df3609c85237c83e6352c2ab2d0b96ad_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

df3609c85237c83e6352c2ab2d0b96ad_JaffaCakes118
Size

860KB
MD5

df3609c85237c83e6352c2ab2d0b96ad
SHA1

011d423dea196fc6c72338f3ac756ae51612b10d
SHA256

3164eb9da18dd143272a12947e05e2a572687b7b4ddaefa915dc2d5058203e39
SHA512

0edeabbe478cd9f39f38b9bb1ac176e74b4cb5ce5e8693a4cfe5b072c6d11441e9734427201ec90179ff5652e583a10c2d1840dc1d608f43cf15f7836cafc6f2
SSDEEP

24576:TOP5meDwQugjUf8Y5RsDkmH4HeGPAsnCici:TqIPQzwf75oH4HeGosi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df3609c85237c83e6352c2ab2d0b96ad_JaffaCakes118

Files

df3609c85237c83e6352c2ab2d0b96ad_JaffaCakes118
.exe windows:5 windows x86 arch:x86

67ff22a4e5947a832198f7bb3bf62a63

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetDfsManagerSendSiteInfo
NetSessionEnum
NetLogonGetTimeServiceParentDomain
NetRemoveAlternateComputerName
NetDfsEnum
NetConfigGet
NetAuditWrite
DsGetDcNameWithAccountW
NetAddAlternateComputerName
NetConfigSet
NetFileEnum
NetServerTransportDel
NetShareEnum
NetDfsAddStdRoot
NetShareDel
NetShareAdd
NetGetJoinableOUs
DsDeregisterDnsHostRecordsA
NetGroupDel
I_NetDatabaseSync2
NetpwPathCompare
I_NetDatabaseRedo
I_NetlogonComputeServerDigest
I_NetGetForestTrustInformation
DsGetSiteNameW
NetReplExportDirSetInfo
DsGetDcOpenA
NetServerComputerNameAdd

kernel32

CreateDirectoryExA
AllocateUserPhysicalPages
LoadLibraryA
GetUserDefaultLCID
DeleteFileA
GetOEMCP
GlobalAlloc
GlobalGetAtomNameA
RtlMoveMemory
IsValidCodePage
SetPriorityClass
GetLogicalDriveStringsA
RemoveDirectoryA
VirtualAlloc
ClearCommBreak
EnterCriticalSection
OpenMutexA
BaseDumpAppcompatCache
LeaveCriticalSection
GetTapeParameters
SetLocaleInfoA
IsDebuggerPresent
WriteFileGather
GetSystemDefaultLCID
GetConsoleScreenBufferInfo
HeapReAlloc
IsValidLocale
FindVolumeClose
GetNumaAvailableMemoryNode
WTSGetActiveConsoleSessionId
GetProcessVersion
WaitForMultipleObjects
WriteConsoleInputA
ReadConsoleOutputA

msvcrt40

??0__non_rtti_object@@QAE@ABV0@@Z
?base@streambuf@@IBEPADXZ
_lsearch
??_8stdiostream@@7Bistream@@@
??_Eexception@@UAEPAXI@Z
_setmaxstdio
_atoldbl
_wtempnam
?doallocate@streambuf@@MAEHXZ
__p__wcmdln
_ismbbalnum
?xalloc@ios@@SAHXZ
?seekp@ostream@@QAEAAV1@J@Z
fgetwc
??_Gios@@UAEPAXI@Z
wcstod
?sputn@streambuf@@QAEHPBDH@Z
_mbclen
??_8istrstream@@7B@
_wsopen
?x_statebuf@ios@@0PAJA
??_Eistrstream@@UAEPAXI@Z
_mbsnset
??6ostream@@QAEAAV0@PBC@Z
??_Elogic_error@@UAEPAXI@Z
__p__amblksiz
isdigit
__p__wpgmptr
__wgetmainargs
__p__winmajor
isspace
?setmode@filebuf@@QAEHH@Z
_ismbcprint
_mbctype
??0strstreambuf@@QAE@H@Z
?setrwbuf@stdiobuf@@QAEHHH@Z
??0exception@@QAE@ABQBD@Z
?stdiofile@stdiobuf@@QAEPAU_iobuf@@XZ
_wcsdup
?ends@@YAAAVostream@@AAV1@@Z
??Bios@@QBEPAXXZ

ws2_32

WSADuplicateSocketA
WSAGetServiceClassNameByClassIdW
WSAGetServiceClassNameByClassIdA
WSASendTo
WSACancelAsyncRequest
WSACloseEvent
WSCEnumProtocols
WEP
WSAAccept
WSAIoctl
WSAAddressToStringW
WSCInstallProvider
ioctlsocket
sendto
WSCInstallNameSpace
WSASetLastError
WSALookupServiceNextW
WSADuplicateSocketW
bind
WSAJoinLeaf
WSACreateEvent
getprotobyname
WPUCompleteOverlappedRequest
WSAStartup
select
WSAEnumNameSpaceProvidersA

opengl32

glEnd
glRasterPos4fv
glEvalCoord1dv
glDisableClientState
wglDescribePixelFormat
glColor3sv
glBegin
glLightiv
glIndexf
glEvalCoord2dv
glVertex3iv
wglUseFontOutlinesW
glMapGrid2d
glTexCoord2iv
glGetMaterialfv
glTexCoord1s
GlmfEndPlayback
glClearAccum
glOrtho
glEvalPoint1
glMaterialiv
glNormal3f
glTexParameteri
glTexEnvf
glArrayElement
glIsTexture
glRotatef
glColor4b
GlmfPlayGlsRecord
glDisable
glMaterialfv
glColor4fv
glGetTexGendv
glIsEnabled
glPixelMapusv
glPopAttrib

lz32

CopyLZFile
LZDone
LZClose
LZRead
GetExpandedNameA
LZSeek
LZInit
LZStart
LZCloseFile
LZOpenFileW
LZCopy
LZCreateFileW
LZOpenFileA

Sections

.text
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 420KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67ff22a4e5947a832198f7bb3bf62a63

Headers

DLL Characteristics

File Characteristics

Imports

netapi32

kernel32

msvcrt40

ws2_32

opengl32

lz32

Sections

.text Size: 206KB - Virtual size: 206KB

.rdata Size: 231KB - Virtual size: 231KB

.data Size: 420KB - Virtual size: 1.9MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 206KB - Virtual size: 206KB

.rdata
Size: 231KB - Virtual size: 231KB

.data
Size: 420KB - Virtual size: 1.9MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B