fa83b8b3997db08742b8d3ae18ccbc3a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fa83b8b3997db08742b8d3ae18ccbc3a_JaffaCakes118
Size

168KB
MD5

fa83b8b3997db08742b8d3ae18ccbc3a
SHA1

df87603798a75f3d0f4a8d773a97b4587e826981
SHA256

39cbfdb6a3b5499cac43084eb57b5f93e3e5a1a994c797f9e651e385c0b87f60
SHA512

e8d2f657f2d3b1a19c86a2e91bacc7fd460ada1437def6680b4c198ec295eed008088c063933780f93d5f5752cfca61f12cc8fb54837b583408b82d94bb1323e
SSDEEP

3072:dY6h7Pm+pbqiNh4PLjYWthdc5w+eUDIETOKuKtH4Yx/bgNUZE0ooAAAtGnZIUQvA:26de+pbqw0jY6dcS9ETfudY9MNQE0oNm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa83b8b3997db08742b8d3ae18ccbc3a_JaffaCakes118

Files

fa83b8b3997db08742b8d3ae18ccbc3a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

52880e3c22716129aa7a06cde2838e7a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmDestroyIMCC
ImmGetImeMenuItemsW
ImmInstallIMEW
ImmGetVirtualKey
ImmRegisterWordA
ImmAssociateContextEx
ImmGetCandidateListA
ImmGetGuideLineW
ImmPutImeMenuItemsIntoMappedFile
ImmGetCompositionStringA
ImmRegisterClient
ImmGetCompositionStringW
ImmSetActiveContext
ImmGetCandidateListW
ImmIMPGetIMEA
ImmIsUIMessageA
ImmLockClientImc
ImmReleaseContext
ImmEnumRegisterWordA
ImmIMPSetIMEA
ImmCreateIMCC
ImmConfigureIMEA
ImmRegisterWordW
ImmSetCompositionStringW
ImmGetIMCCSize
ImmGetDefaultIMEWnd
ImmSetCandidateWindow
ImmConfigureIMEW
ImmGetImeMenuItemsA
ImmGetImeInfoEx
ImmGetCandidateListCountA
ImmCreateContext
ImmUnlockClientImc
ImmGetGuideLineA
ImmGetHotKey
ImmGetProperty
ImmIMPSetIMEW
ImmIMPGetIMEW
ImmIsUIMessageW
ImmIMPQueryIMEW
ImmGetCompositionFontW
ImmGetIMCCLockCount
ImmSimulateHotKey
ImmUnlockImeDpi
ImmUnlockIMCC

kernel32

_lread
RtlZeroMemory
SetTapePosition
GetBinaryType
GlobalAlloc
ReplaceFileA
WriteConsoleOutputAttribute
GetCurrentThreadId
WriteTapemark
TzSpecificLocalTimeToSystemTime
WaitForSingleObjectEx
FindClose
DeactivateActCtx
CreateToolhelp32Snapshot
UTRegister
RtlFillMemory
GetSystemWow64DirectoryA
SetCurrentDirectoryA
WaitForDebugEvent
SetLocaleInfoA
VerifyConsoleIoHandle
OpenFileMappingW
GlobalSize
GetThreadLocale
GetLastError
ReleaseActCtx
SearchPathA
SetLastError
LoadResource
VirtualAlloc
FileTimeToDosDateTime
GetCurrentThread
SetConsoleInputExeNameW
FillConsoleOutputCharacterA
GetVolumePathNameA
GetEnvironmentStringsA
WaitNamedPipeA
GetProcessHeaps
SetConsoleKeyShortcuts
GlobalAddAtomA
GetBinaryTypeW
GetConsoleCP
GetFullPathNameA
HeapCreate
LoadLibraryA
CreateTimerQueue
SuspendThread
SetCalendarInfoW
RegisterConsoleVDM
OpenConsoleW

