fa51c14ee6ea30d741289bee86c94fa2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fa51c14ee6ea30d741289bee86c94fa2_JaffaCakes118
Size

864KB
MD5

fa51c14ee6ea30d741289bee86c94fa2
SHA1

3c9cd39ebdf253d6b9a92e9222f379ee4c9ea836
SHA256

2de6065ae1e2fd573dad66f9fc61edffe48a4492e2036b30e85bdc70a855bb77
SHA512

a787089383ed78985975249b150f7d21e39ce37fa26d4bc4f86271994e86c3e1a14390aa08a53d568ed6aecfafc0aa31cc9e99ab11f3e2147e41be994d2869a6
SSDEEP

12288:HsPg47DCfNR2WbC2VM38iUjd33Yu4pKQFoQrsuCQtIaESvQjZWrEvofI:HEgKW4Wm2hiUJ3hQXr11dEdog

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa51c14ee6ea30d741289bee86c94fa2_JaffaCakes118

Files

fa51c14ee6ea30d741289bee86c94fa2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

bc7ab5892acb0c67920a3d8f65656182

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crtdll

_execl
toupper
_strdup
_cscanf
_dup2
_ismbbalpha
_mbslwr
_setjmp
_purecall
iswpunct
_mbctohira
_ismbbprint
_control87
fseek
iswctype
fread
_initterm
pow
_osversion_dll
strerror
_umask
iswdigit
_lsearch
_ismbclower
wcsspn
_sleep
mktime
_mbctoupper
strlen
vwprintf
_fputwchar
_getcwd
_CIsqrt
_isatty
_mbsninc
fgetc
_HUGE_dll

msvcrt40

?get@istream@@IAEAAV1@PADHH@Z
_ismbbkana
?is_open@fstream@@QBEHXZ
_wctime
_strdup
__p__mbctype
wcscmp
?x_maxbit@ios@@0JA
?clear@ios@@QAEXH@Z
iswctype
cos
_getdrives
??0ostrstream@@QAE@ABV0@@Z
__p___mb_cur_max
?get@istream@@QAEAAV1@AAVstreambuf@@D@Z
?rdbuf@strstream@@QBEPAVstrstreambuf@@XZ
??0fstream@@QAE@ABV0@@Z
_eof
_itoa
islower
__isascii
??_Dofstream@@QAEXXZ
_adj_fdivr_m32
_CIsqrt
?flush@@YAAAVostream@@AAV1@@Z
??0exception@@QAE@ABV0@@Z
?cout@@3Vostream_withassign@@A
?seekg@istream@@QAEAAV1@J@Z
__getmainargs
??_8ostream@@7B@
_y0
?what@exception@@UBEPBDXZ
tmpfile
??_7filebuf@@6B@
rename
_ismbcgraph
??_8stdiostream@@7Bostream@@@

shlwapi

SHQueryValueExA
AssocQueryStringW
ChrCmpIA
SHDeleteKeyW
SHEnumValueA
SHRegGetUSValueA
SHQueryInfoKeyA
PathIsSameRootA
UrlApplySchemeW
PathGetDriveNumberA
HashData
UrlCompareA
PathFindNextComponentA
StrToInt64ExA
StrRetToStrA
PathGetCharTypeA
PathSetDlgItemPathW
PathIsUNCServerA
StrCpyW
UrlIsA
PathIsFileSpecW
StrFormatKBSizeW
StrRetToBufA
StrFormatByteSizeW
PathFindFileNameW
PathRemoveExtensionA
PathIsUNCServerShareA
PathUndecorateA
StrCmpIW
StrRStrIW
StrNCatA

olecli32

OleReconnect
OleDraw
LeRelease
OleEnumFormats
LeCreateInvisible
OleQueryCreateFromClip
OleQueryName
PbCreateFromTemplate
OleSavedClientDoc
DefCreateInvisible
ErrShow
SetNetName
DibClone
ErrQueryOpen
OleLoadFromStream
MfGetData
GenSaveToStream
LeObjectLong
OleCreateLinkFromFile
LeGetUpdateOptions
OleEqual
LeUpdate
PbCreate
ErrGetUpdateOptions
OleSetBounds
OleQueryReleaseError
OleSetData
OleQueryOpen
GenGetData
LeActivate
GenEqual
DibChangeData
OleCopyToClipboard
ErrCopyFromLink
MfClone
DibEqual
OleQueryOutOfDate

adsldpc

Component
LdapAddS
SchemaGetPropertyInfo
IsGCNamespace
ADSIGetNextRow
LdapSearchST
LdapValueFreeLen
ADSIGetFirstRow
ConvertSidToString
LdapCacheAddRef
??1CLexer@@QAE@XZ
ADSIGetNextColumnName
ADSIGetPreviousRow
LdapModifyExtS
FreeADsMem
?GetNextToken@CLexer@@QAEJPAGPAK@Z
LdapGetDn
BerBvFree
SchemaGetStringsFromStringTable
ADsExecuteSearch
AllocADsMem
ADsWriteClassDefinition
LdapControlsFree
ADsWriteAttributeDefinition
ADsSetObjectAttributes
LdapTypeToAdsTypeUTCTime
BuildLDAPPathFromADsPath
LdapcSetStickyServer
AdsTypeToLdapTypeCopyGeneralizedTime
ADSICloseDSObject
LdapSearchExtS
LdapCompareExt
ADSIExecuteSearch
LdapcKeepHandleAround
LdapTypeFreeLdapObjects
ADSIDeleteDSObject
ADsGetObjectAttributes
SortAndRemoveDuplicateOIDs
ADSICloseSearchHandle
LdapIsClassNameValidOnServer
SchemaAddRef
GetDomainDNSNameForDomain
LdapSearchAbandonPage

