0bc4afd43a6bd098a61cc5592b522e91_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0bc4afd43a6bd098a61cc5592b522e91_JaffaCakes118
Size

73KB
MD5

0bc4afd43a6bd098a61cc5592b522e91
SHA1

e237e4f5205156e48a0a3f2087ac47f9764df1df
SHA256

fa14d94c59b5f41e1a3993968af42cd00cf85e694670daaf7d225892bff1168c
SHA512

0b957e356a3dba6218fe12df765b081b08ab8f65c7db8032b091f02ac81bf9b63c9aac27727e1e10a1e301cbeb49386da81b6b3a938dd9cac540d2d7437e1339
SSDEEP

1536:21mYra2BR+TJxMrHVWY/NxkyL5qI7gOtpKIc2za3+ICAwhMzNnfpbW:QWXKXkyLNLKIcya3+ICmnW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0bc4afd43a6bd098a61cc5592b522e91_JaffaCakes118

Files

0bc4afd43a6bd098a61cc5592b522e91_JaffaCakes118
.exe windows:5 windows x86 arch:x86

54e5912f478371a185bbc02dbffd35ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rasman

RasGetKey
RasInitialize
RasDoIke
RasAddNotification
RasRefConnection
RasRpcGetCountryInfo
RasSecurityDialogGetInfo
RasGetNumPortOpen
RasLinkGetStatistics
RasGetInfo
RasBundleGetStatistics
RasCreateConnection
RasRpcGetSystemDirectory
RasRpcPortGetInfo
RasSetConnectionUserData
RasGetCalledIdInfo
RasFindPrerequisiteEntry
RasRpcSetUserPreferences
RasRpcRemoteGetSystemDirectory
RasPortGetStatisticsEx
RasPortCancelReceive
RasGetPortUserData
RasRegisterRedialCallback
RasDeAllocateRoute
RasPortBundle
RasGetUnicodeDeviceName
RasRpcEnumConnections
RasPortStoreUserData
RasBundleGetPort

adsldpc

LdapIsClassNameValidOnServer
LdapModifyS
ADSIAbandonSearch
LdapcKeepHandleAround
ADsGetFirstRow
?GetNextToken@CLexer@@QAEJPAGPAK@Z
MapLDAPTypeToADSType
Component
UnMarshallLDAPToLDAPSynID
LdapTypeToAdsTypeDNWithString
SortAndRemoveDuplicateOIDs
ADsExecuteSearch
ADsGetColumn
LdapGetNextPageS
FreeObjectInfo
LdapParseResult
SchemaGetPropertyInfoByIndex
ADsDeleteClassDefinition
LdapValueFreeLen
ADSIModifyRdn
GetSyntaxOfAttribute
AdsTypeToLdapTypeCopyDNWithBinary
ReallocADsMem
ADsHelperGetCurrentRowMessage
IsGCNamespace
SchemaGetSyntaxOfAttribute
LdapReadAttribute2
LdapTypeFreeLdapObjects
SchemaGetStringsFromStringTable
LdapModifyExtS

