de1af5595f8812fd83f3fa031dee9bc4_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

de1af5595f8812fd83f3fa031dee9bc4_JaffaCakes118
Size

1.1MB
MD5

de1af5595f8812fd83f3fa031dee9bc4
SHA1

0facebac020f8ff1c3a111ee749b7a87e1b47e66
SHA256

14d39d8cdd9cdad6f44d4b9b65f99a13c95c56ba9a89f32174fd0b2d351349a1
SHA512

670012a152038ff22ec47bf357c64ece545457dba66a2f9d4b1d40c487c378c4f29901bad5c3ff62d1322e805f8fa88110e673068dbc69744845dc9ebaf57b6d
SSDEEP

24576:SozqxQKYuUMAyzpdVcFVV1SHXE6papv3b+px5uCiE8k:6QxuXAyzUwX81Lq3u08k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de1af5595f8812fd83f3fa031dee9bc4_JaffaCakes118

Files

de1af5595f8812fd83f3fa031dee9bc4_JaffaCakes118
.exe windows:7 windows x86 arch:x86

638e7c52aaf0adc6593da61cb5730e0e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

adsldpc

LdapControlFree
LdapValueFree
ReallocADsMem
LdapReadAttribute2
ADsCreateDSObject
LdapGetSubSchemaSubEntryPath
SchemaGetPropertyInfo
LdapDeleteExtS
LdapMakeSchemaCacheObsolete
LdapModifyS
LdapGetSchemaObjectCount
LdapGetValuesLen
LdapIsClassNameValidOnServer
ADsAbandonSearch
ConvertU2TrusteeToSid
ADsDeleteClassDefinition
LdapCloseObject
ADsEnumAttributes
ADsGetPreviousRow
ReadPagingSupportedAttr
SchemaGetClassInfo
ADsSetLastError
SchemaGetPropertyInfoByIndex
LdapRenameExtS
LdapGetSyntaxIdOfAttribute
AllocADsStr
ADsSetSearchPreference
ADSIGetPreviousRow
AdsTypeToLdapTypeCopyConstruct
LdapFirstEntry
LdapOpenObject
BuildLDAPPathFromADsPath

kernel32

InterlockedPopEntrySList
HeapFree
DisconnectNamedPipe
LeaveCriticalSection
ReadFile
CloseHandle
GetLastError
VirtualAlloc
GetStringTypeExA
HeapAlloc
CreateEventA
CreateFileA
OpenEventA
InterlockedPushEntrySList
VirtualFree
EnterCriticalSection
HeapCreate
ExitProcess
InitializeCriticalSection
GetFileTime
SetEvent
GetProcessHeap
GetEnvironmentStringsA
ConnectNamedPipe
FreeEnvironmentStringsA
FileTimeToDosDateTime
lstrcatA
SetNamedPipeHandleState
InterlockedExchangeAdd
WaitForMultipleObjects
WriteFileEx
HeapReAlloc
CreateNamedPipeA
SetFilePointer
HeapSetInformation
GetStringTypeA
HeapDestroy
ExpandEnvironmentStringsA

user32

DestroyWindow
BeginPaint
DispatchMessageA
TranslateMessage
SendMessageA
ShowWindow
CreateWindowExA
DefWindowProcA
GetMessageA
UpdateWindow
RegisterClassA
EndPaint

Sections

.text
Size: 894KB - Virtual size: 894KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

638e7c52aaf0adc6593da61cb5730e0e

Headers

DLL Characteristics

File Characteristics

Imports

adsldpc

kernel32

user32

Sections

.text Size: 894KB - Virtual size: 894KB

.data Size: 121KB - Virtual size: 121KB

.rsrc Size: 116KB - Virtual size: 3.2MB

.text
Size: 894KB - Virtual size: 894KB

.data
Size: 121KB - Virtual size: 121KB

.rsrc
Size: 116KB - Virtual size: 3.2MB