f726c4eee0bee8ab85f6dbb3d02fcf64_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f726c4eee0bee8ab85f6dbb3d02fcf64_JaffaCakes118
Size

64KB
MD5

f726c4eee0bee8ab85f6dbb3d02fcf64
SHA1

8ca9de64e6750799e5136de7338318e5e9ab009a
SHA256

2eca407f7b4159c90dad1f09f1227e53d964b61469d637a836a2561285a56487
SHA512

74ab9585d33c7cd4938e5bd11f96e1e82dd241687ccc4e7ca3cc7d0da189c76cb95b63f97b0fdf6e148ae187f64290e564722c340754fe2a7bff604e7bc90665
SSDEEP

1536:hezL290QbYEX2pn4Wp3AtRlwibniUxTQIPET2JC7Oeh6j:hemaQbNMp32lwoiUxT5ETp7v6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f726c4eee0bee8ab85f6dbb3d02fcf64_JaffaCakes118

Files

f726c4eee0bee8ab85f6dbb3d02fcf64_JaffaCakes118
.exe windows:5 windows x86 arch:x86

057301b915cc7cd93e5f96fddb5ad8cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdsapi

DsReplicaFreeInfo
DsBindWithCredW
DsGetDomainControllerInfoA
DsQuoteRdnValueA
DsQuoteRdnValueW
DsGetDomainControllerInfoW
DsAddSidHistoryA
DsInheritSecurityIdentityW
DsBindWithSpnW
DsFreeSchemaGuidMapA
DsaopBindWithSpn
DsUnBindW
DsMakePasswordCredentialsA
DsCrackSpnW
DsMakePasswordCredentialsW
DsBindWithSpnA
DsGetRdnW
DsMapSchemaGuidsA
DsReplicaAddA
DsFreeDomainControllerInfoA
DsIsMangledRdnValueA
DsaopBind
DsRemoveDsDomainW
DsGetSpnA
DsListSitesW
DsReplicaGetInfo2W
DsListServersForDomainInSiteW
DsReplicaModifyW
DsMapSchemaGuidsW

shlwapi

SHDeleteValueW
PathAppendA
UrlUnescapeW
SHEnumValueA
StrStrNIW
PathFindExtensionA
PathSkipRootW
StrFormatByteSize64A
PathQuoteSpacesW
PathFileExistsA
PathIsDirectoryEmptyA
SHGetValueA
StrCmpNW
SHGetValueW
PathIsSystemFolderW
AssocQueryStringByKeyW
UrlIsOpaqueA
SHRegDuplicateHKey
SHQueryValueExA
StrFromTimeIntervalW
StrRetToStrW
StrToInt64ExA
StrChrIW
SHRegGetBoolUSValueA
PathIsFileSpecA
PathRemoveArgsW
SHLoadIndirectString
SHRegDeleteEmptyUSKeyA

mprapi

MprConfigServerBackup
MprConfigServerGetInfo
MprConfigTransportSetInfo
MprAdminSendUserMessage
MprAdminDeregisterConnectionNotification
MprInfoBlockRemove
MprAdminInterfaceGetCredentialsEx
MprAdminUserWriteProfFlags
MprAdminInterfaceDelete
MprAdminInterfaceTransportAdd
MprAdminServerGetInfo
MprConfigInterfaceCreate
MprAdminInterfaceCreate
MprConfigInterfaceDelete
MprAdminInterfaceDeviceGetInfo
MprAdminTransportGetInfo
MprAdminInterfaceSetCredentialsEx
MprAdminInterfaceUpdateRoutes
MprAdminPortReset
MprAdminInterfaceTransportRemove
MprConfigInterfaceGetInfo
MprAdminPortDisconnect

oledlg

OleUIInsertObjectA
OleUIPasteSpecialW
OleUIChangeIconW
OleUIBusyW
OleUIUpdateLinksA
OleUIUpdateLinksW
OleUIPromptUserA
OleUIChangeSourceA
OleUIAddVerbMenuW
OleUIInsertObjectW
OleUIObjectPropertiesA
OleUIChangeIconA
OleUIConvertW
OleUIEditLinksA
OleUIPasteSpecialA
OleUIEditLinksW
OleUIChangeSourceW
OleUIBusyA
OleUIPromptUserW
OleUICanConvertOrActivateAs
OleUIConvertA
OleUIAddVerbMenuA
OleUIObjectPropertiesW

kernel32

CreateTapePartition
GetFirmwareEnvironmentVariableA
GetStartupInfoW
LoadLibraryW
CreateSemaphoreW
GetProcAddress
UnmapViewOfFile
AddRefActCtx
_hread
FindActCtxSectionStringA
HeapSetInformation
GetCurrentProcessId
GetComputerNameW
LZOpenFileW
GetFileAttributesExA
CancelIo
GetMailslotInfo
GetCurrentThreadId
GetModuleHandleW
LocalFree
SetProcessShutdownParameters
GetTickCount
CreateToolhelp32Snapshot
WaitForMultipleObjectsEx
LoadLibraryA
OutputDebugStringA
VirtualAlloc
CloseProfileUserMapping
LZInit
GetConsoleAliasesA
QueryPerformanceCounter
SetThreadLocale
CopyFileExW
DuplicateHandle
IsProcessorFeaturePresent
ReadConsoleInputExA
SetHandleContext
TransactNamedPipe

msvcirt

?setb@streambuf@@IAEXPAD0H@Z
?xsgetn@streambuf@@UAEHPADH@Z
?ipfx@istream@@QAEHH@Z
?is_open@ofstream@@QBEHXZ
??5istream@@QAEAAV0@AAK@Z
??_Eistrstream@@UAEPAXI@Z
??0istrstream@@QAE@ABV0@@Z
??_8iostream@@7Bistream@@@
??5istream@@QAEAAV0@AAN@Z
?read@istream@@QAEAAV1@PACH@Z
??_Eiostream@@UAEPAXI@Z
??6ostream@@QAEAAV0@D@Z
?rdbuf@stdiostream@@QBEPAVstdiobuf@@XZ
??0stdiobuf@@QAE@ABV0@@Z
?getline@istream@@QAEAAV1@PAEHD@Z
??6ostream@@QAEAAV0@PBX@Z
??0ofstream@@QAE@ABV0@@Z
??_8stdiostream@@7Bostream@@@
??5istream@@QAEAAV0@AAE@Z
??4istrstream@@QAEAAV0@ABV0@@Z
??4istream_withassign@@QAEAAVistream@@ABV1@@Z
??_Eistream_withassign@@UAEPAXI@Z
??1ostream_withassign@@UAE@XZ

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

057301b915cc7cd93e5f96fddb5ad8cc

Headers

DLL Characteristics

File Characteristics

Imports

ntdsapi

shlwapi

mprapi

oledlg

kernel32

msvcirt

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 13KB - Virtual size: 72KB

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: 512B - Virtual size: 396B

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 13KB - Virtual size: 72KB

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 512B - Virtual size: 396B