2af54a284076d5d9b8fd3c3528261291_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2af54a284076d5d9b8fd3c3528261291_JaffaCakes118
Size

35KB
MD5

2af54a284076d5d9b8fd3c3528261291
SHA1

3df39b12a68a30c33003812b517b918e3307cb18
SHA256

bb02a72e097cea494cf1652b43770100edf19ad04c839fee0eaebc1b8e6e8cc8
SHA512

1d282329b261041e6ac49b296e256e8838073ead60a0b027014d9674698f5e6f2df068b00eb61d3f9541627d9ea4c1093cbb0383f99f7dbf0e94080782827be9
SSDEEP

768:L5M6yt+0rnjBLKn62YHwl2MAU7QO2fiYxjvcC7:ys0NZIl/b1YJ7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2af54a284076d5d9b8fd3c3528261291_JaffaCakes118

Files

2af54a284076d5d9b8fd3c3528261291_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4a9d6acb9228fccbc59e15dbfd870f45

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wldap32

ldap_create_sort_controlA
ldap_openA
ldap_extended_operationW
ldap_connect
ldap_encode_sort_controlW
ldap_perror
ldap_controls_free
ldap_compare_extA
ldap_get_values_len
ldap_result
ldap_delete_ext_sA
ber_bvdup
ldap_count_values_len
ldap_compare_sA
ldap_set_dbg_routine
ldap_ufn2dn
ldap_sasl_bind_sA
ldap_parse_result
ldap_modify_ext_s

user32

CliImmSetHotKey
EnumPropsExA
EnumDisplaySettingsA
SendMessageTimeoutA
LockWorkStation
ChangeClipboardChain
IsClipboardFormatAvailable
GetPropW
GetTopWindow
LoadCursorA
GetUserObjectInformationW
CheckDlgButton
EnumWindowStationsA
LoadCursorW
GetPropA

kernel32

FindFirstVolumeA
LoadLibraryA
GetStartupInfoA
WritePrivateProfileStructW
GetSystemTimeAsFileTime
GetProcessShutdownParameters
GetNumaProcessorNode
GetBinaryTypeA
EnumDateFormatsW
IsValidLocale
GetProcessWorkingSetSize
OpenProfileUserMapping
GetTapePosition
HeapWalk
GetSystemWow64DirectoryA
ContinueDebugEvent
SetLocalPrimaryComputerNameW
ConnectNamedPipe
SetCriticalSectionSpinCount
InterlockedFlushSList
GetConsoleAliasExesA
GetConsoleFontSize
LocalAlloc
VirtualAlloc
EnumResourceTypesA
FlushViewOfFile
GetSystemWindowsDirectoryW

ntdll

RtlTraceDatabaseLock
towlower
RtlCompactHeap
NtMapViewOfSection
RtlImageNtHeader
RtlDefaultNpAcl
NtOpenThreadToken
NtSetInformationThread
ZwSetInformationJobObject
RtlIpv4AddressToStringA
RtlMultiByteToUnicodeN
RtlAbsoluteToSelfRelativeSD
NtPulseEvent
RtlInitCodePageTable
RtlIsGenericTableEmpty
NtCancelIoFile
RtlGetNtProductType

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a9d6acb9228fccbc59e15dbfd870f45

Headers

DLL Characteristics

File Characteristics

Imports

wldap32

user32

kernel32

ntdll

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB