0660193b88814f300036536d1629464f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0660193b88814f300036536d1629464f_JaffaCakes118
Size

43KB
MD5

0660193b88814f300036536d1629464f
SHA1

9863bca42272bb63d8d8cb2f2c3cfc445ab085d4
SHA256

e96cc1f27a33ec291476b1b0850352ea9c7dd42677865ef7d0d5d8b937f89b40
SHA512

adc19f3e8861e2d28c9aee1c0d9cdd9268925a8442e6e387d747b0fd258bfafdd8650d722c9fb5bb404da0f35a6624c53ea369b51bbf55565062697a677341fc
SSDEEP

768:TManite22/E7X5gzoy/qna3BImTia+Vx2RL9kFiVKfW4IW4LAUYZfY7eh:TM8itel0JXy/qnaRxkVx2x9kFiMu4IVW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0660193b88814f300036536d1629464f_JaffaCakes118

Files

0660193b88814f300036536d1629464f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e51021a62430f82c992dbcd5a8e763be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdsapi

DsInheritSecurityIdentityW
DsListServersInSiteA
DsReplicaGetInfoW
DsReplicaUpdateRefsW
DsListDomainsInSiteW
DsUnBindW
DsQuoteRdnValueW
DsIsMangledDnW
DsBindWithCredA
DsRemoveDsDomainW
DsListRolesW
DsListServersForDomainInSiteW
DsReplicaSyncA
DsIsMangledDnA
DsCrackNamesW
DsUnBindA
DsaopPrepareScript
DsReplicaVerifyObjectsA
DsFreePasswordCredentials
DsListServersInSiteW
DsMakeSpnA
DsLogEntry
DsReplicaAddA
DsCrackSpn3W
DsGetDomainControllerInfoW
DsAddSidHistoryA

wintrust

CryptCATEnumerateAttr
TrustFreeDecode
CryptCATAdminEnumCatalogFromHash
WTHelperOpenKnownStores
MsCatConstructHashTag
OfficeCleanupPolicy
SoftpubCleanup
WTHelperGetKnownUsages
WintrustLoadFunctionPointers
SoftpubDumpStructure
mscat32DllRegisterServer
WVTAsn1SpcPeImageDataEncode
TrustIsCertificateSelfSigned
WVTAsn1SpcSigInfoDecode
SoftpubCheckCert
mssip32DllRegisterServer
CryptCATCDFEnumMembersByCDFTag
CryptCATOpen
CryptCATCDFOpen
WVTAsn1SpcSpOpusInfoEncode
SoftpubDefCertInit
WVTAsn1CatMemberInfoDecode
SoftpubInitialize
CryptSIPGetInfo
WinVerifyTrust
WVTAsn1SpcFinancialCriteriaInfoDecode
WintrustAddActionID
WTHelperGetProvPrivateDataFromChain
TrustFindIssuerCertificate

kernel32

GetPrivateProfileStringW
IsValidLocale
SetTimeZoneInformation
GetConsoleWindow
BeginUpdateResourceW
GetSystemDefaultLangID
IsValidCodePage
GetEnvironmentStringsW
Heap32ListNext
LoadLibraryA
GetModuleHandleA
FindFirstFileExA
InitAtomTable
GetTimeFormatA
EnumLanguageGroupLocalesA
FindFirstVolumeMountPointW
GetVolumePathNamesForVolumeNameA
GetConsoleOutputCP
SetLocaleInfoW
GetVDMCurrentDirectories
ReleaseMutex
CreateSemaphoreA
SetComputerNameW
GetLongPathNameA
EnumTimeFormatsA
GlobalFindAtomW
DosDateTimeToFileTime
GetConsoleTitleA
CreateNamedPipeA
GetModuleHandleExA
_lclose
OpenConsoleW
RtlZeroMemory
SetConsoleMode
DeleteFiber
FindFirstFileA
DeleteVolumeMountPointA
EnumUILanguagesA
CreateJobObjectW
LZDone
WaitForSingleObject
OpenEventW
AddVectoredExceptionHandler
FillConsoleOutputAttribute
LockFileEx
GlobalLock
VirtualAlloc
HeapCreate

query

?SkipDouble@CMemDeSerStream@@UAEXXZ
?AddRef@CEnumWorkid@@UAGKXZ
?FastInit@CPropStoreManager@@QAEXPAVCiStorage@@@Z
?Flush@CPropStoreManager@@QAEXXZ
?StopFiltering@CFilterDaemon@@QAEXXZ
?StrLen@CKey@@QBEIXZ
?Close@CPropSetMap@COLEPropManager@@QAEXXZ
?IsValid@CAllocStorageVariant@@QBEHXZ
?Next@CCombinedPropertyList@@UAEPBVCPropEntry@@XZ
?SetPhrase@CContentRestriction@@QAEXPBG@Z
?Release@CFwPropertyMapper@@UAGKXZ
?OpenRecord@CPropStoreManager@@QAEPAVCCompositePropRecord@@KPAE@Z
?GetSortProp@CCatState@@QBEXIPAPBGPAW4SORTDIR@@@Z
??1?$XPtr@VCDbColumnNode@@@@QAE@XZ
?Find@CCombinedPropertyList@@UAEPBVCPropEntry@@PBG@Z
??0CPropertyRestriction@@QAE@KABVCFullPropSpec@@ABVCStorageVariant@@@Z
?Lookup@CPropStoreInfo@@AAEIK@Z
??1CRestriction@@QAE@XZ
??0CWorkQueue@@QAE@IW4WorkQueueType@0@@Z
?GetAllEntries@CPropertyList@@UAEJPAPAVCPropEntry@@K@Z
?RemoveCatalogFiles@CMachineAdmin@@QAEXPBG@Z

msvcp60

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?min@?$numeric_limits@H@std@@SAHXZ
?epsilon@?$numeric_limits@G@std@@SAGXZ
_LExp
?_Isinf@?$_Ctr@N@std@@SA_NN@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??_7?$messages@D@std@@6B@
??Dstd@@YA?AV?$complex@N@0@ABV10@0@Z
?osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
??4?$complex@O@std@@QAEAAV01@ABO@Z
?do_grouping@?$_Mpunct@D@std@@MBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_8?$basic_fstream@DU?$char_traits@D@std@@@std@@7B?$basic_ostream@DU?$char_traits@D@std@@@1@@
?copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPADII@Z
??0locale@std@@QAE@ABV01@0H@Z
??4?$char_traits@G@std@@QAEAAU01@ABU01@@Z
?close@?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAEXXZ
??_7facet@locale@std@@6B@
??_F?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ
??0?$messages@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$messages@D@std@@QAE@I@Z
_LXbig

crtdll

_creat
_ismbcl0
wcscspn
_osversion_dll
_lsearch
_except_handler2
_loaddll
strstr
_popen
_finite
_exit
sscanf
_mbscspn
wcstol
_open_osfhandle
_makepath
_flsbuf
_strinc
_tell
swscanf

Sections

.text
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e51021a62430f82c992dbcd5a8e763be

Headers

DLL Characteristics

File Characteristics

Imports

ntdsapi

wintrust

kernel32

query

msvcp60

crtdll

Sections

.text Size: 1024B - Virtual size: 590B

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 16KB - Virtual size: 61KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 512B - Virtual size: 68B

.text
Size: 1024B - Virtual size: 590B

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 16KB - Virtual size: 61KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 512B - Virtual size: 68B