00254196cc0b6bc183ba5d886b37c136_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

00254196cc0b6bc183ba5d886b37c136_JaffaCakes118
Size

409KB
MD5

00254196cc0b6bc183ba5d886b37c136
SHA1

8f87de93d94579f87a27d202383dfdb905910475
SHA256

0a0f360bdebb502e01c87340fff5ae8f29c925c9719d42957a85120a7cffdb2c
SHA512

1942fa0ee9e708b8e08c09b24a957527c0f86524b81a0f8066f4aea6f33eb4034ca67518cb525ddf2cb64735a4cd21e9c49e1a00df2e2309adfd14e4c286d648
SSDEEP

6144:wE0EA/AzKkNFF69FOOHypQzP8Zi82WkAMk/5wUOirueYVhwL1fXpJe:wdEhDFF4BHypQD8Zi8VkXMwU9YVhwJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00254196cc0b6bc183ba5d886b37c136_JaffaCakes118

Files

00254196cc0b6bc183ba5d886b37c136_JaffaCakes118
.dll windows:4 windows x86 arch:x86

08a4bb06aeaeb083fb3ee6399c7cc121

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

adsldpc

LdapValueFree
ADsObject
ChangeSeparator
LdapCompareExt
LdapCloseObject
GetDefaultServer
ReadServerSupportsIsADControl
FreeObjectInfo
BuildLDAPPathFromADsPath2
LdapOpenObject
BuildADsPathFromLDAPPath
LdapReadAttributeFast
LdapModifyS

netapi32

NetUserChangePassword
NetUserSetInfo

secur32

LsaLookupAuthenticationPackage
LsaDeregisterLogonProcess
LsaFreeReturnBuffer
LsaCallAuthenticationPackage
LsaConnectUntrusted

ntdll

NtAddAtom
NtAllocateVirtualMemory

user32

wsprintfW

msvcrt

wcscmp
_adjust_fdiv
wcscat
wcslen
wcschr
_initterm
_purecall
_wcsicmp
_except_handler3
sprintf
_wcsnicmp
malloc
wcscpy
wcstok
free
swscanf

kernel32

UnhandledExceptionFilter
FreeLibrary
GetProcAddress
GetSystemTimeAsFileTime
FormatMessageW
InterlockedIncrement
QueryPerformanceCounter
SystemTimeToTzSpecificLocalTime
GetLastError
DisableThreadLibraryCalls
CloseHandle
CompareStringW
TerminateProcess
LoadLibraryW
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetCurrentProcessId
LeaveCriticalSection
DosDateTimeToFileTime
SystemTimeToFileTime
GetTickCount
LocalFree
EnterCriticalSection
LocalAlloc
FileTimeToSystemTime
GetCurrentProcess
SetUnhandledExceptionFilter
GetCurrentThreadId
LocalFileTimeToFileTime
GetSystemTime
GetACP
InitializeCriticalSection
InterlockedDecrement

advapi32

LogonUserW
SystemFunction040
SystemFunction041
ImpersonateLoggedOnUser
RevertToSelf

ole32

CoCreateInstance

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 920KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

08a4bb06aeaeb083fb3ee6399c7cc121

Headers

File Characteristics

Imports

adsldpc

netapi32

secur32

ntdll

user32

msvcrt

kernel32

advapi32

ole32

Sections

.text Size: 7KB - Virtual size: 7KB

.rsrc Size: 216KB - Virtual size: 216KB

.data Size: 20KB - Virtual size: 920KB

.rdata Size: 163KB - Virtual size: 163KB

.reloc Size: 512B - Virtual size: 20B

.text
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 216KB - Virtual size: 216KB

.data
Size: 20KB - Virtual size: 920KB

.rdata
Size: 163KB - Virtual size: 163KB

.reloc
Size: 512B - Virtual size: 20B