0041ec25e1f0b633c5ff17b96a31e396_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0041ec25e1f0b633c5ff17b96a31e396_JaffaCakes118
Size

873KB
MD5

0041ec25e1f0b633c5ff17b96a31e396
SHA1

83048931e6b7c396b3c22a4aaeaadf25a872ba9d
SHA256

59346068dd0b2ffd086953e73a677bcec339547c0f3e71e576a54d486d34af15
SHA512

1afaa071643e8d857865b2eb5b88b49523d4cb29bde4f9c170969d114803607605a134889537bb9b937f5ae48d78a8468dffd70474802bbea1165ac199d9aa30
SSDEEP

24576:/YfqtHhoCSMxR2Zf+9wsEZf4j6pfNxyivubyWlHas:wCpnvuvjwj6vxyiv+Xas

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0041ec25e1f0b633c5ff17b96a31e396_JaffaCakes118

Files

0041ec25e1f0b633c5ff17b96a31e396_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f7a1f6acfa90bc17bbb01ecefb507234

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

CreatePropertySheetPage
ImageList_Add
FlatSB_GetScrollPos
ImageList_LoadImageW
ImageList_LoadImage
CreateStatusWindow
ImageList_Copy
UninitializeFlatSB
ImageList_GetIcon
ImageList_Write
ImageList_GetIconSize
DllGetVersion
PropertySheet
ImageList_DragShowNolock
ImageList_Replace
ImageList_DragLeave
DrawStatusText
ImageList_Remove
DrawInsert
ImageList_DragMove
MakeDragList
ImageList_DragEnter
ImageList_SetOverlayImage
ImageList_AddMasked
CreateUpDownControl
_TrackMouseEvent
PropertySheetW
ImageList_GetDragImage
DrawStatusTextW
ImageList_GetBkColor
ImageList_GetImageCount

wldap32

ldap_search_sA
ldap_rename_extW
ldap_open
ldap_openA
ber_alloc_t
ldap_modrdn_sA
ber_bvfree
ldap_modify_extW
ldap_simple_bind_sA
ldap_conn_from_msg
ldap_ufn2dn
ldap_set_option
ldap_delete_extA
ldap_compare_sA
ldap_modify
ldap_escape_filter_element
ldap_search_ext_sW
ldap_addA
ldap_value_freeW
ldap_err2stringA
ldap_search_extA
ldap_control_freeA
ldap_explode_dnW
ldap_next_reference
ldap_parse_page_controlW
ldap_get_option
ldap_ufn2dnW
ldap_addW
ldap_modifyW
ldap_get_next_page_s
ldap_simple_bindA
ldap_free_controlsW
ldap_next_attribute
ldap_modrdn2_s
ldap_rename_extA
ldap_bindA
ber_skip_tag
ldap_dn2ufn
ldap_parse_result
ldap_sasl_bindW
ldap_modify_sW
ldap_modrdn
ber_scanf
ldap_search_stA

kernel32

GetEnvironmentStringsA
IsBadHugeWritePtr
GetStartupInfoA
GlobalAlloc
CreateActCtxW
GetConsoleAliasExesLengthW
OutputDebugStringA
GetStdHandle
LocalReAlloc
PeekConsoleInputW
OpenMutexA
GetLogicalDrives
lstrcmpiA
GetProcessWorkingSetSize
SetLastError
SetLastConsoleEventActive
FindFirstVolumeMountPointW
GetPrivateProfileIntW
UpdateResourceA
LeaveCriticalSection
SetFileShortNameW
GetCurrentThread
HeapFree
GetPrivateProfileIntA
GetCurrencyFormatA
WriteConsoleW
UTRegister
GetCommProperties
LoadLibraryA
EnumerateLocalComputerNamesA
VirtualAlloc
WriteConsoleOutputA
EnumTimeFormatsW

msvcrt

_wspawnl
_pgmptr
__wcserror
_beginthread
wscanf
_CIcosh
_endthreadex
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
wctomb
_ltoa
_mbsdec
_findfirsti64
__RTCastToVoid
_wctime64
_heapwalk
_mbslwr
_statusfp
_winminor
_mbsset
strerror
__CxxLongjmpUnwind
strlen
__p__tzname
__iscsym
log
_mbctombb
_wpopen
?before@type_info@@QBEHABV1@@Z
??_Fbad_typeid@@QAEXXZ
_snwprintf
_wsopen
atoi
_wctime
_adj_fprem
??1type_info@@UAE@XZ

ntdsapi

DsListInfoForServerA
DsLogEntry
DsFreeDomainControllerInfoW
DsReplicaFreeInfo
DsReplicaModifyA
DsInheritSecurityIdentityA
DsReplicaGetInfoW
DsFreeSchemaGuidMapW
DsCrackUnquotedMangledRdnW
DsListServersInSiteW
DsaopExecuteScript
DsBindWithSpnA
DsCrackSpn2A
DsIsMangledRdnValueA
DsReplicaGetInfo2W
DsaopBindWithSpn
DsCrackNamesA
DsListDomainsInSiteA
DsListSitesW
DsFreeNameResultA
DsBindWithSpnW
DsGetRdnW
DsInheritSecurityIdentityW
DsFreeNameResultW
DsAddSidHistoryW
DsaopPrepareScript
DsGetDomainControllerInfoW
DsReplicaDelW
DsBindA
DsReplicaAddW
DsRemoveDsServerA
DsReplicaConsistencyCheck
DsBindWithCredW
DsCrackSpnW
DsRemoveDsDomainA
DsFreeSpnArrayW
DsReplicaSyncAllA
DsMakePasswordCredentialsA
DsIsMangledDnA
DsUnBindA
DsFreeDomainControllerInfoA
DsWriteAccountSpnW

gdi32

GdiValidateHandle
GetCurrentObject
RemoveFontResourceW
DescribePixelFormat
CreateBrushIndirect
UnrealizeObject
GdiGetDevmodeForPage
CreatePen
GdiEndPageEMF
CopyMetaFileW
GdiPrinterThunk
GetLogColorSpaceA
SetTextAlign
GdiEntry4
GdiFullscreenControl
EngDeleteClip
GetClipRgn
Rectangle
GdiEntry5
EngStretchBlt
DdEntry43
DdEntry31
SetLayoutWidth
GetTextMetricsA
GetTextCharset

user32

EndDialog
MessageBoxW

shell32

SHGetMalloc

Sections

.text
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 385KB - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 273KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f7a1f6acfa90bc17bbb01ecefb507234

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

wldap32

kernel32

msvcrt

ntdsapi

gdi32

user32

shell32

Sections

.text Size: 212KB - Virtual size: 212KB

.rdata Size: 385KB - Virtual size: 388KB

.data Size: 512B - Virtual size: 1.7MB

.rsrc Size: 273KB - Virtual size: 276KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 212KB - Virtual size: 212KB

.rdata
Size: 385KB - Virtual size: 388KB

.data
Size: 512B - Virtual size: 1.7MB

.rsrc
Size: 273KB - Virtual size: 276KB

.reloc
Size: 1024B - Virtual size: 4KB