df99c7ad2b879d4e5e0842d118b429b5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

df99c7ad2b879d4e5e0842d118b429b5_JaffaCakes118
Size

839KB
MD5

df99c7ad2b879d4e5e0842d118b429b5
SHA1

4fc4309f031a817fa73dd066fe04be1b929caa37
SHA256

6a645668f630f05072da573a2ee6de2c8b56068e24ee117e6c6078d4bf2c76f3
SHA512

12ee7efe1f568639b3f718df127e4eec17e7c13fd33987084ff0995f291b43aabdeec7ee969b7c084d0221c1a701ea9121e596fd4bea1dad6343ea70dbfcce94
SSDEEP

24576:7XOnEmDwacg+Q2rALwQk6t7BV0mvV1nNTMcDw:bvBacg+Q2rALwQk6t7BV0mvV1nts

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df99c7ad2b879d4e5e0842d118b429b5_JaffaCakes118

Files

df99c7ad2b879d4e5e0842d118b429b5_JaffaCakes118
.exe windows:4 windows x64 arch:x64

104942a303fddbe307369b11ba8c13e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\depot\bas\720_REL\src\opt\ntamd64\krn\ldreg\ldapreg.pdb

Imports

wldap32

ord25
ord200
ord47
ord27
ord30
ord26
ord50
ord33
ord38
ord34
ord32
ord48
ord44
ord13
ord60
ord45
ord136
ord211
ord22
ord41

msvcr80

__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_encode_pointer
__set_app_type
__lconv_init
__crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
_cexit
_exit
_XcptFilter
__C_specific_handler
__getmainargs
_amsg_exit
_atoi64
_putenv
_fullpath
bsearch
perror
getc
_finite
abort
memchr
strftime
strerror
toupper
vsprintf
_vsnprintf_s
_fstat64i32
memcmp
memmove
_purecall
rand
remove
_strdup
asctime
_vsnprintf
??3@YAXPEAX@Z
__CxxFrameHandler3
??2@YAPEAX_K@Z
strtol
_beginthreadex
_endthreadex
strstr
_strnicmp
_fmode
getenv
strcat_s
sprintf_s
strtoul
strncpy_s
strcpy_s
strspn
strpbrk
_getpid
_ftime64
_splitpath
_errno
calloc
strncat
memcpy
realloc
_stricmp
qsort
strrchr
fwrite
fread
memset
exit
strtok
strchr
strncmp
fgets
fseek
malloc
fopen
free
fclose
strncpy
__iob_func
fprintf
fflush
atoi
sprintf
_time64
_ctime64
_set_invalid_parameter_handler
fputc
_localtime64
_CxxThrowException
_fileno
_chdir

oleaut32

VariantClear

kernel32

SetThreadAffinityMask
GetProcessHeap
HeapFree
MultiByteToWideChar
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WideCharToMultiByte
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetHandleInformation
DeleteCriticalSection
WaitForSingleObject
GetExitCodeThread
IsDebuggerPresent
DuplicateHandle
Sleep
GetModuleFileNameA
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentProcessId
SleepEx
GetTimeZoneInformation
GetCurrentThread
CloseHandle
TerminateProcess
GetLastError
GetSystemInfo
GetVersionExA
GetComputerNameA
GetCurrentProcess

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostname
WSAStartup
WSAEnumProtocolsA
WSASetLastError
WSACleanup
getservbyport
gethostbyaddr
getservbyname
gethostbyname
htons
closesocket
socket
WSASocketA
bind
send
WSASend
recv
ioctlsocket
inet_addr
WSAGetLastError
htonl
inet_ntoa
WSADuplicateSocketA
select
getsockopt
getpeername
ntohs
getsockname

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 238KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 494KB - Virtual size: 494KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 710KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

104942a303fddbe307369b11ba8c13e6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wldap32

msvcr80

oleaut32

kernel32

advapi32

ws2_32

iphlpapi

Sections

.text Size: 238KB - Virtual size: 238KB

.rdata Size: 494KB - Virtual size: 494KB

.data Size: 69KB - Virtual size: 710KB

.pdata Size: 10KB - Virtual size: 10KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 24KB - Virtual size: 23KB

.text
Size: 238KB - Virtual size: 238KB

.rdata
Size: 494KB - Virtual size: 494KB

.data
Size: 69KB - Virtual size: 710KB

.pdata
Size: 10KB - Virtual size: 10KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 24KB - Virtual size: 23KB