d404aa0952df01f37099e6f52636367a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d404aa0952df01f37099e6f52636367a_JaffaCakes118
Size

82KB
MD5

d404aa0952df01f37099e6f52636367a
SHA1

4cbbb7e9dbe773411a0d53281704b9d4903a3008
SHA256

2486557c44358220df23aaf986b0336f594b5a76dc50da9ce3eb8dc5c7db7726
SHA512

74f0cf3f514e2e5cdf62e57317cfe35e5427aaca6fc8485970234687c26efc87d981c2b8969425785f19049dcc6178a6f633d1e00bd9e37e60977f4ed4820a2c
SSDEEP

1536:HuinFuFQsdg6WaAhCfYHhzs4NPTB9Is7pQxie0ZhlLUfk:Huin/wzYhlTbIs7pQxidZ3L2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d404aa0952df01f37099e6f52636367a_JaffaCakes118

Files

d404aa0952df01f37099e6f52636367a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5fc0d6b691b5dc6850da57f641401045

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

cabview

DllGetClassObject

dnsapi

DnsNameCompareEx_W

dsprop

FindSheet
ADsPropSendErrorMessage
ADsPropCreateNotifyObj
ADsPropSetHwndWithTitle
ADsPropShowErrorDialog
ADsPropSetHwnd
ADsPropGetInitInfo

credui

CredUIInitControls
CredUIParseUserNameW

msvcrt

wcscat
_wtol
swprintf
wcsncat
wcsncpy
wcsstr
free
_wcsupr
_initterm
iswspace
wcsrchr
wcscmp
__dllonexit
memmove
wcstoul
wcscpy
printf
wcspbrk
rand
isdigit
wcstok
swscanf
_wtoi
_adjust_fdiv
iswdigit
srand
time
iswxdigit
_purecall
wcschr
_onexit
_wcsicmp
malloc
__CxxFrameHandler
isalnum
mbstowcs
_wcsnicmp
_except_handler3
vswprintf
_vsnwprintf
wcslen
strchr

advapi32

CloseServiceHandle
LsaQueryInformationPolicy
GetLengthSid
GetSidIdentifierAuthority
RegCloseKey
LsaSetForestTrustInformation
IsValidSid
LogonUserW
GetSidSubAuthorityCount
LsaOpenPolicy
LsaOpenTrustedDomain
CryptAcquireContextW
LsaCreateTrustedDomainEx
LsaDelete
ImpersonateLoggedOnUser
SystemFunction040
InitializeSecurityDescriptor
LsaSetTrustedDomainInfoByName
SetNamedSecurityInfoW
LsaLookupSids
FreeSid
SystemFunction041
GetSecurityDescriptorDacl
GetNamedSecurityInfoW
AllocateAndInitializeSid
GetSidSubAuthority
EqualSid
CryptReleaseContext
OpenSCManagerW
LsaClose
RegCreateKeyExW
SetEntriesInAclW
RevertToSelf
RegQueryValueExW
RegDeleteKeyW
EqualPrefixSid
ImpersonateAnonymousToken
QueryServiceStatus
CryptGenRandom
LsaFreeMemory
BuildTrusteeWithSidW
OpenServiceW
LsaRetrievePrivateData
LsaQueryTrustedDomainInfo
LsaOpenTrustedDomainByName
RegOpenKeyExW
LsaQueryTrustedDomainInfoByName
GetSidLengthRequired
LsaQueryForestTrustInformation
InitializeAcl
GetSecurityDescriptorControl
MakeSelfRelativeSD
RegSetValueExW
GetSecurityDescriptorLength
GetExplicitEntriesFromAclW
BuildTrusteeWithObjectsAndSidW
LsaNtStatusToWinError

ntdll

RtlInitUnicodeString
NtQuerySystemTime
RtlIdentifierAuthoritySid
RtlNtStatusToDosError
RtlSubAuthoritySid
RtlSubAuthorityCountSid

netapi32

NetApiBufferFree
NetpNtStatusToApiStatus
NetpParmsSetUserProperty
NetUserModalsGet
NetpParmsUserPropertyFree
I_NetLogonControl2
DsGetForestTrustInformationW
DsGetDcNameW
DsEnumerateDomainTrustsW
DsMergeForestTrustInformationW
I_NetPathType
NetpParmsQueryUserProperty