ntdsapi

DsListInfoForServerA
DsUnquoteRdnValueW
DsInheritSecurityIdentityA
DsListSitesA
DsMakeSpnW
DsFreeSpnArrayA
DsCrackUnquotedMangledRdnW
DsReplicaModifyW
DsBindWithSpnA
DsBindWithCredA
DsReplicaGetInfo2W
DsCrackSpn2W
DsAddSidHistoryW
DsMakeSpnA
DsBindW
DsCrackSpn2A
DsGetDomainControllerInfoA
DsReplicaGetInfoW
DsLogEntry
DsaopBind
DsReplicaSyncW
DsGetDomainControllerInfoW
DsReplicaUpdateRefsA
DsWriteAccountSpnW
DsUnquoteRdnValueA
DsQuoteRdnValueA
DsRemoveDsServerA
DsMakePasswordCredentialsW
DsUnBindA

kernel32

CreateFileW
IsDBCSLeadByte
UpdateResourceA
CreateTimerQueueTimer
GetConsoleDisplayMode
VirtualQueryEx
Toolhelp32ReadProcessMemory
OpenProfileUserMapping
GetEnvironmentStringsW
lstrcatA
CreateIoCompletionPort
LoadLibraryA
GetACP
FindFirstVolumeA
GetProcAddress
IsBadHugeReadPtr
OutputDebugStringA
GetConsoleAliasExesLengthA
TlsFree
GetComputerNameExW
HeapWalk
GlobalSize
SetTapeParameters
SetProcessShutdownParameters
PrivMoveFileIdentityW
GetNativeSystemInfo
InterlockedPopEntrySList
GetConsoleAliasesLengthW
GetCPInfoExA
WriteConsoleW
CloseProfileUserMapping
RtlCaptureContext
OpenEventW
ClearCommBreak
GetConsoleAliasesW
GenerateConsoleCtrlEvent
ReplaceFileW
SetThreadUILanguage
AddLocalAlternateComputerNameW
GetVolumeNameForVolumeMountPointA
SetCommMask
TryEnterCriticalSection
FindFirstFileExA
GetVDMCurrentDirectories
PurgeComm
SystemTimeToTzSpecificLocalTime
SetConsoleNumberOfCommandsW
SetConsoleMode
CreatePipe
AddVectoredExceptionHandler
CancelTimerQueueTimer
SetThreadContext
GetFileAttributesExW
Heap32Next
GetThreadContext
VirtualAlloc
GetDriveTypeA
FreeUserPhysicalPages
GetStringTypeA
SetConsoleIcon
UnlockFile
lstrcmpiW
WriteConsoleOutputA
GetComputerNameA
GetPrivateProfileSectionA

msvcrt

_pclose
_getch
_splitpath
atan
_strtoui64
_setjmp
_get_sbh_threshold
_scprintf
_wputenv
_fmode
_CIpow
_chkesp
_setmbcp
ungetc
wctomb
_ismbclower
exit
_getmaxstdio
_safe_fprem
??_Fbad_typeid@@QAEXXZ
wcstoul
_mbsset
_wcsset
_CIlog
_spawnl
_initterm
signal
fgetws
_cgets
_wutime64
__p__commode
strcoll
__set_app_type
_mbsicoll
__getmainargs
_read
_mbsnbicmp

secur32

CredMarshalTargetInfo
SaslGetProfilePackageW
FreeContextBuffer
LsaFreeReturnBuffer
TranslateNameW
QueryContextAttributesW
DecryptMessage
AddSecurityPackageA
QueryCredentialsAttributesA
InitializeSecurityContextA
AddSecurityPackageW
SetContextAttributesA
SaslGetProfilePackageA
CredUnmarshalTargetInfo
VerifySignature
DeleteSecurityContext
QuerySecurityContextToken
LsaEnumerateLogonSessions
FreeCredentialsHandle
CompleteAuthToken
UnsealMessage
EnumerateSecurityPackagesA
SaslIdentifyPackageA
ImportSecurityContextA
SaslIdentifyPackageW
QueryCredentialsAttributesW
LsaConnectUntrusted
GetComputerObjectNameW
SaslInitializeSecurityContextW
DeleteSecurityPackageA
ImportSecurityContextW
GetUserNameExA

ddrawex

DllGetClassObject

Sections

.text
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 296KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc7ab5892acb0c67920a3d8f65656182

Headers

DLL Characteristics

File Characteristics

Imports

crtdll

msvcrt40

shlwapi

olecli32

adsldpc

ntdsapi

kernel32

msvcrt

secur32

ddrawex

Sections

.text Size: 356KB - Virtual size: 356KB

.rdata Size: 207KB - Virtual size: 207KB

.data Size: 296KB - Virtual size: 1.7MB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 356KB - Virtual size: 356KB

.rdata
Size: 207KB - Virtual size: 207KB

.data
Size: 296KB - Virtual size: 1.7MB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 1024B