e0d43abb3f6df9275dad84fccafe8ab3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e0d43abb3f6df9275dad84fccafe8ab3_JaffaCakes118
Size

130KB
MD5

e0d43abb3f6df9275dad84fccafe8ab3
SHA1

15538a584420f7e34d134fd658901add595d6783
SHA256

39f8d7efc1c5014c460e45d87ff215d31b287ba12a51644f9fd53f28f60fa71a
SHA512

764e229febebbee438aaf8e3bb7b86c47576f476a22139093a9dbfe80e47a657b51de80f1e4913c53af20ad9c73743f20941de37084552487f7b6d464e16a43f
SSDEEP

3072:I7zWGtrdacyOAsxCSXerbEixCGFUz5IDD2UuHO5OAxoHsbgM:RGtrdacyOAsxlXerQoUmDJwuOAeH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e0d43abb3f6df9275dad84fccafe8ab3_JaffaCakes118

Files

e0d43abb3f6df9275dad84fccafe8ab3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a0bc12ca34873814caf2af871c96ae71

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetBinaryTypeA
GetDateFormatA
LoadLibraryA
CreateHardLinkW
ReplaceFileA
LocalReAlloc
GetConsoleWindow
OutputDebugStringA
GetConsoleInputWaitHandle
SizeofResource
GetPrivateProfileSectionA
CreateJobSet
InterlockedIncrement
Process32FirstW
DnsHostnameToComputerNameA
SetConsoleCursorInfo
GetStartupInfoW
WaitCommEvent
GetCommandLineW
EnumSystemGeoID
EnumSystemCodePagesW
LockFile
WriteFileGather
GetCommModemStatus
SetConsoleCursor
lstrcmpi
VerifyConsoleIoHandle
SetErrorMode
VirtualAlloc
SetCurrentDirectoryA
SetFirmwareEnvironmentVariableW
RegisterWaitForInputIdle
GetFileType
GetFullPathNameA
GetPrivateProfileIntA
FileTimeToSystemTime
OpenThread
CreateIoCompletionPort
OpenJobObjectA
RemoveLocalAlternateComputerNameA
GetFullPathNameW
EnumDateFormatsW
DeleteVolumeMountPointW
GetQueuedCompletionStatus

ntdsapi

DsUnquoteRdnValueA
DsIsMangledDnW
DsMakeSpnA
DsCrackSpn3W
DsInheritSecurityIdentityW
DsReplicaSyncAllW
DsCrackSpnA
DsBindWithCredW
DsFreeSpnArrayA
DsBindA
DsMakePasswordCredentialsW
DsaopExecuteScript
DsReplicaSyncW
DsFreeSpnArrayW
DsQuoteRdnValueW
DsBindWithSpnA
DsReplicaSyncA
DsUnBindA
DsReplicaAddA
DsFreeDomainControllerInfoA
DsFreeDomainControllerInfoW
DsWriteAccountSpnW
DsaopPrepareScript
DsListServersInSiteW

ntdll

RtlpUnWaitCriticalSection
NtFsControlFile
_CIsin
RtlVerifyVersionInfo
NtIsSystemResumeAutomatic
RtlSelfRelativeToAbsoluteSD2
ZwReleaseMutant
RtlConvertLongToLargeInteger
_ultow
_lfind
ZwOpenThreadTokenEx
NtDisplayString
RtlClearAllBits
VerSetConditionMask
ZwQuerySystemTime
ZwOpenMutant
RtlInitializeSid
RtlQueryInformationAcl
RtlExpandEnvironmentStrings_U

certcli

CAEnumCertTypesEx
CAGetDN
CAGetCertTypeFlags
CASetCertTypeKeySpec
CAOIDFreeProperty
CACertTypeSetSecurity
CACertTypeQuery
CAGetCertTypePropertyEx
CACertTypeAccessCheckEx
CAEnumNextCertType
CAGetCertTypeExtensions
CASetCAExpiration
CACertTypeGetSecurity
CAFreeCertTypeProperty
CAInstallDefaultCertType

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xxxdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.iiidata
Size: 52KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a0bc12ca34873814caf2af871c96ae71

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdsapi

ntdll

certcli

Sections

.text Size: 71KB - Virtual size: 71KB

.xxxdata Size: 3KB - Virtual size: 3KB

.iiidata Size: 52KB - Virtual size: 182KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 316B

.text
Size: 71KB - Virtual size: 71KB

.xxxdata
Size: 3KB - Virtual size: 3KB

.iiidata
Size: 52KB - Virtual size: 182KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 316B