac3140e_JaffaCakes118
Size

1.1MB
MD5

d1b4a2bbf3a4b28cb1e336e6dac3140e
SHA1

3529d44cbc69ee6e620cde68392d2501ee21ddc5
SHA256

39fa76fed8f9bab0b7becaea71fa65cc0ad704a491f0f765dd94c965112ccde7
SHA512

34dfa6bf2c81a5e95b87593c7a500b9408f54aa1ea7e45b3d7291b1a840973a7fc70cfc28458714a5501d71a1832faf24ff5e1e735bac2802af869c7d80d67c2
SSDEEP

24576:KHh1an/ZbgrPJnm7PNi843bAkEtwruR8X5+uQZ391UHYv:KqerxnOo53squpNNvy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d1b4a2bbf3a4b28cb1e336e6dac3140e_JaffaCakes118

Files

d1b4a2bbf3a4b28cb1e336e6dac3140e_JaffaCakes118
.exe windows:0 windows x86 arch:x86

53478ac185395df17507d6e48857d854

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

BeginPaint
DefWindowProcA
DestroyWindow
SendMessageA
DispatchMessageA
ShowWindow
UpdateWindow
GetMessageA
EndPaint
CreateWindowExA
RegisterClassA
TranslateMessage

adsldpc

LdapSearchInitPage
GetLDAPTypeName
AllocADsMem
LdapMemFree
Component
LdapSearchAbandonPage
LdapParseResult
AdsTypeToLdapTypeCopyGeneralizedTime
AdsTypeToLdapTypeCopyConstruct
ADSICloseDSObject
BuildLDAPPathFromADsPath
ADsEnumAttributes
ADsCreateClassDefinition
LdapModifyExtS
LdapParsePageControl
SchemaGetPropertyInfo
LdapDeleteS
ADsObject
ADsDeleteClassDefinition
ADsGetObjectAttributes
ADSIGetColumn
SchemaAddRef
ADsGetFirstRow
ConvertSidToString
ADSISetSearchPreference
LdapReadAttribute2
LdapTypeFreeLdapObjects
ReadServerSupportsIsADControl
GetDisplayName
LdapReadAttributeFast
LdapCloseObject
ADSIOpenDSObject
LdapRenameExtS
LdapAddS
MapADSTypeToLDAPType
GetDomainDNSNameForDomain
LdapGetNextPageS
ADsWriteClassDefinition

kernel32

GetEnvironmentStringsA
DosDateTimeToFileTime
SetFilePointer
InterlockedPopEntrySList
ReadFileEx
CloseHandle
GetLastError
LeaveCriticalSection
VirtualAlloc
VirtualFree
CreateFileA
PeekNamedPipe
EnterCriticalSection
HeapAlloc
CreateEventA
WaitForMultipleObjects
ConnectNamedPipe
GetProcessHeap
ExitProcess
HeapReAlloc
HeapFree
InterlockedCompareExchange
FreeEnvironmentStringsA
GetFirmwareEnvironmentVariableA
InitializeCriticalSection
OpenEventA
ExpandEnvironmentStringsA
InterlockedPushEntrySList
CreateNamedPipeA
SetEvent
ReadFile

Sections

.text
Size: 921KB - Virtual size: 921KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53478ac185395df17507d6e48857d854

Headers

DLL Characteristics

File Characteristics

Imports

user32

adsldpc

kernel32

Sections

.text Size: 921KB - Virtual size: 921KB

.data Size: 103KB - Virtual size: 103KB

.rsrc Size: 102KB - Virtual size: 3.2MB

.text
Size: 921KB - Virtual size: 921KB

.data
Size: 103KB - Virtual size: 103KB

.rsrc
Size: 102KB - Virtual size: 3.2MB