e9f339db21aee1d9df80c5d8f2e51742_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e9f339db21aee1d9df80c5d8f2e51742_JaffaCakes118
Size

160KB
MD5

e9f339db21aee1d9df80c5d8f2e51742
SHA1

80918c3aef2d763974c43434560e79663d8462bc
SHA256

b0249cdcdb653945202070503fe397263513745bb57a8eaf809d3bff9555adc5
SHA512

d542076133155aa209b40cacc3b0905585169919a1749619ddba6f948c6487ffa429ebc37a28d8c33021e18471105eec30c97da4b66047f586236a8d55c9508f
SSDEEP

3072:Y/xeLe0qetS15a38FL8AQY+oSTFvduVrw2TjEDNOaT55Ycy554:Y5q9qgS15vrQa1w2h555

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e9f339db21aee1d9df80c5d8f2e51742_JaffaCakes118

Files

e9f339db21aee1d9df80c5d8f2e51742_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7fc7715e5b9c7225615b635e82e172da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wldap32

ldap_count_entries
ldap_delete_s
ldap_parse_sort_controlA
ldap_encode_sort_controlW
ldap_bind_sW
ldap_modify_ext_s
ldap_create_vlv_controlA
ldap_simple_bind
ldap_value_freeA
ldap_msgfree
ldap_modrdn2_sA
ber_printf
ldap_initW
ldap_add_ext_sW
ldap_modify_ext
ldap_add_sA
ldap_get_valuesA
ldap_modrdn2W
ldap_modrdn2_sW
ldap_compare_extW
ldap_check_filterA
ldap_parse_resultA
ldap_err2string
ldap_start_tls_sW
ldap_parse_page_controlA
ldap_search_ext_s
ldap_rename_ext_sA
ber_next_element
ldap_get_valuesW

kernel32

GlobalDeleteAtom
EnumSystemGeoID
QueueUserAPC
GetAtomNameA
DeviceIoControl
HeapSummary
SetMessageWaitingIndicator
VirtualUnlock
InitAtomTable
SetEndOfFile
GetConsoleAliasesW
ReadConsoleOutputCharacterW
VirtualAlloc
GetCurrentThreadId
GetModuleHandleA
WriteProfileStringW
GetVolumePathNamesForVolumeNameW
GetExitCodeThread
SetThreadUILanguage
LocalAlloc
ReadConsoleInputW
SetThreadIdealProcessor
SetConsoleInputExeNameA
EndUpdateResourceA
OpenMutexA
TransmitCommChar
LoadLibraryA
QueryDosDeviceW
SetLocaleInfoA
SetFilePointerEx
GetUserGeoID
DosPathToSessionPathA
GlobalHandle
FindFirstVolumeA
GlobalUnfix
FindFirstFileA
BeginUpdateResourceW
GetCommandLineA
GlobalFindAtomW
OpenThread
GetWindowsDirectoryW
GetShortPathNameA
GetLastError
WriteConsoleInputW
GetConsoleCommandHistoryLengthA
InterlockedExchangeAdd
GetUserDefaultUILanguage
GetCurrentConsoleFont
VirtualProtectEx
IsBadCodePtr

rasmontr

RutlGetOsVersion
RutlParse
RutlStrDup
RutlDwordDup
RutlAssignmentFromTokens
InitHelperDll
RutlAlloc
RutlIsHelpToken
RutlGetTagToken
RutlFree
RutlAssignmentFromTokenAndDword
RutlCloseDumpFile
RutlCreateDumpFile

msvcrt

_cscanf
??0bad_cast@@AAE@PBQBD@Z
_CIasin
_wasctime
??_7bad_cast@@6B@
swscanf
_kbhit
_wgetdcwd
memset
tmpfile
_tell
_atodbl
_wexeclp
??0__non_rtti_object@@QAE@PBD@Z
__crtGetLocaleInfoW
_execv
?_query_new_handler@@YAP6AHI@ZXZ
realloc
exp
__p__wenviron
_locking
_ismbclegal
vfprintf
frexp
_stat64
_aligned_offset_realloc
_findfirsti64
_wstrtime
wprintf
_localtime64
feof
_snwprintf
iswascii
iswdigit
__CxxExceptionFilter
_write
_sleep
_wexecve
_mbbtombc
_mbsinc
_rmdir
difftime
_heapset