kernel32

FormatMessageW
MultiByteToWideChar
GlobalUnlock
SystemTimeToFileTime
LoadLibraryW
GetCurrentProcessId
GetTickCount
lstrcpyW
lstrcmpW
WriteFile
GetCurrentProcess
SetLastError
FreeLibrary
GetSystemTimeAsFileTime
LocalAlloc
UnhandledExceptionFilter
SystemTimeToTzSpecificLocalTime
GetFileSize
FileTimeToLocalFileTime
VirtualAlloc
InterlockedIncrement
ReadFile
GetLastError
CloseHandle
GlobalAlloc
lstrcpynW
GetSystemTime
TerminateProcess
GetWindowsDirectoryW
lstrcmpiW
GetCurrentThreadId
GetDateFormatW
QueryPerformanceCounter
GetTimeFormatW
LocalFree
DnsHostnameToComputerNameW
LoadLibraryExW
IsBadWritePtr
DisableThreadLibraryCalls
WideCharToMultiByte
IsBadReadPtr
CreateDirectoryW
GetProcAddress
InterlockedDecrement
CreateFileW
OpenThread
GetModuleFileNameW
lstrlenW
FileTimeToSystemTime
lstrlenA
TzSpecificLocalTimeToSystemTime
GetSystemDirectoryW
GlobalLock
SetUnhandledExceptionFilter
GetModuleHandleW

crypt32

CertDuplicateStore
CryptQueryObject
CertEnumSystemStore
CertCloseStore
CertAddCertificateContextToStore
CertGetCertificateContextProperty
CertDeleteCertificateFromStore
CertOpenStore
CertSaveStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertGetNameStringW
CryptDecodeObject
CertControlStore
CryptFindOIDInfo
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext

gdi32

CreateBitmap
CreateFontIndirectW
GetTextExtentPoint32W
DeleteObject
GetDeviceCaps
CreatePatternBrush
SetTextColor
SetBkColor

cmdial32

AutoDialFunc

shell32

SHGetFolderPathW

adsnw

DllGetClassObject

ole32

ReleaseStgMedium
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoTaskMemFree
StringFromCLSID
StringFromIID
CoTaskMemAlloc
CoCreateInstance

shlwapi

PathAppendW
PathIsUNCServerShareW

cryptui

CryptUIDlgViewCertificateW
CryptUIDlgSelectCertificateW

ntdsapi

DsBindW
DsCrackNamesW
DsIsMangledDnW
DsFreeNameResultW
DsCrackSpn3W
DsUnBindW

user32

GetParent
DestroyWindow
CheckRadioButton
SetFocus
IsWindow
SetCursor
SendMessageW
GetWindow
DrawIcon
MessageBoxW
LoadStringW
ScreenToClient
SetWindowContextHelpId
SetScrollInfo
DialogBoxParamW
ShowWindow
SystemParametersInfoW
MessageBoxA
GetSysColor
FindWindowExW
CallWindowProcW
GetSysColorBrush
SetScrollPos
SetDlgItemTextW
MoveWindow
wsprintfW
WinHelpW
DefWindowProcW
SetForegroundWindow
ReleaseDC
GetWindowTextLengthW
SendDlgItemMessageW
IsDlgButtonChecked
ScrollWindow
RegisterWindowMessageW
EndPaint
DrawFocusRect
GetWindowTextW
MapDialogRect
CreateWindowExW
SetWindowPos
SetWindowLongW
PostMessageW
SetScrollRange
GetWindowLongW
OffsetRect
RegisterClipboardFormatW
FrameRect
GetScrollInfo
LoadCursorW
LoadBitmapW
GetDesktopWindow
EnableWindow
GetDlgItemTextW
GetSystemMetrics
GetClientRect
GetDlgItem
LoadIconW
GetDC
IsWindowEnabled
GetWindowThreadProcessId
RegisterClassW
GetDlgCtrlID
UpdateWindow
EndDialog
InflateRect
CheckDlgButton
BeginPaint
MapWindowPoints
MessageBeep
GetWindowRect
SetWindowTextW
DestroyIcon

Sections

.text
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 656KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5fc0d6b691b5dc6850da57f641401045

Headers

DLL Characteristics

File Characteristics

Imports

cabview

dnsapi

dsprop

credui

msvcrt

advapi32

ntdll

netapi32

kernel32

crypt32

gdi32

cmdial32

shell32

adsnw

ole32

shlwapi

cryptui

ntdsapi

user32

Sections

.text Size: 512B - Virtual size: 420B

.rsrc Size: 50KB - Virtual size: 50KB

.reloc Size: 512B - Virtual size: 28B

.idata Size: 10KB - Virtual size: 10KB

.data Size: - Virtual size: 656KB

.rdata Size: 19KB - Virtual size: 19KB

.text
Size: 512B - Virtual size: 420B

.rsrc
Size: 50KB - Virtual size: 50KB

.reloc
Size: 512B - Virtual size: 28B

.idata
Size: 10KB - Virtual size: 10KB

.data
Size: - Virtual size: 656KB

.rdata
Size: 19KB - Virtual size: 19KB