2cdda7f4c29226a10ddda38571965e2d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2cdda7f4c29226a10ddda38571965e2d_JaffaCakes118
Size

378KB
MD5

2cdda7f4c29226a10ddda38571965e2d
SHA1

577cb68414138968c567f7d5eb6ab827a678a145
SHA256

bc2eb972af819862e9c4cdb7ec343072ab1c52cf101648af02a2fa845496bea9
SHA512

c51118a8bc8e83a8e38d6f979db7bf84046bf6f7b554c9a0c9fdb1d8932f11bae23d4f33c5843887134b073481c91c28708fd06365b7abcf82515fade3cea862
SSDEEP

6144:ZOGOeVNaSHbpRII+rg5BpPrumVjzgThinjSuxOBQl9kVMDMMnMMMMMaHJ+:ZOJeVNaS7pRIvrgFnjuhWjaBQl9OIMMg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2cdda7f4c29226a10ddda38571965e2d_JaffaCakes118

Files

2cdda7f4c29226a10ddda38571965e2d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

281278bb2fef9dbf67acc12ee7a71f39

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcStringFreeW

ole32

CoCreateInstance
IIDFromString
StringFromCLSID
CLSIDFromString
CreatePointerMoniker
CoTaskMemFree
StringFromGUID2

ntdll

RtlSecondsSince1970ToTime
RtlAddAccessAllowedAceEx
NtAllocateVirtualMemory
RtlRunDecodeUnicodeString
RtlAdjustPrivilege

mpr

WNetAddConnection2W
WNetCancelConnection2W

kernel32

LocalAlloc
LocalFileTimeToFileTime
TerminateProcess
GetSystemTimeAsFileTime
GetACP
SystemTimeToTzSpecificLocalTime
DosDateTimeToFileTime
InterlockedDecrement
WaitForSingleObject
SetUnhandledExceptionFilter
GetModuleHandleW
FileTimeToDosDateTime
UnhandledExceptionFilter
FormatMessageW
LocalFree
InterlockedIncrement
GetCurrentThreadId
GetCurrentProcessId
GetSystemTime
FileTimeToLocalFileTime
GetLastError
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
FileTimeToSystemTime
SetLastError
lstrlenW
GetCurrentProcess
ReleaseSemaphore
InitializeCriticalSection
FreeLibrary
CloseHandle
SystemTimeToFileTime
DeleteCriticalSection
LoadLibraryW
GetTickCount
CompareStringW
DisableThreadLibraryCalls
GetStartupInfoA
CreateSemaphoreW

user32

LoadStringW
wsprintfW

netapi32

NetServerGetInfo
NetLocalGroupAdd
NetLocalGroupGetMembers
NetLocalGroupSetInfo
NetGetDCName
NetGroupGetUsers
NetGroupDelUser
NetUseGetInfo
NetSessionDel
NetGroupAdd
NetGroupDel
NetGetAnyDCName
NetGroupAddUser
NetShareDel
DsRoleGetPrimaryDomainInformation
NetUserModalsSet
NetShareSetInfo
NetSessionEnum
NetSessionGetInfo
NetWkstaUserGetInfo
NetGroupEnum
NetFileGetInfo
NetLocalGroupEnum
NetUserChangePassword
NetGroupSetInfo
NetUserGetInfo
NetUserSetInfo
NetUserDel
NetUserModalsGet
NetServerEnum
NetLocalGroupDel
NetUserGetGroups
NetLocalGroupDelMembers
NetQueryDisplayInformation
NetShareGetInfo
NetGroupGetInfo
NetServerSetInfo
NetShareEnum
NetLocalGroupAddMembers
NetLocalGroupGetInfo
NetUserGetLocalGroups
DsRoleFreeMemory
NetUserAdd
NetShareAdd
NetWkstaGetInfo
NetApiBufferFree

oleaut32

VariantCopy

msvcrt

wcscmp
_wcsnicmp
wcscat
_except_handler3
free
_itow
_ftol
_initterm
_onexit
_purecall
_wcsicmp
_CxxThrowException
wcsrchr
__dllonexit
wcslen
malloc
_adjust_fdiv
wcscpy
wcschr
_ltow
_wtol

advapi32

RegConnectRegistryW
ControlService
SystemFunction041
ChangeServiceConfigW
EnumServicesStatusW
SystemFunction040
OpenServiceW
RegCloseKey
UnlockServiceDatabase
RegOpenKeyExW
GetSidIdentifierAuthority
QueryServiceConfigW
LookupAccountNameW
RegQueryValueExW
DeleteService
StartServiceW
OpenSCManagerW
GetLengthSid
RegEnumKeyExW
GetUserNameW
CreateServiceW
QueryServiceStatus
GetSidSubAuthority
LockServiceDatabase
CloseServiceHandle
GetSidSubAuthorityCount

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 313KB - Virtual size: 313KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

281278bb2fef9dbf67acc12ee7a71f39

Headers

File Characteristics

Imports

rpcrt4

ole32

ntdll

mpr

kernel32

user32

netapi32

oleaut32

msvcrt

advapi32

Sections

.text Size: 11KB - Virtual size: 11KB

.data Size: 7KB - Virtual size: 1.2MB

.idata Size: 4KB - Virtual size: 4KB

.rdata Size: 313KB - Virtual size: 313KB

.rsrc Size: 40KB - Virtual size: 40KB

.text
Size: 11KB - Virtual size: 11KB

.data
Size: 7KB - Virtual size: 1.2MB

.idata
Size: 4KB - Virtual size: 4KB

.rdata
Size: 313KB - Virtual size: 313KB

.rsrc
Size: 40KB - Virtual size: 40KB