01af4f0de4d42808c765da8c231b1996_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

01af4f0de4d42808c765da8c231b1996_JaffaCakes118
Size

167KB
MD5

01af4f0de4d42808c765da8c231b1996
SHA1

e15bd450c5d4560624ab310d719d9c74b1cea375
SHA256

e516bf853cddb71caf784de3f39490f6d00c465f59cb6d4125810bae52cf5524
SHA512

a1a5254cae120de00a0020c92b5896ba30979738760a64d14b56f38223feecdc143ba1bef89efca3afed269f0f57bc332d516a5fd00ab66d7c055e6284a08e95
SSDEEP

3072:dY6h7Pm+pbqiNh4PLjYWthdc5w+eUDIETOKuKtH4Yx/bgNUZE0ooAAAtGnZIUQvE:26de+pbqw0jY6dcS9ETfudY9MNQE0oNy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01af4f0de4d42808c765da8c231b1996_JaffaCakes118

Files

01af4f0de4d42808c765da8c231b1996_JaffaCakes118
.exe windows:5 windows x86 arch:x86

52880e3c22716129aa7a06cde2838e7a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmDestroyIMCC
ImmGetImeMenuItemsW
ImmInstallIMEW
ImmGetVirtualKey
ImmRegisterWordA
ImmAssociateContextEx
ImmGetCandidateListA
ImmGetGuideLineW
ImmPutImeMenuItemsIntoMappedFile
ImmGetCompositionStringA
ImmRegisterClient
ImmGetCompositionStringW
ImmSetActiveContext
ImmGetCandidateListW
ImmIMPGetIMEA
ImmIsUIMessageA
ImmLockClientImc
ImmReleaseContext
ImmEnumRegisterWordA
ImmIMPSetIMEA
ImmCreateIMCC
ImmConfigureIMEA
ImmRegisterWordW
ImmSetCompositionStringW
ImmGetIMCCSize
ImmGetDefaultIMEWnd
ImmSetCandidateWindow
ImmConfigureIMEW
ImmGetImeMenuItemsA
ImmGetImeInfoEx
ImmGetCandidateListCountA
ImmCreateContext
ImmUnlockClientImc
ImmGetGuideLineA
ImmGetHotKey
ImmGetProperty
ImmIMPSetIMEW
ImmIMPGetIMEW
ImmIsUIMessageW
ImmIMPQueryIMEW
ImmGetCompositionFontW
ImmGetIMCCLockCount
ImmSimulateHotKey
ImmUnlockImeDpi
ImmUnlockIMCC

kernel32

_lread
RtlZeroMemory
SetTapePosition
GetBinaryType
GlobalAlloc
ReplaceFileA
WriteConsoleOutputAttribute
GetCurrentThreadId
WriteTapemark
TzSpecificLocalTimeToSystemTime
WaitForSingleObjectEx
FindClose
DeactivateActCtx
CreateToolhelp32Snapshot
UTRegister
RtlFillMemory
GetSystemWow64DirectoryA
SetCurrentDirectoryA
WaitForDebugEvent
SetLocaleInfoA
VerifyConsoleIoHandle
OpenFileMappingW
GlobalSize
GetThreadLocale
GetLastError
ReleaseActCtx
SearchPathA
SetLastError
LoadResource
VirtualAlloc
FileTimeToDosDateTime
GetCurrentThread
SetConsoleInputExeNameW
FillConsoleOutputCharacterA
GetVolumePathNameA
GetEnvironmentStringsA
WaitNamedPipeA
GetProcessHeaps
SetConsoleKeyShortcuts
GlobalAddAtomA
GetBinaryTypeW
GetConsoleCP
GetFullPathNameA
HeapCreate
LoadLibraryA
CreateTimerQueue
SuspendThread
SetCalendarInfoW
RegisterConsoleVDM
OpenConsoleW

winipsec

GetTunnelFilter
EnumIPSecInterfaces
SPDApiBufferFree
EnumQMSAs
QueryIPSecStatistics
GetQMPolicyByID
DeleteTunnelFilter
CloseMMFilterHandle
EnumTunnelFilters
GetTransportFilter
AddTransportFilter
OpenTunnelFilterHandle
DeleteMMPolicy
CloseTunnelFilterHandle
OpenMMFilterHandle
SetMMPolicy
MatchTransportFilter
DeleteTransportFilter
EnumMMPolicies
SetMMAuthMethods
DeleteMMAuthMethods
AddMMPolicy
EnumMMAuthMethods
AddMMFilter
EnumTransportFilters

