ef4fc056bae1163f79eec7a768249c69_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ef4fc056bae1163f79eec7a768249c69_JaffaCakes118
Size

83KB
MD5

ef4fc056bae1163f79eec7a768249c69
SHA1

fa4a16688339f75337b9905c69b2c73f086704fb
SHA256

ec71f31e6f63fa7b9ed88a1c234296fa132185cb3ec52ca22d59a201b08c9e36
SHA512

b2f23c96cda6736631d90d9290cd7d4641b25da6fbfc88eed13b2ac0f94bbd1e2bc10155ddf61e92ecd296b538f8322cc632ca987ad985d2856b46c09b7da9bb
SSDEEP

1536:/KW9epVoxy5qSdpBj6wzh9sQzrd3/MDtYkKNX8iNoLI:UVX5qGpBj6eh9sm5ItYpNn6I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef4fc056bae1163f79eec7a768249c69_JaffaCakes118

Files

ef4fc056bae1163f79eec7a768249c69_JaffaCakes118
.exe windows:5 windows x86 arch:x86

056389b21a7ed56218da9f387de6a70e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcirt

??4strstream@@QAEAAV0@AAV0@@Z
?dec@@YAAAVios@@AAV1@@Z
?get@istream@@QAEAAV1@AAD@Z
?setbuf@streambuf@@UAEPAV1@PADH@Z
?get@istream@@QAEAAV1@PACHD@Z
?sync@istream@@QAEHXZ
??0ifstream@@QAE@HPADH@Z
??0istream_withassign@@QAE@XZ
??5istream@@QAEAAV0@AAK@Z
??0ios@@IAE@XZ
??_8istream@@7B@
?floatfield@ios@@2JB
?clear@ios@@QAEXH@Z

advapi32

WmiFileHandleToInstanceNameA
StopTraceW
LsaGetSystemAccessAccount
CloseServiceHandle
LsaLookupNames
CloseEncryptedFileRaw
SetTokenInformation
WmiMofEnumerateResourcesW
SetEntriesInAclW
AreAllAccessesGranted
CredWriteDomainCredentialsA
ConvertSecurityDescriptorToStringSecurityDescriptorA
LsaRemovePrivilegesFromAccount
AccessCheckAndAuditAlarmA
CredMarshalCredentialA
EnumerateTraceGuids
SystemFunction035

wldap32

ldap_delete
ldap_search_st
ldap_rename_extA
ldap_add_s
ldap_count_values_len
ldap_delete_ext_sA
ldap_count_entries
LdapUnicodeToUTF8
ldap_create_sort_controlW
ldap_compare_extW
ldap_parse_vlv_controlW
ber_next_element
ldap_search_ext
ldap_deleteW
ldap_deleteA

kernel32

SetEnvironmentVariableA
WaitCommEvent
TzSpecificLocalTimeToSystemTime
PeekNamedPipe
QueryDepthSList
WriteConsoleA
GetComputerNameA
GetFileAttributesW
SetComputerNameExA
GetSystemDefaultLCID
VirtualAlloc
DelayLoadFailureHook
GetFileInformationByHandle
SetEndOfFile
GetProfileStringA
GlobalAlloc
LoadLibraryA

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

056389b21a7ed56218da9f387de6a70e

Headers

DLL Characteristics

File Characteristics

Imports

msvcirt

advapi32

wldap32

kernel32

Sections

.text Size: 34KB - Virtual size: 34KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 26KB - Virtual size: 33KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 320B

.text
Size: 34KB - Virtual size: 34KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 26KB - Virtual size: 33KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 320B