d53689010569d698b36aa3b743b9771d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d53689010569d698b36aa3b743b9771d_JaffaCakes118
Size

863KB
MD5

d53689010569d698b36aa3b743b9771d
SHA1

f64298787edde81c3689624a7d696f1e33b65914
SHA256

11b1ab2c5e0ffb83d50d7fac64bbbfd7cbdd15c7c1d680d542e13429cf6859de
SHA512

f1478043785c72fa41e252c4a75e9860b2e3b8e8e4e137de058fa16274b2b183cf5f0e4c811e0f56cab3a1509c8c2e203a4408335170e158a135a6ff6613ee45
SSDEEP

24576:dtcBLudHzNVIGqFW/6jRf1CvGam60w0zfgQcNL:MBLu1zdqFWSlkzm6B0T+NL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d53689010569d698b36aa3b743b9771d_JaffaCakes118

Files

d53689010569d698b36aa3b743b9771d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4cd41e9980cd9f4eba9653a388b51a95

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

adsldpc

ConvertSidToString
ADsCreateClassDefinition
LdapcKeepHandleAround
LdapOpenObject2
ADsHelperGetCurrentRowMessage
LdapGetValuesLen
AdsTypeToLdapTypeCopyDNWithString
LdapDeleteExtS
ADsCreateAttributeDefinition
LdapDeleteS
LdapCountEntries
ADsGetColumn
BuildADsPathFromParent
ADsEnumClasses
ConvertU2TrusteeToSid
AllocADsStr
SchemaIsClassAContainer
LdapNextAttribute
SchemaGetClassInfo
LdapSearchExtS
?SetExclaimnationDisabler@CLexer@@QAEXH@Z
FindSearchTableIndex
ADsWriteAttributeDefinition
LdapModifyExtS
LdapTypeToAdsTypeDNWithBinary
ADsGetFirstRow
ADSIAbandonSearch
AdsTypeToLdapTypeCopyDNWithBinary
ADsDecodeBinaryData
LdapCloseObject
ADsCreateDSObject
InitObjectInfo
LdapGetSubSchemaSubEntryPath
ADsSetLastError
ADsDeleteDSObject

advapi32

GetServiceDisplayNameW
FileEncryptionStatusA
SystemFunction029
GetInformationCodeAuthzLevelW
CryptDeriveKey
MD5Update
AccessCheckByTypeResultListAndAuditAlarmW
SetFileSecurityA
OpenTraceA
SystemFunction006
CryptContextAddRef
CryptGetUserKey
A_SHAUpdate
CreatePrivateObjectSecurity
LsaSetInformationTrustedDomain
CredUnmarshalCredentialW
CreateProcessAsUserW
RegisterTraceGuidsA
CredEnumerateA
OpenBackupEventLogA
WmiFileHandleToInstanceNameW
IsWellKnownSid
GetSecurityDescriptorRMControl
LsaQueryInformationPolicy
AddAuditAccessAceEx
GetManagedApplicationCategories
GetOverlappedAccessResults
ObjectDeleteAuditAlarmW
GetEffectiveRightsFromAclW
LookupSecurityDescriptorPartsW
CryptGenRandom
ObjectOpenAuditAlarmW
SetEntriesInAccessListW
BuildExplicitAccessWithNameW
RegQueryMultipleValuesW
CreatePrivateObjectSecurityWithMultipleInheritance

kernel32

ExpungeConsoleCommandHistoryW
SetCurrentDirectoryA
LoadLibraryA
CreateProcessInternalW
GetConsoleCommandHistoryLengthA
LoadLibraryExW
FileTimeToDosDateTime
ReadConsoleInputExA
QueryActCtxW
GetLogicalDrives
OpenWaitableTimerW
QueryInformationJobObject
GetStartupInfoA
IsDBCSLeadByte
Module32FirstW
EnumUILanguagesA
SetThreadExecutionState
GetLastError
SetTimerQueueTimer
GetVersionExA
IsProcessInJob
GetVolumePathNamesForVolumeNameA
SetConsoleKeyShortcuts
GetExitCodeThread
LZOpenFileW
GetNamedPipeHandleStateA
CreateDirectoryExW
CreateMemoryResourceNotification
CreateDirectoryA
UnlockFile
GetSystemTimeAsFileTime
FindFirstChangeNotificationW
RemoveDirectoryW
GetPrivateProfileStringA
VerifyVersionInfoA
GetDriveTypeA
CallNamedPipeW
SetConsoleNumberOfCommandsW
GetFileAttributesW
DuplicateHandle
VirtualAlloc
GetTimeFormatW
GetAtomNameA
WaitForSingleObject
GlobalFindAtomA
GetFileAttributesExA
ReadFileEx