adsldpc

ADsAbandonSearch
SchemaGetPropertyInfo
LdapTypeToAdsTypeDNWithBinary
SchemaGetClassInfoByIndex
ADsGetNextRow
LdapcSetStickyServer
GetDefaultServer
LdapParseResult
BuildLDAPPathFromADsPath
UnMarshallLDAPToLDAPSynID
LdapCreatePageControl
ADSIGetNextRow
LdapSearchInitPage
ADsCreateAttributeDefinition
LdapParsePageControl
LdapAttributeFree
ReallocADsStr
ADsGetFirstRow
LdapGetSchemaObjectCount
AllocADsMem
IsGCNamespace
AllocADsStr
LdapSearchST
LdapMsgFree
?SetExclaimnationDisabler@CLexer@@QAEXH@Z
LdapCompareExt
intcmp
LdapModifyExtS
LdapSearchS
LdapOpenObject2
BuildADsPathFromLDAPPath2
SortAndRemoveDuplicateOIDs
LdapGetDn
LdapResult
ADSIDeleteDSObject
AdsTypeToLdapTypeCopyDNWithBinary

odbccu32

SQLFreeStmt
SQLGetDescField
SQLEndTran
SQLBindCol
SQLExecDirect
SQLTransact
SQLNumParams
SQLGetData
SQLSetStmtAttr
SQLGetDescRec
SQLSetPos
SQLGetStmtOption
SQLPrepare
SQLGetStmtAttr
SQLExecute
SQLRowCount
SQLBindParameter
SQLCloseCursor
SQLBulkOperations
SQLFreeHandle
SQLNativeSql
SQLMoreResults
SQLExtendedFetch
SQLGetInfo
SQLSetStmtOption
SQLSetConnectAttr
SQLSetDescField
SQLCancel
SQLParamOptions
SQLParamData
SQLSetScrollOptions
SQLFetchScroll
SQLPutData
SQLSetDescRec
SQLSetConnectOption
ReleaseCLStmtResources
SQLFetch

ntdll

_ultoa
isalnum
RtlMultiByteToUnicodeN
NtLockFile
RtlGUIDFromString
RtlUlonglongByteSwap
NtShutdownSystem
NtDeleteObjectAuditAlarm
RtlDeNormalizeProcessParams
ZwCreateDebugObject
LdrUnlockLoaderLock
RtlAddAuditAccessAce
KiUserCallbackDispatcher
ZwAlertResumeThread
NtUnloadKeyEx
ZwReplyWaitReceivePort
RtlQueueWorkItem
RtlLengthSecurityDescriptor
ZwQueryDefaultLocale
ZwAllocateLocallyUniqueId
NtCreateSemaphore
RtlConvertExclusiveToShared
RtlFindLongestRunClear
CsrCaptureMessageMultiUnicodeStringsInPlace
NtDeviceIoControlFile
ZwSetVolumeInformationFile
ZwMapViewOfSection
ZwCreatePagingFile
NtSetSecurityObject
RtlCreateActivationContext
ZwSetEvent
RtlIpv6AddressToStringA
RtlDecompressFragment
RtlAcquireResourceShared

cnvfat

IsConversionAvailable
ConvertFAT

Sections

.text
Size: 61KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

52880e3c22716129aa7a06cde2838e7a

Headers

DLL Characteristics

File Characteristics

Imports

imm32

kernel32

winipsec

adsldpc

odbccu32

ntdll

cnvfat

Sections

.text Size: 61KB - Virtual size: 64KB

.rdata Size: 85KB - Virtual size: 88KB

.data Size: 19KB - Virtual size: 180KB

.rsrc Size: 1KB - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 61KB - Virtual size: 64KB

.rdata
Size: 85KB - Virtual size: 88KB

.data
Size: 19KB - Virtual size: 180KB

.rsrc
Size: 1KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 4KB