149275bc4d93a866995eca99f82d1b92_JaffaCakes118

General

Target

149275bc4d93a866995eca99f82d1b92_JaffaCakes118
Size

825KB
MD5

149275bc4d93a866995eca99f82d1b92
SHA1

7eb2c77fdccc1699a9fb60138a6ed92638c74c1d
SHA256

ae6314644de2210ff3c576b7bd7000de576d00d99eedc0183717d397148acd1a
SHA512

acb7cb99a99580ae03f329736eccbf828b6c08470ad3bdf72dc6b4ffaa3fd3caccfc8a9e7abcc28ddf99c1e37f09f7b75adc079b6554fd04344fe57e91f8ba22
SSDEEP

24576:zHCMmHcUWSo8WAn12aobkpeS8r2pilCC:jCMmsWEaoQpX8r2p5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
149275bc4d93a866995eca99f82d1b92_JaffaCakes118

Files

149275bc4d93a866995eca99f82d1b92_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9ce99de52cc7d7c6a876ec2691a63869

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessWorkingSetSize
LockFile
LoadLibraryA
LocalLock
GetStartupInfoA
MoveFileExW
AddAtomA
SetClientTimeZoneInformation
GetProfileStringW
ReleaseSemaphore
HeapFree
IsDebuggerPresent
IsValidCodePage
CreateMailslotW
SetLocalPrimaryComputerNameW
GetSystemTime
FormatMessageA
CreateEventW
SetThreadPriorityBoost
EnumResourceNamesA
GetSystemWow64DirectoryA
SetConsoleKeyShortcuts
SetConsoleScreenBufferSize
FindClose
FillConsoleOutputAttribute
LocalAlloc
CreateActCtxW
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetGeoInfoW
SetProcessPriorityBoost
FreeEnvironmentStringsW
SetComPlusPackageInstallStatus

ntdsapi

DsBindW
DsQuoteRdnValueW
DsUnBindA
DsCrackSpn2A

ntlanman

NPGetResourceParent
I_SystemFocusDialog
NPFormatNetworkName
DllMain
NPAddConnection3
NPGetResourceInformation
NPCloseEnum
NPGetConnection3
NPGetConnectionPerformance
NPAddConnection
NPGetCaps
NPGetReconnectFlags
NPGetConnection
NPOpenEnum
NPCancelConnection
NPGetUniversalName

Sections

.text
Size: 408KB - Virtual size: 407KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 165KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ce99de52cc7d7c6a876ec2691a63869

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdsapi

ntlanman

Sections

.text Size: 408KB - Virtual size: 407KB

.rdata Size: 128KB - Virtual size: 127KB

.data Size: 165KB - Virtual size: 1.6MB

.rsrc Size: 121KB - Virtual size: 121KB

.reloc Size: 1024B - Virtual size: 932B

.text
Size: 408KB - Virtual size: 407KB

.rdata
Size: 128KB - Virtual size: 127KB

.data
Size: 165KB - Virtual size: 1.6MB

.rsrc
Size: 121KB - Virtual size: 121KB

.reloc
Size: 1024B - Virtual size: 932B