winipsec

GetTunnelFilter
EnumIPSecInterfaces
SPDApiBufferFree
EnumQMSAs
QueryIPSecStatistics
GetQMPolicyByID
DeleteTunnelFilter
CloseMMFilterHandle
EnumTunnelFilters
GetTransportFilter
AddTransportFilter
OpenTunnelFilterHandle
DeleteMMPolicy
CloseTunnelFilterHandle
OpenMMFilterHandle
SetMMPolicy
MatchTransportFilter
DeleteTransportFilter
EnumMMPolicies
SetMMAuthMethods
DeleteMMAuthMethods
AddMMPolicy
EnumMMAuthMethods
AddMMFilter
EnumTransportFilters

adsldpc

ADsAbandonSearch
SchemaGetPropertyInfo
LdapTypeToAdsTypeDNWithBinary
SchemaGetClassInfoByIndex
ADsGetNextRow
LdapcSetStickyServer
GetDefaultServer
LdapParseResult
BuildLDAPPathFromADsPath
UnMarshallLDAPToLDAPSynID
LdapCreatePageControl
ADSIGetNextRow
LdapSearchInitPage
ADsCreateAttributeDefinition
LdapParsePageControl
LdapAttributeFree
ReallocADsStr
ADsGetFirstRow
LdapGetSchemaObjectCount
AllocADsMem
IsGCNamespace
AllocADsStr
LdapSearchST
LdapMsgFree
?SetExclaimnationDisabler@CLexer@@QAEXH@Z
LdapCompareExt
intcmp
LdapModifyExtS
LdapSearchS
LdapOpenObject2
BuildADsPathFromLDAPPath2
SortAndRemoveDuplicateOIDs
LdapGetDn
LdapResult
ADSIDeleteDSObject
AdsTypeToLdapTypeCopyDNWithBinary

odbccu32

SQLFreeStmt
SQLGetDescField
SQLEndTran
SQLBindCol
SQLExecDirect
SQLTransact
SQLNumParams
SQLGetData
SQLSetStmtAttr
SQLGetDescRec
SQLSetPos
SQLGetStmtOption
SQLPrepare
SQLGetStmtAttr
SQLExecute
SQLRowCount
SQLBindParameter
SQLCloseCursor
SQLBulkOperations
SQLFreeHandle
SQLNativeSql
SQLMoreResults
SQLExtendedFetch
SQLGetInfo
SQLSetStmtOption
SQLSetConnectAttr
SQLSetDescField
SQLCancel
SQLParamOptions
SQLParamData
SQLSetScrollOptions
SQLFetchScroll
SQLPutData
SQLSetDescRec
SQLSetConnectOption
ReleaseCLStmtResources
SQLFetch

ntdll

_ultoa
isalnum
RtlMultiByteToUnicodeN
NtLockFile
RtlGUIDFromString
RtlUlonglongByteSwap
NtShutdownSystem
NtDeleteObjectAuditAlarm
RtlDeNormalizeProcessParams
ZwCreateDebugObject
LdrUnlockLoaderLock
RtlAddAuditAccessAce
KiUserCallbackDispatcher
ZwAlertResumeThread
NtUnloadKeyEx
ZwReplyWaitReceivePort
RtlQueueWorkItem
RtlLengthSecurityDescriptor
ZwQueryDefaultLocale
ZwAllocateLocallyUniqueId
NtCreateSemaphore
RtlConvertExclusiveToShared
RtlFindLongestRunClear
CsrCaptureMessageMultiUnicodeStringsInPlace
NtDeviceIoControlFile
ZwSetVolumeInformationFile
ZwMapViewOfSection
ZwCreatePagingFile
NtSetSecurityObject
RtlCreateActivationContext
ZwSetEvent
RtlIpv6AddressToStringA
RtlDecompressFragment
RtlAcquireResourceShared

cnvfat

IsConversionAvailable
ConvertFAT

Sections

.text
Size: 61KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

52880e3c22716129aa7a06cde2838e7a

Headers

DLL Characteristics

File Characteristics

Imports

imm32

kernel32

winipsec

adsldpc

odbccu32

ntdll

cnvfat

Sections

.text Size: 61KB - Virtual size: 64KB

.rdata Size: 85KB - Virtual size: 88KB

.data Size: 19KB - Virtual size: 180KB

.rsrc Size: 1KB - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 61KB - Virtual size: 64KB

.rdata
Size: 85KB - Virtual size: 88KB

.data
Size: 19KB - Virtual size: 180KB

.rsrc
Size: 1KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 4KB