msvcrt

___lc_codepage_func
_ultoa
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
clock
??0exception@@QAE@ABQBD@Z
fread
__set_app_type
_wexecvp
_tzset
_ismbbalpha
_wcsdup
_purecall
_clearfp
_CItanh
_mbsset
__p__commode
__p__pwctype
exit
??0__non_rtti_object@@QAE@PBD@Z
_ismbcl0
cosh
_wsystem
_splitpath
__uncaught_exception
_ismbblead
_utime
putc
_cputs
_setjmp3
_putenv
_mbsstr
__getmainargs
_mbsncat
??1type_info@@UAE@XZ
__wcserror

msvcirt

_mtlock
??_7ios@@6B@
??0ios@@QAE@PAVstreambuf@@@Z
?get@istream@@QAEAAV1@PAEHD@Z
??6ostream@@QAEAAV0@PBE@Z
?seekg@istream@@QAEAAV1@JW4seek_dir@ios@@@Z
?tellg@istream@@QAEJXZ
?lock@streambuf@@QAEXXZ
?precision@ios@@QAEHH@Z
?ebuf@streambuf@@IBEPADXZ
?get@istream@@QAEAAV1@PACHD@Z
??_7istream_withassign@@6B@
?setbuf@strstreambuf@@UAEPAVstreambuf@@PADH@Z
??0ifstream@@QAE@PBDHH@Z
??5istream@@QAEAAV0@AAN@Z
??0ofstream@@QAE@PBDHH@Z
??_8ostream@@7B@
?sync@stdiobuf@@UAEHXZ
??0fstream@@QAE@HPADH@Z
??5istream@@QAEAAV0@PAC@Z
??_8iostream@@7Bistream@@@
??5istream@@QAEAAV0@AAH@Z
??1stdiobuf@@UAE@XZ
?egptr@streambuf@@IBEPADXZ
?get@istream@@QAEAAV1@AAC@Z
??_Estdiobuf@@UAEPAXI@Z
??4ios@@IAEAAV0@ABV0@@Z
??0istrstream@@QAE@PADH@Z
?x_maxbit@ios@@0JA
??_Gistream_withassign@@UAEPAXI@Z
??_Eifstream@@UAEPAXI@Z
??_7ostrstream@@6B@
?fill@ios@@QAEDD@Z
?str@strstream@@QAEPADXZ
?floatfield@ios@@2JB

msdart

?GetDefaultSpinCount@CSpinLock@@SGGXZ
?WriteUnlock@CSpinLock@@QAEXXZ
??0CLockedSingleList@@QAE@XZ
?HeadNode@CDoubleList@@QBEQBVCListEntry@@XZ
?MpHeapCompact@@YAKPAX@Z
?IsReadLocked@CSmallSpinLock@@QBE_NXZ
?WriteLock@CFakeLock@@QAEXXZ
?InsertHead@CDoubleList@@QAEXQAVCListEntry@@@Z
?WriteUnlock@CReaderWriterLock3@@QAEXXZ
?ConvertSharedToExclusive@CSpinLock@@QAEXXZ
??4CMdVersionInfo@@QAEAAV0@ABV0@@Z
?WriteUnlock@CReaderWriterLock@@QAEXXZ
MPInitializeCriticalSection
?IsReadLocked@CLKRLinearHashTable@@QBE_NXZ
?ReadUnlock@CReaderWriterLock@@QAEXXZ
?IsReadUnlocked@CSmallSpinLock@@QBE_NXZ
?ReadUnlock@CFakeLock@@QAEXXZ
?IsWin98@CMdVersionInfo@@SAHXZ
?FindKey@CLKRLinearHashTable@@QBE?AW4LK_RETCODE@@KPAPBX@Z
?SetTableLockSpinCount@CLKRHashTable@@QAEXG@Z
??4CLockedDoubleList@@QAEAAV0@ABV0@@Z
??1CFakeLock@@QAE@XZ
?_InsertThisIntoGlobalList@CLKRHashTable@@AAEXXZ
?GetDefaultSpinCount@CFakeLock@@SGGXZ
?_H0@CLKRLinearHashTable@@ABEKK@Z
?SetDefaultSpinAdjustmentFactor@CSpinLock@@SGXN@Z

user32

EndDialog

Sections

.text
Size: 342KB - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 378KB - Virtual size: 378KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4cd41e9980cd9f4eba9653a388b51a95

Headers

DLL Characteristics

File Characteristics

Imports

adsldpc

advapi32

kernel32

msvcrt

msvcirt

msdart

user32

Sections

.text Size: 342KB - Virtual size: 342KB

.rdata Size: 378KB - Virtual size: 378KB

.data Size: 140KB - Virtual size: 1.6MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 342KB - Virtual size: 342KB

.rdata
Size: 378KB - Virtual size: 378KB

.data
Size: 140KB - Virtual size: 1.6MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B