01bbf1491173f233270af86811fb62e4_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

01bbf1491173f233270af86811fb62e4_JaffaCakes118
Size

428KB
MD5

01bbf1491173f233270af86811fb62e4
SHA1

7b5eaa243e9a4ca9ee795ac1ead044792a829081
SHA256

ded8bc043e15e8ec9b9cf1d3c3562ff26718d577cd948519156c37a58d10623b
SHA512

72839589e453f690acd2b82e97a917f88742d54f9f0b3bd890ac2eb14cdc81f6ba865d14eb8e74941449a446ec107b8d11140057a21eb62a158d616184b0b407
SSDEEP

6144:wp4YQFcNgKkNP6KkTNrl5iMFt5EjS1A0z7uLeHY5C+J/pUbc3Gnjh5wqqKp:wLz1AYuLfd/pUbc3Ijh5wvKp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01bbf1491173f233270af86811fb62e4_JaffaCakes118

Files

01bbf1491173f233270af86811fb62e4_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7f65aca43f79cb889b52fd550203c2b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

tsadmin.pdb

Imports

mfc42u

ord6370
ord4347
ord5286
ord3793
ord4831
ord4435
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord5257
ord2438
ord2116
ord5273
ord3365
ord4621
ord4418
ord3635
ord567
ord693
ord6003
ord3993
ord1833
ord4236
ord784
ord2294
ord3281
ord6898
ord6896
ord6266
ord3905
ord3288
ord537
ord3991
ord4714
ord3087
ord2857
ord4583
ord4582
ord4893
ord4364
ord4886
ord4527
ord5070
ord4334
ord4341
ord4883
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4957
ord4954
ord4103
ord6050
ord4401
ord5236
ord5277
ord3743
ord1718
ord5256
ord2083
ord4426
ord686
ord384
ord2088
ord3621
ord2406
ord3614
ord2579
ord4400
ord3389
ord3724
ord804
ord1937
ord4268
ord4335
ord4343
ord4717
ord4884
ord4958
ord4955
ord1719
ord3395
ord3732
ord560
ord813
ord4458
ord5977
ord5762
ord4279
ord1090
ord2225
ord2111
ord4526
ord5255
ord3394
ord3729
ord303
ord1934
ord4267
ord3282
ord4120
ord5871
ord801
ord6139
ord541
ord858
ord3296
ord2910
ord2371
ord5261
ord4370
ord4992
ord6048
ord5157
ord5276
ord4419
ord3592
ord324
ord4229
ord4704
ord4847
ord3093
ord6211
ord1771
ord2634
ord5947
ord1775
ord4219
ord3090
ord6193
ord6195
ord4042
ord4803
ord861
ord2281
ord2362
ord5601
ord4158
ord1834
ord4237
ord2715
ord2382
ord3054
ord5094
ord5097
ord4298
ord3345
ord5006
ord5468
ord3398
ord2874
ord2873
ord4146
ord4072
ord5233
ord5278
ord2641
ord1658
ord4430
ord4421
ord796
ord794
ord674
ord554
ord529
ord527
ord366
ord807
ord3476
ord2244
ord5248
ord4407
ord3865
ord975
ord6191
ord2486
ord2619
ord2618
ord5867
ord5996
ord2109
ord2112
ord4451
ord6325
ord3332
ord3363
ord364
ord2855
ord3568
ord3397
ord3716
ord795
ord6238
ord4270
ord755
ord470
ord6004
ord538
ord535
ord3292
ord3291
ord3909
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord3733
ord561
ord815
ord4262
ord4604
ord986
ord520
ord2613
ord2377
ord5237
ord4396
ord1768
ord4073
ord6051
ord1569
ord2574
ord3133
ord4294
ord1143
ord1637
ord2858
ord2430
ord3649
ord2576
ord4215
ord4817
ord5593
ord2506
ord1105
ord326
ord2809
ord641
ord2810
ord2385
ord1081
ord3988
ord5949
ord338
ord348
ord415
ord540
ord4155
ord800
ord652
ord663
ord715
ord4420
ord4617
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord6171
ord6076
ord3193
ord3449
ord4381
ord2391
ord4852
ord4947
ord4414
ord5649
ord3167
ord5573
ord5736
ord5239
ord2534
ord2502
ord6332
ord3060
ord3053
ord4690
ord4233
ord1817
ord803
ord543
ord3579
ord2644
ord1662
ord2078
ord1172
ord1165
ord823
ord825
ord1767
ord3658

