e0c25a604c481e6bbafcc2c1d3aa113b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e0c25a604c481e6bbafcc2c1d3aa113b_JaffaCakes118
Size

440KB
MD5

e0c25a604c481e6bbafcc2c1d3aa113b
SHA1

adc91eb078c52c9237cee5b2fca0efd609d402b4
SHA256

b96f6f4c8ba226b128c828b92e41d6d6b4f095d63919b0a3edd69d712cfad543
SHA512

ec59d91bd555b51b31424a392e8796b478e83a0e7528ffec32a08dda42edfcb44795379fa0db8b0d2d83a7c5d9260a708065c833b2f653b33328a2c946fc6b04
SSDEEP

12288:gqkpaeFlWN0XyJullqmZaHYXrDzQ0qwtMMnMMMMM:grbSN9IlBZaHYfEfwtMMnMMMMM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e0c25a604c481e6bbafcc2c1d3aa113b_JaffaCakes118

Files

e0c25a604c481e6bbafcc2c1d3aa113b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

fd1d8d85d1615860cf0127061e029552

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

netapi32

NetWkstaGetInfo
NetUserAdd
NetGroupGetInfo
NetServerEnum
NetShareEnum
NetGroupAddUser
NetShareDel
NetUserModalsGet
NetGroupAdd
NetLocalGroupDelMembers
DsRoleGetPrimaryDomainInformation
NetWkstaUserGetInfo
NetGroupGetUsers
NetUserDel
NetGroupDelUser
NetShareSetInfo
NetQueryDisplayInformation
NetGroupDel
NetSessionGetInfo
NetGetAnyDCName
NetUseGetInfo
NetShareAdd
NetServerGetInfo
NetUserGetGroups
NetLocalGroupDel
NetLocalGroupEnum
NetSessionDel
NetFileGetInfo
NetUserGetInfo
NetUserGetLocalGroups
NetGroupEnum
NetLocalGroupGetMembers
NetLocalGroupAdd
NetLocalGroupSetInfo
NetLocalGroupGetInfo
DsRoleFreeMemory
NetGroupSetInfo
NetUserSetInfo
NetGetDCName
NetServerSetInfo
NetSessionEnum
NetLocalGroupAddMembers
NetUserModalsSet
NetUserChangePassword
NetApiBufferFree
NetShareGetInfo

ole32

StringFromCLSID
CoCreateInstance
CLSIDFromString
StringFromGUID2
CreatePointerMoniker
IIDFromString
CoTaskMemFree

kernel32

GetCurrentThreadId
SystemTimeToTzSpecificLocalTime
GetSystemTime
GetComputerNameW
LoadLibraryW
EnterCriticalSection
LocalFileTimeToFileTime
SystemTimeToFileTime
FreeLibrary
ReleaseSemaphore
GetCurrentProcessId
DosDateTimeToFileTime
FileTimeToDosDateTime
InterlockedDecrement
FileTimeToLocalFileTime
UnhandledExceptionFilter
GetSystemTimeAsFileTime
LocalFree
InitializeCriticalSection
DeleteCriticalSection
GetTickCount
FormatMessageW
TerminateProcess
LeaveCriticalSection
QueryPerformanceCounter
DisableThreadLibraryCalls
LocalAlloc
lstrlenW
CompareStringW
GetStartupInfoA
GetProcAddress
CloseHandle
GetLastError
SetLastError
SetUnhandledExceptionFilter
CreateSemaphoreW
FileTimeToSystemTime
InterlockedIncrement
GetACP
GetModuleHandleW

user32

wsprintfW
LoadStringW

mpr

WNetCancelConnection2W
WNetAddConnection2W

oleaut32

VariantCopy

msvcrt

malloc
_purecall
wcschr
_except_handler3
wcsrchr
_wcsicmp
wcscpy
wcscat
_CxxThrowException
wcslen
_ltow
_onexit
_ftol
wcscmp
__dllonexit
_initterm
_wtol
_wcsnicmp
_adjust_fdiv
_itow
free

rpcrt4

RpcStringFreeW

advapi32

ChangeServiceConfigW
RegOpenKeyExW
RegQueryValueExW
GetSidSubAuthorityCount
GetLengthSid
RegCloseKey
OpenServiceW
RegEnumKeyExW
ControlService
GetUserNameW
CreateServiceW
QueryServiceConfigW
QueryServiceStatus
LockServiceDatabase
GetSidSubAuthority
EnumServicesStatusW
RegConnectRegistryW
UnlockServiceDatabase
CloseServiceHandle
SystemFunction041
OpenSCManagerW
StartServiceW
SystemFunction040
LookupAccountNameW
GetSidIdentifierAuthority
DeleteService

ntdll

RtlAdjustPrivilege
NtAllocateVirtualMemory
RtlRunEncodeUnicodeString
RtlAddAccessAllowedAceEx
RtlInitUnicodeString

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 936KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 368KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd1d8d85d1615860cf0127061e029552

Headers

File Characteristics

Imports

netapi32

ole32

kernel32

user32

mpr

oleaut32

msvcrt

rpcrt4

advapi32

ntdll

Sections

.text Size: 13KB - Virtual size: 13KB

.data Size: 8KB - Virtual size: 936KB

.idata Size: 4KB - Virtual size: 4KB

.rdata Size: 368KB - Virtual size: 368KB

.rsrc Size: 43KB - Virtual size: 43KB

.reloc Size: 512B - Virtual size: 56B

.text
Size: 13KB - Virtual size: 13KB

.data
Size: 8KB - Virtual size: 936KB

.idata
Size: 4KB - Virtual size: 4KB

.rdata
Size: 368KB - Virtual size: 368KB

.rsrc
Size: 43KB - Virtual size: 43KB

.reloc
Size: 512B - Virtual size: 56B