10819f15594efb3b40b227035d0399e2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

10819f15594efb3b40b227035d0399e2_JaffaCakes118
Size

592KB
MD5

10819f15594efb3b40b227035d0399e2
SHA1

4a22c8111e56945c37ef29fd7a23f8fb2b6bb88f
SHA256

b84b4030082be74f3dff286d41890f36c3f7643f326a1bf2b9f2d0d563ee815d
SHA512

97be969f12890f60ce5e7dda63dd8762055dc1ffa0067244f1dea7eca915c0a6d35cfc359ea22fcfbd8b2e433e2a60980702d5d1feb66433db8ef0e5a6383c35
SSDEEP

12288:ZbdY+IVyyIMnULGyOUwI80kgI2V15nuCMMnMMMMMGqoQYz7qn0:ZbdYJpLnULGG80jvBMMnMMMMM0an0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10819f15594efb3b40b227035d0399e2_JaffaCakes118

Files

10819f15594efb3b40b227035d0399e2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f5dd5e0d3c93886c8ff49dfe3761802f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

OpenProcessToken
RegOpenKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyW
RegEnumValueA
InitializeSecurityDescriptor
RegQueryValueExW
LookupPrivilegeValueA
RegQueryInfoKeyA
RegEnumKeyW
RegOpenKeyExA
RegSetValueExA
RegSetValueExW
RegCloseKey
RegQueryValueExA
RegisterEventSourceA
ReportEventA
RegCreateKeyA
RegEnumKeyA
RegQueryValueA
AdjustTokenPrivileges
RegSetValueA
RegDeleteValueA
RegEnumValueW
RegDeleteKeyA
DeregisterEventSource
RegOpenKeyA
SetSecurityDescriptorDacl

ddraw

DirectDrawEnumerateA

kernel32

FindClose
GetTimeZoneInformation
LCMapStringW
GetCurrentProcess
SetFileTime
FreeResource
GetStringTypeW
HeapCreate
SizeofResource
Sleep
lstrcmpiW
SetEvent
SetCurrentDirectoryA
CreateDirectoryA
ResetEvent
SetStdHandle
GlobalSize
LCMapStringA
GetCommandLineA
FindResourceA
GetLocalTime
GetStringTypeExA
InitializeCriticalSection
lstrcatA
FormatMessageA
_lwrite
FindFirstFileA
lstrlenA
_lread
GetProfileStringA
GlobalHandle
TlsFree
GetVolumeInformationA
TlsSetValue
IsDBCSLeadByte
CompareStringA
TlsAlloc
FormatMessageW
CreateThread
CompareStringW
GetSystemDefaultLCID
lstrcpyA
GetModuleFileNameW
LoadResource
_lclose
lstrcmpiA
GetFullPathNameA
GetCurrentThreadId
GetLastError
GetEnvironmentStringsW
WinExec
DuplicateHandle
GlobalAddAtomA
GetOEMCP
LeaveCriticalSection
IsBadReadPtr
GetCurrentDirectoryA
SetErrorMode
IsBadCodePtr
SetFilePointer
WriteFile
SetEndOfFile
GetSystemDirectoryA
OpenProcess
HeapSize
HeapDestroy
GetProcAddress
GetStartupInfoA
VirtualQuery
GlobalUnlock
MulDiv
GetCurrentProcessId
ReleaseSemaphore
lstrcpynA
SetHandleCount
GlobalDeleteAtom
RtlUnwind
GlobalReAlloc
GetACP
HeapFree
LockFile
DeleteFileA
SearchPathA
GlobalLock
DeleteCriticalSection
FreeEnvironmentStringsA
GetVersion
CreateProcessA
SetFileAttributesA
RaiseException
RemoveDirectoryA
GetStdHandle
GetStringTypeA
GetSystemTime
LockResource
GetTempPathA
GetTickCount
CreateProcessW
SetEnvironmentVariableA
FreeEnvironmentStringsW
TlsGetValue
ResumeThread
WideCharToMultiByte
FileTimeToLocalFileTime
GetModuleHandleA
GetDriveTypeA
GetUserDefaultLCID
GetExitCodeProcess
GetUserDefaultLangID
LoadLibraryA
FlushFileBuffers
GetFileTime
CloseHandle
FreeLibrary
MoveFileA
LoadLibraryExA
UnlockFile
GetTempFileNameA
GetModuleFileNameA
ReadFile
FileTimeToSystemTime
ExitProcess
GetWindowsDirectoryA
VirtualAlloc
GetEnvironmentStrings
TerminateProcess
CreateEventA
GlobalFree
_llseek
lstrcmpA
VirtualFree
WaitForSingleObject
GetDateFormatA
CreateFileA
HeapAlloc
InterlockedDecrement
GetShortPathNameA
CreateSemaphoreA
SetLocalTime
GetLocaleInfoA
SetLastError
GetFileType
GetSystemInfo
FlushInstructionCache
GetVersionExA
VirtualProtect
SystemTimeToFileTime
InterlockedIncrement
UnhandledExceptionFilter
GetFileAttributesA
ExitThread
HeapReAlloc
FindNextFileA
EnterCriticalSection
GetSystemDefaultLangID
MultiByteToWideChar
GlobalAlloc

samlib

SamRemoveMultipleMembersFromAlias
SamConnectWithCreds

ws2_32

setsockopt

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 246KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 185KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f5dd5e0d3c93886c8ff49dfe3761802f

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ddraw

kernel32

samlib

ws2_32

Sections

.text Size: 1KB - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 4KB

.rdata Size: 246KB - Virtual size: 246KB

.data Size: 185KB - Virtual size: 1.2MB

.rsrc Size: 152KB - Virtual size: 152KB

.reloc Size: 512B - Virtual size: 56B

.text
Size: 1KB - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 4KB

.rdata
Size: 246KB - Virtual size: 246KB

.data
Size: 185KB - Virtual size: 1.2MB

.rsrc
Size: 152KB - Virtual size: 152KB

.reloc
Size: 512B - Virtual size: 56B