d49f57d1ef51dcfafcb5f9dd276d17b1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d49f57d1ef51dcfafcb5f9dd276d17b1_JaffaCakes118
Size

497KB
MD5

d49f57d1ef51dcfafcb5f9dd276d17b1
SHA1

8ca57f46749d3c6a4a8b24215f91dc4f100265ad
SHA256

1d88a5a64af76235ca8f14d3ae058c0fc0c5cef4441bad38c1dbfe00bcf76dbe
SHA512

1d60cc1189f0b67c95af1dfd33bf0875d0d8cef2cb357474ff72d2a6968d2340e5828c15ffbe24cfb0e517d6a3d76dda468ff508474056921cbca452ad5cb476
SSDEEP

12288:M5I5wBW7QjrdZeJb7FOt8VpJZNox9tMMnMMMMMEKobf4+sDHss:M5IGBW7Q/LEb7cqVpnNELMMnMMMMMEKE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d49f57d1ef51dcfafcb5f9dd276d17b1_JaffaCakes118

Files

d49f57d1ef51dcfafcb5f9dd276d17b1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c71fdbf4377f5e568203aa4264f52338

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AdjustTokenPrivileges
RegDeleteKeyW
RegQueryValueExW
InitializeSecurityDescriptor
RegDeleteValueW
RegisterEventSourceA
RegCreateKeyA
RegDeleteValueA
RegOpenKeyA
RegQueryValueA
RegEnumValueA
RegSetValueExA
RegOpenKeyW
LookupPrivilegeValueA
RegCreateKeyW
RegOpenKeyExA
SetSecurityDescriptorDacl
ReportEventA
RegEnumKeyA
RegCloseKey
RegDeleteKeyA
RegEnumKeyW
RegSetValueA
RegSetValueExW
RegEnumValueW
RegQueryInfoKeyA
RegQueryValueExA
OpenProcessToken
DeregisterEventSource

ddraw

DirectDrawEnumerateA

kernel32

GlobalAlloc
lstrcmpA
GetStringTypeExA
GlobalReAlloc
_lwrite
DeleteCriticalSection
HeapFree
TlsFree
GetCurrentDirectoryA
HeapSize
SetHandleCount
GetLastError
GetModuleHandleA
LoadLibraryExA
FileTimeToSystemTime
WideCharToMultiByte
FindNextFileA
IsDBCSLeadByte
ExitProcess
FreeEnvironmentStringsW
FindClose
FreeLibrary
CreateMailslotA
GetModuleFileNameA
VirtualAlloc
GetUserDefaultLangID
CreateDirectoryA
CompareStringA
RtlUnwind
lstrcatA
GlobalUnlock
FreeResource
SetCurrentDirectoryA
IsBadCodePtr
RemoveDirectoryA
DeleteFileA
UnhandledExceptionFilter
EnterCriticalSection
GetTickCount
lstrcpynA
ReleaseSemaphore
HeapDestroy
SizeofResource
GetStringTypeA
GetSystemInfo
GetProcAddress
TlsSetValue
FormatMessageW
GlobalAddAtomA
TlsGetValue
GetACP
ReadFile
TerminateProcess
CreateFileA
FlushFileBuffers
CreateSemaphoreA
GetStringTypeW
Sleep
GetCurrentProcess
SetEndOfFile
SetEnvironmentVariableA
GetTimeZoneInformation
SetFileAttributesA
GetVersionExA
FileTimeToLocalFileTime
CreateEventA
SetEvent
LockFile
GetDateFormatA
GetVolumeInformationA
HeapAlloc
GlobalHandle
GetCommandLineA
VirtualFree
lstrcpyA
GetLocaleInfoA
GetUserDefaultLCID
GlobalFree
FormatMessageA
GetShortPathNameA
ResumeThread
VirtualQuery
_llseek
MulDiv
GetSystemDefaultLangID
SetErrorMode
WriteFile
IsBadReadPtr
SetLocalTime
lstrlenA
CloseHandle
CompareStringW
UnlockFile
GetTempPathA
VirtualProtect
_lread
DuplicateHandle
HeapCreate
LeaveCriticalSection
ExitThread
GetModuleFileNameW
lstrcmpiW
GetFileType
GetWindowsDirectoryA
GetEnvironmentStringsW
TlsAlloc
GetLocalTime
GetStartupInfoA
GetOEMCP
RaiseException
WinExec
WaitForSingleObject
InitializeCriticalSection
GlobalSize
LoadResource
GetEnvironmentStrings
GetStdHandle
GetTempFileNameA
GetFileTime
GetVersion
GetCurrentProcessId
SystemTimeToFileTime
SetStdHandle
MultiByteToWideChar
LoadLibraryA
GetCurrentThreadId
GetProfileStringA
CreateProcessW
GetExitCodeProcess
FindFirstFileA
SetFileTime
CreateProcessA
LockResource
GetFullPathNameA
ResetEvent
GlobalDeleteAtom
GetDriveTypeA
GetCPInfo
GlobalLock
SetFilePointer
FindResourceA
SearchPathA
FreeEnvironmentStringsA
InterlockedDecrement
GetSystemDirectoryA
LCMapStringA
CreateThread
MoveFileA
SetLastError
LCMapStringW
GetSystemTime
GetSystemDefaultLCID
HeapReAlloc
FlushInstructionCache
GetFileAttributesA
lstrcmpiA
InterlockedIncrement

ws2_32

setsockopt

samlib

SamRemoveMultipleMembersFromAlias
SamConnectWithCreds

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 205KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 154KB - Virtual size: 1016KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c71fdbf4377f5e568203aa4264f52338

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ddraw

kernel32

ws2_32

samlib

Sections

.text Size: 1KB - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 4KB

.rdata Size: 205KB - Virtual size: 204KB

.data Size: 154KB - Virtual size: 1016KB

.rsrc Size: 130KB - Virtual size: 130KB

.reloc Size: 512B - Virtual size: 56B

.text
Size: 1KB - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 4KB

.rdata
Size: 205KB - Virtual size: 204KB

.data
Size: 154KB - Virtual size: 1016KB

.rsrc
Size: 130KB - Virtual size: 130KB

.reloc
Size: 512B - Virtual size: 56B