26b7ff20bab22584d22ff2306e8a24c5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

26b7ff20bab22584d22ff2306e8a24c5_JaffaCakes118
Size

173KB
MD5

26b7ff20bab22584d22ff2306e8a24c5
SHA1

bd6a875758ea9c35d41223f8d4501ff4613e1c2c
SHA256

b1f8423dce195926a779551b1731a7e4d476742f773481d306194346344907b1
SHA512

c01ea2eed2b457723b3fc79aad1840f16f109c0dc4be493c38f271f4a65dced433d850cfbcaf5476f2977de9306c7c6737004c3a026c3a732e39a21a3140f0f1
SSDEEP

3072:3MM5Q653R57Mr7K3/i1Yu81BwGmDeuLjNNtPFunFKNDUMMnMMMMMX7I7DeTr:3MM5Q61g7K3G81CGmDVNNtoFioMMnMMi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26b7ff20bab22584d22ff2306e8a24c5_JaffaCakes118

Files

26b7ff20bab22584d22ff2306e8a24c5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6ecbff1c317807e8180d1b2f38ee01b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

samlib

SamConnect
SamLookupNamesInDomain
SamConnectWithCreds

ws2_32

setsockopt
WSAConnect

advapi32

RegEnumValueW
RegQueryInfoKeyA
ReportEventA
RegSetValueExW
RegDeleteKeyW
RegSetValueA
RegCloseKey
RegOpenKeyA
RegEnumKeyA
InitializeSecurityDescriptor
RegisterEventSourceA
AdjustTokenPrivileges
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueW
RegEnumKeyW
RegCreateKeyW
RegQueryValueExW
RegDeleteValueA
LookupPrivilegeValueA
RegSetValueExA
DeregisterEventSource
SetSecurityDescriptorDacl
OpenProcessToken
RegEnumValueA
RegOpenKeyW
RegDeleteKeyA
RegCreateKeyA
RegQueryValueA

ddraw

DirectDrawEnumerateA

kernel32

SetEvent
GetACP
FlushInstructionCache
GetDriveTypeA
GetExitCodeProcess
GetCPInfo
GetStdHandle
FreeLibrary
IsBadCodePtr
InterlockedIncrement
MoveFileA
FindNextFileA
lstrcmpiW
FreeEnvironmentStringsA
GetSystemDirectoryA
GetFullPathNameA
GetVersion
GetWindowsDirectoryA
GetDateFormatA
TlsAlloc
GetTempFileNameA
GlobalFree
GetSystemTime
GetLocalTime
_lwrite
FreeResource
LoadResource
GetFileType
SetFileTime
InitializeCriticalSection
lstrcpynA
SetStdHandle
GlobalSize
TerminateProcess
GetSystemDefaultLangID
GetFileTime
VirtualFree
CreateDirectoryA
ExitThread
HeapCreate
FormatMessageW
GetUserDefaultLangID
TlsFree
CompareStringW
FindResourceA
GetTimeZoneInformation
WaitForSingleObject
HeapFree
LockFile
TlsSetValue
GetLocaleInfoA
lstrcpyA
GetStartupInfoA
GetStringTypeExA
GlobalAddAtomA
SizeofResource
RaiseException
GetCurrentProcessId
WinExec
UnlockFile
CreateSemaphoreA
GetStringTypeW
FindFirstFileA
LCMapStringW
IsBadReadPtr
InterlockedDecrement
Sleep
GetSystemDefaultLCID
CompareStringA
WideCharToMultiByte
VirtualQuery
GetModuleFileNameW
GetEnvironmentStrings
GetProcAddress
_lclose
SetLocalTime
SetEndOfFile
GetTickCount
GetCurrentProcess
SearchPathA
HeapAlloc
ExitProcess
GlobalDeleteAtom
GlobalAlloc
SetEnvironmentVariableA
WriteFile
GetCommandLineA
FileTimeToSystemTime
GlobalUnlock
FormatMessageA
CloseHandle
SetCurrentDirectoryA
GetVolumeInformationA
EnterCriticalSection
IsDBCSLeadByte
FreeEnvironmentStringsW
lstrcatA
GetModuleHandleA
SetFileAttributesA
GetFileAttributesA
DeleteCriticalSection
ReadFile
GetEnvironmentStringsW
ReleaseSemaphore
GetProfileStringA
_llseek
GetCurrentDirectoryA
FileTimeToLocalFileTime
CreateThread
OpenProcess
MultiByteToWideChar
HeapReAlloc
CreateProcessW
lstrcmpA
GlobalReAlloc
UnhandledExceptionFilter
FlushFileBuffers
SystemTimeToFileTime
FindClose
DeleteFileA
LoadLibraryExA
LeaveCriticalSection
GetTempPathA
GetSystemInfo
lstrlenA
ResumeThread
LoadLibraryA
SetFilePointer
LCMapStringA
GetModuleFileNameA
CreateProcessA
GetVersionExA
SetHandleCount
HeapSize
SetErrorMode
MulDiv
GetOEMCP
CreateFileA
GetStringTypeA
TlsGetValue
lstrcmpiA
GetLastError
GetCurrentThreadId
ResetEvent
RemoveDirectoryA
GlobalLock
DuplicateHandle
HeapDestroy
LockResource
GetUserDefaultLCID
RtlUnwind
GlobalHandle
_lread
CreateEventA
VirtualAlloc
VirtualProtect
SetLastError

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 136KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ecbff1c317807e8180d1b2f38ee01b2

Headers

DLL Characteristics

File Characteristics

Imports

samlib

ws2_32

advapi32

ddraw

kernel32

Sections

.text Size: 1KB - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 5KB

.data Size: 136KB - Virtual size: 360KB

.rsrc Size: 26KB - Virtual size: 26KB

.rdata Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 64B

.text
Size: 1KB - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 5KB

.data
Size: 136KB - Virtual size: 360KB

.rsrc
Size: 26KB - Virtual size: 26KB

.rdata
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 64B