msvcrt

__wgetmainargs
_wcmdln
_waccess
_purecall
wcstoul
_snwprintf
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
__dllonexit
_onexit
_controlfp
_initterm
_wcslwr
wcsncpy
wcstol
wcsncmp
_wtol
wcscat
_timezone
swscanf
_c_exit
_exit
_XcptFilter
_cexit
__setusermatherr
_adjust_fdiv
__p__commode
?terminate@@YAXXZ
exit
wcscpy
_except_handler3
_wcsicmp
wcscmp
wcslen
__CxxFrameHandler
clock

advapi32

RegEnumKeyExW
RegQueryValueExA
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
GetLengthSid
RegOpenKeyExW
RegOpenKeyExA
RegConnectRegistryW
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW

kernel32

LocalFree
lstrcpynW
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetEvent
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
SetLastError
GetModuleFileNameW
OutputDebugStringA
Sleep
lstrcatW
lstrcpyW
OutputDebugStringW
CloseHandle
WaitForSingleObject
GetExitCodeThread
ExitThread
GetSystemDirectoryW
LocalAlloc
LoadLibraryA
ResumeThread
TerminateThread
GetCurrentThreadId
FormatMessageW
DnsHostnameToComputerNameW
MultiByteToWideChar
WideCharToMultiByte
WTSGetActiveConsoleSessionId
ProcessIdToSessionId
GetCurrentProcessId
GetTimeFormatW
GlobalFree
GlobalAlloc
GetDateFormatW
CreateSemaphoreW
ReleaseSemaphore
GetComputerNameW
DosDateTimeToFileTime
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetLastError
FreeLibrary
CreateThread
LoadLibraryW
lstrlenW
lstrcmpW

gdi32

DeleteObject
GetStockObject
CreateSolidBrush

user32

MessageBeep
MessageBoxW
GetMessagePos
UpdateWindow
FrameRect
FillRect
GetDlgItem
GetParent
IsDlgButtonChecked
WinHelpW
wsprintfW
KillTimer
SetTimer
LoadIconW
SendMessageW
PostMessageW
IsWindow
LoadStringW
SetWindowPos
SystemParametersInfoW
GetWindowRect
SetRect
GetSystemMetrics
DialogBoxParamW
EndDialog
GetDesktopWindow
GetSubMenu
LoadMenuW
GetClientRect
ClientToScreen
ScreenToClient
InvalidateRect
EnableWindow

regapi

RegOpenServerW
RegPdQueryW
RegCloseServer
RegWdEnumerateW
RegWdQueryW

winsta

WinStationTerminateProcess
WinStationEnumerateW
WinStationFreeGAPMemory
WinStationGetAllProcesses
WinStationEnumerateProcesses
WinStationOpenServerW
WinStationCloseServer
WinStationGetLanAdapterNameW
WinStationFreeMemory
WinStationShadow
WinStationWaitSystemEvent
WinStationConnectW
WinStationSendMessageW
WinStationDisconnect
WinStationReset
WinStationQueryInformationW

netapi32

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory
NetServerEnum
DsGetDcNameW
NetApiBufferFree
NetEnumerateTrustedDomains

utildll

TestUserForAdmin
QueryCurrentWinStation
GetUnknownString
StandardErrorMessage
ElapsedTimeString
CalculateDiffTime
GetUserFromSid
DateTimeString
StrConnectState
CurrentDateTimeString
RegGetNetworkDeviceName

ws2_32

inet_addr
gethostbyaddr
WSACleanup
WSAStartup

Sections

.text
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7f65aca43f79cb889b52fd550203c2b7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc42u

msvcrt

advapi32

kernel32

gdi32

user32

regapi

winsta

netapi32

utildll

ws2_32

Sections

.text Size: 179KB - Virtual size: 179KB

.data Size: 7KB - Virtual size: 8KB

.rsrc Size: 90KB - Virtual size: 90KB

.text
Size: 179KB - Virtual size: 179KB

.data
Size: 7KB - Virtual size: 8KB

.rsrc
Size: 90KB - Virtual size: 90KB