msdart

?RemoveHead@CDoubleList@@QAEQAVCListEntry@@XZ
?_TryReadLock@CReaderWriterLock2@@AAE_NXZ
?IsReadUnlocked@CFakeLock@@QBE_NXZ
?ReleaseVersionInfo@CMdVersionInfo@@SAXXZ
??0CLockedSingleList@@QAE@XZ
?SetSpinCount@CReaderWriterLock@@QAE_NG@Z
?MaxSize@CLKRHashTable@@QBEKXZ
?_IsLocked@CSpinLock@@ABE_NXZ
?ConvertSharedToExclusive@CReaderWriterLock3@@QAEXXZ
?ConvertExclusiveToShared@CLKRHashTable@@QBEXXZ
?IsLocked@CLockedDoubleList@@QBE_NXZ
?RemoveTail@CLockedDoubleList@@QAEQAVCListEntry@@XZ
?TryWriteLock@CCritSec@@QAE_NXZ
?sm_wDefaultSpinCount@CReaderWriterLock3@@1GA
?_DeleteKey@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@KK@Z
?IsReadLocked@CLKRLinearHashTable@@QBE_NXZ
?Pop@CSingleList@@QAEQAVCSingleListEntry@@XZ
?GetDefaultSpinAdjustmentFactor@CSmallSpinLock@@SGNXZ
?GetStatistics@CLKRLinearHashTable@@QBE?AVCLKRHashTableStats@@XZ
?IsWinNT@CMdVersionInfo@@SAHXZ
?ReadUnlock@CReaderWriterLock3@@QAEXXZ
?InitializeVersionInfo@CMdVersionInfo@@CAHXZ
?IsUnlocked@CLockedDoubleList@@QBE_NXZ
?_CmpExch@CReaderWriterLock@@AAE_NJJ@Z
mpFree
??4CLKRHashTableStats@@QAEAAV0@ABV0@@Z
?IsWin2k@CMdVersionInfo@@SAHXZ
?ReadOrWriteLock@CReaderWriterLock3@@QAE_NXZ
?RemoveHead@CLockedDoubleList@@QAEQAVCListEntry@@XZ
?DeleteKey@CLKRHashTable@@QAE?AW4LK_RETCODE@@K@Z
?WriteUnlock@CFakeLock@@QAEXXZ
?_TryWriteLock@CReaderWriterLock3@@AAE_NJ@Z
?TryReadLock@CSpinLock@@QAE_NXZ
?ApplyIf@CLKRHashTable@@QAEKP6G?AW4LK_PREDICATE@@PBXPAX@ZP6G?AW4LK_ACTION@@01@Z1W4LK_LOCKTYPE@@@Z
??4CFakeLock@@QAEAAV0@ABV0@@Z
?ConvertSharedToExclusive@CReaderWriterLock2@@QAEXXZ
??0CSingleList@@QAE@XZ
?_ReadLockSpin@CReaderWriterLock3@@AAEXW4SPIN_TYPE@1@@Z
?IsReadUnlocked@CReaderWriterLock@@QBE_NXZ
?Clear@CLKRLinearHashTable@@QAEXXZ
?IsWinNT4@CMdVersionInfo@@SAHXZ
?FindKey@CLKRLinearHashTable@@QBE?AW4LK_RETCODE@@KPAPBX@Z
?GetDefaultSpinCount@CSpinLock@@SGGXZ

pdh

PdhLookupPerfIndexByNameA
PdhCreateSQLTablesA
PdhBindInputDataSourceW
PdhVbGetCounterPathElements
PdhParseInstanceNameW
PdhGetFormattedCounterArrayA
PdhGetFormattedCounterArrayW
PdhParseCounterPathA
PdhGetDataSourceTimeRangeA
PdhEnumObjectItemsA
PdhVbOpenQuery
PdhFormatFromRawValue
PdhGetRawCounterArrayA
PdhGetFormattedCounterValue
PdhEnumLogSetNamesA
PdhOpenLogA
PdhLookupPerfIndexByNameW
PdhUpdateLogFileCatalog
PdhOpenQueryW
PdhOpenQueryA
PdhBindInputDataSourceA
PdhCollectQueryData
PdhVbOpenLog
PdhEnumObjectItemsW
PdhListLogFileHeaderA

winmm

mxd32Message
timeGetTime
timeBeginPeriod
midiInStop
waveOutBreakLoop
mmioSendMessage
mciExecute
mixerGetDevCapsW
midiOutGetErrorTextA
joyGetDevCapsW
mmioInstallIOProcA
mciGetDeviceIDFromElementIDA
mmioFlush
waveInGetID
mci32Message
mixerOpen
mmioRead
midiOutPrepareHeader
midiInGetDevCapsA
mod32Message
mixerGetID
midiInGetErrorTextA
mmioRenameA
CloseDriver
waveOutSetPitch
waveInStop
midiInMessage
mciGetDeviceIDFromElementIDW
mmioInstallIOProcW
waveInGetErrorTextW
midiStreamPosition

user32

EndDialog

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 97KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fc7715e5b9c7225615b635e82e172da

Headers

DLL Characteristics

File Characteristics

Imports

wldap32

kernel32

rasmontr

msvcrt

msdart

pdh

winmm

user32

Sections

.text Size: 39KB - Virtual size: 38KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 97KB - Virtual size: 186KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1024B - Virtual size: 892B

.text
Size: 39KB - Virtual size: 38KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 97KB - Virtual size: 186KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 892B