033cfd4a5fc1ec8a2334f0d6454edc13_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

033cfd4a5fc1ec8a2334f0d6454edc13_JaffaCakes118
Size

840KB
MD5

033cfd4a5fc1ec8a2334f0d6454edc13
SHA1

72b7984a99cdbaa3abd7fe9921b5084ff1208c38
SHA256

e6974004ee5309bbd65f215271d54fc5f815f3ee5c1e61aa5e18e58dc1662f29
SHA512

21f104bd01a3af9edd5629f2d3cb5a8f11164c38422102fc7ee4aaa20a0c44d380a634608d7d7ebbb1a0a29f088d5485f4b26cbc9814711bcdbf56e46ab10f3f
SSDEEP

24576:6pqmTCVAx6CZJsUH5HRZ2JCl797sbQLvpLbwp:6p/6MsUHjZ28libovFb4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
033cfd4a5fc1ec8a2334f0d6454edc13_JaffaCakes118

Files

033cfd4a5fc1ec8a2334f0d6454edc13_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5067a8f8148457caf2016232fcaaf5cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateTimerQueueTimer
GetBinaryTypeW
EnumDateFormatsA
ExpandEnvironmentStringsW
GetLogicalDriveStringsW
CreateFileMappingA
FillConsoleOutputCharacterW
IsBadStringPtrA
LoadLibraryA
WritePrivateProfileStringA
WriteConsoleW
SetConsoleInputExeNameW
IsDBCSLeadByte
GetNumaNodeProcessorMask
GetConsoleHardwareState
SetThreadContext
GetLocaleInfoW
IsValidLocale
GetACP
ConnectNamedPipe
FatalAppExitW
Toolhelp32ReadProcessMemory
SystemTimeToTzSpecificLocalTime
OpenMutexA
GlobalAlloc
EnumSystemCodePagesA
EnumCalendarInfoA
PulseEvent
HeapSetInformation
GetConsoleAliasA
GetSystemTimeAsFileTime
WaitCommEvent

mprapi

MprInfoBlockRemove
MprConfigInterfaceTransportGetInfo
MprAdminGetPDCServer
MprAdminMIBEntryGet
MprAdminSendUserMessage
MprAdminServerGetCredentials
MprAdminServerSetCredentials
MprAdminInterfaceDisconnect
MprConfigInterfaceDelete
MprAdminInterfaceQueryUpdateResult
MprDomainRegisterRasServer
MprGetUsrParams
MprConfigServerInstall
MprAdminConnectionClearStats
MprInfoDelete
MprConfigServerDisconnect
MprConfigServerBackup
CompressPhoneNumber

adsldpc

ADsEncodeBinaryData
ADsGetPreviousRow
ReadPagingSupportedAttr
Component
ADsDecodeBinaryData
LdapRenameExtS
ADSISetSearchPreference
SchemaOpen
ADsGetColumn

rtm

RtmRegisterForChangeNotification
RtmGetChangeStatus
RtmReleaseEntityInfo
MgmDeleteGroupMembershipEntry
MgmInitialize

Sections

.text
Size: 391KB - Virtual size: 390KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 196KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5067a8f8148457caf2016232fcaaf5cd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

mprapi

adsldpc

rtm

Sections

.text Size: 391KB - Virtual size: 390KB

.rdata Size: 104KB - Virtual size: 104KB

.data Size: 196KB - Virtual size: 1.6MB

.rsrc Size: 146KB - Virtual size: 145KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 391KB - Virtual size: 390KB

.rdata
Size: 104KB - Virtual size: 104KB

.data
Size: 196KB - Virtual size: 1.6MB

.rsrc
Size: 146KB - Virtual size: 145KB

.reloc
Size: 1024B - Virtual size: 1024B