2a646074ec5f49efd52b5bcfd9caa70b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2a646074ec5f49efd52b5bcfd9caa70b_JaffaCakes118
Size

106KB
MD5

2a646074ec5f49efd52b5bcfd9caa70b
SHA1

c2e99955a3db11fc055264599e92b6b3b0a7b9cd
SHA256

a345948907a2a6063472183946858fda64159eedd82282bac724dadcc3922790
SHA512

32478b916be5d6b17d6804409741e1da83202c547565c5300cba46cdd50fa021f37bdaa8a9765a7bd6d4e88cc670cc7d385f3d262667c74cf75a81b9bc6ed80d
SSDEEP

1536:iSGXUSgpAlukxX10OM/ZlM2v6RQDnHdz0Ok/Amd2bhqJ/3Q7GrA8xK:ixXc85h10xxlM2iWz1kdOY/3R1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a646074ec5f49efd52b5bcfd9caa70b_JaffaCakes118

Files

2a646074ec5f49efd52b5bcfd9caa70b_JaffaCakes118
.dll windows:5 windows x86 arch:x86

9ee837afbc2ab17a2ef32d314ed61568

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

samlib.pdb

Imports

msvcrt

wcscat
_except_handler3
wcspbrk
wcsncpy
memmove
free
_initterm
_adjust_fdiv
wcslen
_wcsnicmp
malloc
wcsncmp
wcscpy

ntdll

RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlCopySid
RtlLengthSid
RtlSubAuthoritySid
RtlLengthRequiredSid
RtlSubAuthorityCountSid
RtlValidSid
RtlMakeSelfRelativeSD
RtlUpcaseUnicodeStringToOemString

advapi32

RegQueryValueExW
RegOpenKeyExA
RegQueryInfoKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExW
RegDeleteKeyA
RegCloseKey
SystemFunction036
LsaOpenPolicy
LsaQueryInformationPolicy
LsaClose
LsaFreeMemory
SystemFunction012
SystemFunction014
SystemFunction006
SystemFunction007
SystemFunction026
SystemFunction022
SystemFunction020
SystemFunction028
MD5Init
MD5Update
MD5Final

rpcrt4

RpcSsDestroyClientContext
RpcBindingSetOption
I_RpcMapWin32Status
RpcBindingSetAuthInfoW
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcEpResolveBinding
RpcBindingSetAuthInfoExW
I_RpcExceptionFilter
RpcBindingFree
RpcStringFreeW
NdrClientCall2

kernel32

GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
LocalFree
GetComputerNameExW
LocalAlloc
DelayLoadFailureHook
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
LoadLibraryA
InterlockedCompareExchange
FreeLibrary
TerminateProcess
GetProcAddress
TlsAlloc
DisableThreadLibraryCalls
TlsFree
TlsGetValue
GetStringTypeW
GetComputerNameW
IsBadWritePtr
GetLastError
TlsSetValue
lstrlenA

Exports

Exports

SamAddMemberToAlias
SamAddMemberToGroup
SamAddMultipleMembersToAlias
SamChangePasswordUser
SamChangePasswordUser2
SamChangePasswordUser3
SamCloseHandle
SamConnect
SamConnectWithCreds
SamCreateAliasInDomain
SamCreateGroupInDomain
SamCreateUser2InDomain
SamCreateUserInDomain
SamDeleteAlias
SamDeleteGroup
SamDeleteUser
SamEnumerateAliasesInDomain
SamEnumerateDomainsInSamServer
SamEnumerateGroupsInDomain
SamEnumerateUsersInDomain
SamFreeMemory
SamGetAliasMembership
SamGetCompatibilityMode
SamGetDisplayEnumerationIndex
SamGetGroupsForUser
SamGetMembersInAlias
SamGetMembersInGroup
SamLookupDomainInSamServer
SamLookupIdsInDomain
SamLookupNamesInDomain
SamOpenAlias
SamOpenDomain
SamOpenGroup
SamOpenUser
SamQueryDisplayInformation
SamQueryInformationAlias
SamQueryInformationDomain
SamQueryInformationGroup
SamQueryInformationUser
SamQuerySecurityObject
SamRemoveMemberFromAlias
SamRemoveMemberFromForeignDomain
SamRemoveMemberFromGroup
SamRemoveMultipleMembersFromAlias
SamRidToSid
SamSetInformationAlias
SamSetInformationDomain
SamSetInformationGroup
SamSetInformationUser
SamSetMemberAttributesOfGroup
SamSetSecurityObject
SamShutdownSamServer
SamTestPrivateFunctionsDomain
SamTestPrivateFunctionsUser
SamValidatePassword
SamiChangeKeys
SamiChangePasswordUser
SamiChangePasswordUser2
SamiEncryptPasswords
SamiGetBootKeyInformation
SamiLmChangePasswordUser
SamiOemChangePasswordUser2
SamiSetBootKeyInformation
SamiSetDSRMPassword
SamiSetDSRMPasswordOWF

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ee837afbc2ab17a2ef32d314ed61568

Headers

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

advapi32

rpcrt4

kernel32

Exports

Exports

Sections

.text Size: 42KB - Virtual size: 41KB

.data Size: 60KB - Virtual size: 60KB

.rsrc Size: 1024B - Virtual size: 1000B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 42KB - Virtual size: 41KB

.data
Size: 60KB - Virtual size: 60KB

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 1KB - Virtual size: 1KB