ef5cbd0bc086cf29ff1a7af35b779b59_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ef5cbd0bc086cf29ff1a7af35b779b59_JaffaCakes118
Size

499KB
MD5

ef5cbd0bc086cf29ff1a7af35b779b59
SHA1

dcbb899e8d25737397f1b4949032a37d5fc04862
SHA256

f300c566053eb494a22d2f10e445c6c00d1ec9c84f9bcf3f8d80355f7a32c1eb
SHA512

4a831dcdff0dc5c8b633835aee79e9a643ba3253951f55581d63aa294290b0925204617a646619818091dd4ec7be2e34113663e5b3bc0ac7a140061ee58eff13
SSDEEP

12288:4Od2VcPaLITS2wUqc9VkMd3JLQrcEoKWRtMMnMMMMMLHJrUWieeIPQ0W:44x/TS2Nqc9+ELQrpobtMMnMMMMMLHJy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef5cbd0bc086cf29ff1a7af35b779b59_JaffaCakes118

Files

ef5cbd0bc086cf29ff1a7af35b779b59_JaffaCakes118
.exe windows:4 windows x86 arch:x86

95ed89156d9ceecfa49ed7505cc98a35

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ddraw

DirectDrawEnumerateA

advapi32

RegOpenKeyExA
RegSetValueA
RegQueryValueExW
RegEnumValueW
RegDeleteValueW
OpenProcessToken
RegDeleteKeyA
SetSecurityDescriptorDacl
RegEnumKeyA
LookupPrivilegeValueA
ReportEventA
RegSetValueExW
RegQueryInfoKeyA
AdjustTokenPrivileges
RegQueryValueExA
DeregisterEventSource
RegCloseKey
RegCreateKeyW
RegDeleteKeyW
RegEnumValueA
RegisterEventSourceA
RegOpenKeyW
RegDeleteValueA
InitializeSecurityDescriptor
RegOpenKeyA
RegQueryValueA
RegEnumKeyW
RegSetValueExA
RegCreateKeyA

samlib

SamConnectWithCreds
SamTestPrivateFunctionsDomain
SamRemoveMultipleMembersFromAlias
SamTestPrivateFunctionsUser

kernel32

GlobalUnlock
UnhandledExceptionFilter
SetFileAttributesA
WriteFile
GetLocaleInfoA
GlobalDeleteAtom
SetLocalTime
GetFileType
lstrcatA
FreeEnvironmentStringsA
IsDBCSLeadByte
FindClose
FileTimeToLocalFileTime
GetSystemDefaultLangID
FindNextFileA
LCMapStringA
GetCurrentProcessId
lstrcmpA
SizeofResource
lstrcpyA
ExitProcess
GetFileAttributesA
DuplicateHandle
GetCurrentProcess
HeapCreate
CompareStringA
GlobalAddAtomA
SetStdHandle
GetACP
SetEnvironmentVariableA
GetStringTypeExA
InitializeCriticalSection
GetSystemInfo
GetModuleFileNameA
InterlockedDecrement
HeapDestroy
HeapAlloc
LCMapStringW
GetCurrentThreadId
GetLocalTime
TlsFree
GetShortPathNameA
FormatMessageA
WideCharToMultiByte
GetSystemTime
GetTempPathA
lstrcmpiW
GetExitCodeProcess
GetTickCount
GetOEMCP
GetCurrentDirectoryA
TlsSetValue
LoadLibraryExA
lstrcmpiA
CreateProcessA
HeapReAlloc
HeapFree
GlobalLock
FindFirstFileA
FileTimeToSystemTime
ResumeThread
CloseHandle
EnterCriticalSection
DeleteFileA
SetFileTime
GetCommandLineA
HeapSize
GetEnvironmentStringsW
TerminateProcess
ReleaseSemaphore
SetCurrentDirectoryA
GetDriveTypeA
GetUserDefaultLangID
GetVersion
ExitThread
VirtualFree
RemoveDirectoryA
GlobalHandle
GetModuleHandleA
SetHandleCount
RtlUnwind
IsBadCodePtr
FreeLibrary
GetUserDefaultLCID
GetProfileStringA
Sleep
GetStartupInfoA
DeleteCriticalSection
lstrcpynA
GetFileTime
_llseek
CreateMailslotA
_lclose
TlsAlloc
SetFilePointer
GetWindowsDirectoryA
UnlockFile
IsBadReadPtr
GetLastError
VirtualProtect
GetVersionExA
LockFile
GetSystemDirectoryA
SetEvent
GetVolumeInformationA
GetModuleFileNameW
GlobalSize
_lread
InterlockedIncrement
FreeResource
VirtualQuery
SetLastError
GetFullPathNameA
SetErrorMode
GetProcAddress
MoveFileA
_lwrite
FormatMessageW
GetDateFormatA
GlobalReAlloc
RaiseException
LockResource
FreeEnvironmentStringsW
LeaveCriticalSection
GetCPInfo
CompareStringW
GlobalAlloc
ReadFile
LoadResource
ResetEvent
GetTempFileNameA
FindResourceA
CreateEventA
MulDiv
VirtualAlloc
CreateDirectoryA
GetStringTypeW
SetEndOfFile
GetStringTypeA
GlobalFree
GetStdHandle
CreateSemaphoreA
TlsGetValue
GetSystemDefaultLCID
lstrlenA
WaitForSingleObject
CreateFileA
WinExec
LoadLibraryA
SystemTimeToFileTime
FlushInstructionCache
GetTimeZoneInformation
CreateProcessW
FlushFileBuffers
SearchPathA
GetEnvironmentStrings
MultiByteToWideChar

mswsock

sethostname

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 154KB - Virtual size: 1016KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

95ed89156d9ceecfa49ed7505cc98a35

Headers

DLL Characteristics

File Characteristics

Imports

ddraw

advapi32

samlib

kernel32

mswsock

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 205KB - Virtual size: 205KB

.data Size: 154KB - Virtual size: 1016KB

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 131KB - Virtual size: 130KB

.reloc Size: 512B - Virtual size: 64B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 205KB - Virtual size: 205KB

.data
Size: 154KB - Virtual size: 1016KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 131KB - Virtual size: 130KB

.reloc
Size: 512B - Virtual size: 64B