fb12e437b72b2bd75e4f15411ec40dfa_JaffaCakes118

General

Target

fb12e437b72b2bd75e4f15411ec40dfa_JaffaCakes118
Size

92KB
MD5

fb12e437b72b2bd75e4f15411ec40dfa
SHA1

98f0207194f6903a2c030b5bd27c133596cc817a
SHA256

5a1992e534798b1a83416fa5b4cb97a07be71326b482c79cc49daa345f232f9e
SHA512

1d2ee5f814423cc8854a470704374bd15523ee62237d305eb4521716e4bce5e936198b1aa0ba0dbebf27bff134bc238f873c4ac43a089b3af441e186907dc510
SSDEEP

1536:bOxUUu8yC6GDXZlYt2vRbBlYxqDnjBN9L+xCgbnMB1av0tn0T8iPfbdVkU0I:boskZlYto/lYsz396cgua5Pb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb12e437b72b2bd75e4f15411ec40dfa_JaffaCakes118

Files

fb12e437b72b2bd75e4f15411ec40dfa_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f9963a8366f6b4e94cb5eb342f4cb67a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EndUpdateResourceW
SetThreadLocale
PeekConsoleInputW
GetCommMask
DebugSetProcessKillOnExit
RegisterWaitForSingleObjectEx
LoadLibraryA
IsBadWritePtr
EnumDateFormatsExA
VirtualAlloc
GetGeoInfoA
WriteFile
GetExitCodeProcess
ExpandEnvironmentStringsW
DeactivateActCtx
GetProcessHeaps
BuildCommDCBAndTimeoutsA
WriteConsoleOutputW
VirtualProtectEx
GetFileTime
EnumTimeFormatsW
SetFileAttributesW
GetDiskFreeSpaceExW
FindResourceExA
SetCommState
GetTickCount
CreateFiber
SetProcessShutdownParameters
GetMailslotInfo

rasapi32

RasEnumDevicesA
RasCreatePhonebookEntryA
RasSetEntryDialParamsA
RasFreeEapUserIdentityA
RasConnectionNotificationW
RasSetOldPassword
RasClearConnectionStatistics
RasEnumConnectionsW
RasCreatePhonebookEntryW
RasHangUpA
RasGetEntryHrasconnW
RasRenameEntryW

adsldpc

LdapCacheAddRef
LdapTypeToAdsTypeDNWithBinary
LdapGetSyntaxIdOfAttribute
ADSIGetNextColumnName
ADSIModifyRdn
LdapSearchS
LdapReadAttributeFast
ADSIDeleteDSObject
ADsWriteClassDefinition
LdapValueFree
LdapModifyExtS
BuildLDAPPathFromADsPath
SchemaGetStringsFromStringTable

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9963a8366f6b4e94cb5eb342f4cb67a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

rasapi32

adsldpc

Sections

.text Size: 39KB - Virtual size: 39KB

.data Size: 25KB - Virtual size: 35KB

.rsrc Size: 25KB - Virtual size: 25KB

.reloc Size: 512B - Virtual size: 288B

.text
Size: 39KB - Virtual size: 39KB

.data
Size: 25KB - Virtual size: 35KB

.rsrc
Size: 25KB - Virtual size: 25KB

.reloc
Size: 512B - Virtual size: 288B