kernel32

OpenThread
GetTempPathA
GetStartupInfoW
GetLastError
FillConsoleOutputCharacterA
MulDiv
GetCommModemStatus
RegisterWaitForInputIdle
FileTimeToDosDateTime
ProcessIdToSessionId
Process32NextW
EnumDateFormatsExW
RegisterConsoleIME
GetPrivateProfileStructA
ReleaseSemaphore
GetNamedPipeHandleStateW
_hwrite
DeleteTimerQueueTimer
ReadConsoleOutputAttribute
OpenWaitableTimerW
InitializeCriticalSectionAndSpinCount
EndUpdateResourceW
Process32Next
LocalUnlock
InitAtomTable
GlobalFindAtomA
BaseDumpAppcompatCache
FreeLibrary
GetCurrencyFormatA
GetNumaNodeProcessorMask
lstrcmpW
SetLocaleInfoW
GetVersionExW
WriteProfileStringW
QueryPerformanceCounter
TerminateThread
RemoveLocalAlternateComputerNameA
WriteTapemark
GetModuleHandleW
RegisterConsoleVDM
GetNextVDMCommand
GetExpandedNameA
GetStringTypeA
WriteProfileSectionA
SetConsoleDisplayMode
LoadLibraryA
SetComputerNameW
Module32NextW
SetPriorityClass
GlobalFindAtomW
FreeConsole
ExpandEnvironmentStringsW
SystemTimeToFileTime
FindFirstChangeNotificationW
GetBinaryTypeW
SetVolumeLabelW
OutputDebugStringA
lstrcpy
CreateWaitableTimerW
SetCalendarInfoW
ReadConsoleInputW
GetUserDefaultLangID
SetConsoleMaximumWindowSize
SetVolumeMountPointW
SetConsoleNlsMode
GlobalAddAtomW
LoadLibraryExA
SetInformationJobObject
GetLogicalDriveStringsW
VirtualUnlock
lstrcpynA
VirtualAlloc
UpdateResourceA
BaseFlushAppcompatCache
GetStdHandle
GetCommConfig
VDMOperationStarted
DeactivateActCtx
WriteConsoleInputVDMA
AddVectoredExceptionHandler
SetTimerQueueTimer
GlobalMemoryStatusEx
SetLastConsoleEventActive

ntmarta

AccProvHandleIsObjectAccessible
AccProvGetAccessInfoPerObjectType
AccRewriteGetNamedRights
EventNameFree
AccRewriteGetExplicitEntriesFromAcl
AccProvHandleGrantAccessRights
AccProvHandleRevokeAccessRights
AccProvSetAccessRights
AccGetInheritanceSource
AccLookupAccountName
AccProvGrantAccessRights
AccProvIsObjectAccessible
AccRewriteGetHandleRights
AccLookupAccountTrustee
AccConvertAccessToSecurityDescriptor
AccProvGetOperationResults
AccProvIsAccessAudited
AccProvCancelOperation
AccRewriteSetHandleRights
AccProvHandleGetAllRights
AccProvHandleIsAccessAudited
AccConvertSDToAccess
AccProvRevokeAuditRights
AccProvGetAllRights
AccLookupAccountSid
EventGuidToName
AccProvHandleSetAccessRights
AccProvHandleGetTrusteesAccess
AccProvGetCapabilities
AccTreeResetNamedSecurityInfo
AccGetAccessForTrustee

ntdll

RtlQueryProcessHeapInformation
RtlLookupElementGenericTable
RtlIsGenericTableEmpty
RtlSizeHeap
ZwSetEaFile
RtlFreeThreadActivationContextStack
RtlValidRelativeSecurityDescriptor
wcsncat
NtWaitForKeyedEvent
ZwDeleteValueKey
NtUnmapViewOfSection
NtQueryBootOptions
NtFlushInstructionCache
DbgPrintEx
NtOpenThreadToken
RtlInterlockedFlushSList
RtlAddAce
RtlLargeIntegerDivide
ZwEnumerateBootEntries
NtDeviceIoControlFile
ZwRequestPort
ZwQueryInformationThread
_ultoa
ZwSetLdtEntries
RtlDosPathNameToNtPathName_U
LdrFindResourceDirectory_U
NtSuspendThread
RtlIpv4AddressToStringA
RtlQueryInformationActivationContext
ZwQueryInformationJobObject
RtlWalkFrameChain
RtlLocalTimeToSystemTime
RtlDeleteElementGenericTable
RtlSelfRelativeToAbsoluteSD2
RtlFreeHandle
ZwContinue
RtlTraceDatabaseValidate
RtlCaptureContext
RtlIsNameLegalDOS8Dot3

dmloader

DllGetClassObject

Sections

.text
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

54e5912f478371a185bbc02dbffd35ef

Headers

DLL Characteristics

File Characteristics

Imports

rasman

adsldpc

kernel32

ntmarta

ntdll

dmloader

Sections

.text Size: 53KB - Virtual size: 53KB

.rdata Size: 39KB - Virtual size: 39KB

.data Size: 56KB - Virtual size: 170KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 53KB - Virtual size: 53KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 56KB - Virtual size: 170KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B