fae2ef1332864d22a5c1862be8eb41b7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fae2ef1332864d22a5c1862be8eb41b7_JaffaCakes118
Size

85KB
MD5

fae2ef1332864d22a5c1862be8eb41b7
SHA1

ffa1fac6b1e568f755259d668b67dbfa9034eea3
SHA256

e18c4f7ea26ff04211afb5ae0814d494b3c654225eaf91b75bdbb8986e677905
SHA512

239a0cbe420a5376f8e98580fecfda9c0ffb670409eff59560d7f6644f965ab1f39a94f7ee8eaf5e39600a74a6cfa45a610dbfdf0826808e6a5837914669b48a
SSDEEP

1536:NOeS05PP3Kb75RDpUNYYbeFnr2sDy0nM2mfG1uqccl1XFDoaCqM:8V05af1UpbqB/nM2mfG126O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fae2ef1332864d22a5c1862be8eb41b7_JaffaCakes118

Files

fae2ef1332864d22a5c1862be8eb41b7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

584a77f4d1429c0a16cc351bcb01b250

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

adsldpc

LdapSearchInitPage
LdapNextEntry
ADSIAbandonSearch
ADsGetColumn
ADsFreeColumn
ADSIGetNextColumnName
GetDomainDNSNameForDomain
ReallocADsMem
ADsCreateAttributeDefinition
SchemaAddRef
ReadSecurityDescriptorControlType
ADSIGetFirstRow
AdsTypeFreeAdsObjects
??1CLexer@@QAE@XZ
LdapParsePageControl
UnMarshallLDAPToLDAPSynID
SchemaGetSyntaxOfAttribute

kernel32

LoadLibraryA
SetCriticalSectionSpinCount
GetNumaAvailableMemoryNode
ClearCommBreak
GetCurrentThreadId
VirtualAlloc
VirtualProtect
GetModuleHandleExW
GetStartupInfoW
ReadFileEx
QueryPerformanceCounter
CreateProcessW
SetProcessAffinityMask
BindIoCompletionCallback
GetCurrentProcessId
GetSystemTimeAsFileTime
FlushViewOfFile
GetModuleHandleW
WriteTapemark
Process32NextW
GetTickCount

oleaut32

VarR8FromUI1
DispGetParam
VarImp
VarR4FromBool
LPSAFEARRAY_UserMarshal
VarDateFromStr
OleSavePictureFile
VarDateFromI8
VarI1FromI2
VarSub
SafeArrayGetElement
VarUI2FromUI8
VarR8Round
VarI4FromDate
VarR4CmpR8
VarDateFromUI1
VarFormat
VectorFromBstr
VarI8FromDisp
LPSAFEARRAY_UserFree

msdart

?SetSpinCount@CCritSec@@SGKPAPAVCCriticalSection@@K@Z
?ConvertSharedToExclusive@CSpinLock@@QAEXXZ
?SetDefaultSpinAdjustmentFactor@CSmallSpinLock@@SGXN@Z
?Apply@CLKRHashTable@@QAEKP6G?AW4LK_ACTION@@PBXPAX@Z1W4LK_LOCKTYPE@@@Z
?SetSpinCount@CCritSec@@QAE_NG@Z
?SetTableLockSpinCount@CLKRLinearHashTable@@QAEXG@Z
?ReadLock@CSmallSpinLock@@QAEXXZ
?DeleteKey@CLKRLinearHashTable@@QAE?AW4LK_RETCODE@@K@Z
?sm_wDefaultSpinCount@CSpinLock@@1GA
?IsWriteUnlocked@CLKRHashTable@@QBE_NXZ
?_WriteLockSpin@CReaderWriterLock@@AAEXXZ
?IsReadLocked@CCritSec@@QBE_NXZ
??1CLockedDoubleList@@QAE@XZ
??0CFakeLock@@QAE@XZ
?IsReadLocked@CSmallSpinLock@@QBE_NXZ
?GetStatistics@CLKRHashTable@@QBE?AVCLKRHashTableStats@@XZ

stclient

DllRegisterServer
DllGetClassObject
DllUnregisterServer
DllCanUnloadNow

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

584a77f4d1429c0a16cc351bcb01b250

Headers

DLL Characteristics

File Characteristics

Imports

adsldpc

kernel32

oleaut32

msdart

stclient

Sections

.text Size: 31KB - Virtual size: 30KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 19KB - Virtual size: 82KB

.rsrc Size: 21KB - Virtual size: 21KB

.reloc Size: 512B - Virtual size: 212B

.text
Size: 31KB - Virtual size: 30KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 19KB - Virtual size: 82KB

.rsrc
Size: 21KB - Virtual size: 21KB

.reloc
Size: 512B - Virtual size: 212B