3045979679672f66a0ab642a813340b9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3045979679672f66a0ab642a813340b9_JaffaCakes118
Size

110KB
MD5

3045979679672f66a0ab642a813340b9
SHA1

519a237f41e78f698895cabfc8d5e33ce044ff6a
SHA256

7d92d1083c187bd872afe77552228ad55a60815b407fb6cc88088ab2a9a3a314
SHA512

feff5e097bb0358e88a51b434203003c93c4b6e9ea5ace383c64485b74e3c8fba99b3aa026ea249dcc874f1c82e61f02ad25e68ccdfa49080423b79eb3bc00df
SSDEEP

3072:5HucG1o7nZkOK0wq7Ki5uOBKuv0uNWQgVdclKObycQy/aDZxR:37NNWQyObyzy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3045979679672f66a0ab642a813340b9_JaffaCakes118

Files

3045979679672f66a0ab642a813340b9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

301544f2408a1eb45c9a5a00c45500d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ADMTAgnt.pdb

Imports

msvcrt

_purecall
realloc
_except_handler3
_wsetlocale
time
malloc
_wcsicmp
swprintf
_vsnwprintf
swscanf
_wmakepath
_wsplitpath
_snwprintf
wcsncpy
gmtime
__CxxFrameHandler
free
??2@YAPAXI@Z
wcscpy
wcsrchr
wprintf
strncpy
??3@YAXPAX@Z
_controlfp
_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_CxxThrowException
wcslen
localtime
asctime
getenv
_splitpath
strncat

msvcirt

??6ostream@@QAEAAV0@PBD@Z
?flush@ostream@@QAEAAV1@XZ
??0strstream@@QAE@PADHH@Z
?endl@@YAAAVostream@@AAV1@@Z
?openprot@filebuf@@2HB
??1fstream@@UAE@XZ
??6ostream@@QAEAAV0@H@Z
??6ostream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
??1strstream@@UAE@XZ
??0fstream@@QAE@PBDHH@Z
??_Dstrstream@@QAEXXZ
??1ios@@UAE@XZ

advapi32

RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
GetLengthSid
CopySid
GetSidSubAuthorityCount
GetSidSubAuthority
LookupAccountSidW
FreeSid
ControlService
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
InitializeAcl
AddAce
GetAclInformation
IsValidAcl
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
GetSecurityDescriptorLength
MakeSelfRelativeSD
MakeAbsoluteSD
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorGroup
GetKernelObjectSecurity
SetKernelObjectSecurity
IsValidSecurityDescriptor
GetSidLengthRequired
InitializeSid
AllocateAndInitializeSid
IsValidSid
GetSidIdentifierAuthority
OpenSCManagerW
OpenServiceW
CloseServiceHandle
StartServiceW
RegOpenKeyW
RegCloseKey
RegQueryValueExW

kernel32

SetUnhandledExceptionFilter
LocalFree
GetStartupInfoW
CreateDirectoryW
FormatMessageW
WriteFile
SetFilePointer
CreateFileW
FindNextFileW
MoveFileW
FindClose
FindFirstFileW
FlushFileBuffers
SetEndOfFile
SetLastError
Beep
GetTimeZoneInformation
InterlockedExchange
InterlockedIncrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CloseHandle
lstrlenW
MultiByteToWideChar
lstrcpyW
lstrcpynW
CompareStringW
GetLastError
LoadLibraryW
GetTempPathW
ExpandEnvironmentStringsW
SetEvent
GetSystemTimeAsFileTime
InterlockedDecrement
WaitForSingleObject
MoveFileExW
DeleteFileW
Sleep
GetVersionExW
GetComputerNameW
ResumeThread
SetThreadPriority
CreateThread
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
lstrcmpiW
HeapDestroy
CreateEventW
ReleaseMutex
GetModuleFileNameW
FreeLibrary
GetProcAddress
CreateMutexW
lstrcatW
lstrlenA
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetCurrentThreadId
GetCommandLineW
GetModuleFileNameA
GetTempPathA
GetFileAttributesA
UnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

user32

GetMessageW
DispatchMessageW
CharPrevW
PostThreadMessageW
CharNextW
LoadStringW
wsprintfW

rpcrt4

DceErrorInqTextW

netapi32

NetServerGetInfo
NetWkstaGetInfo
NetApiBufferFree
NetLocalGroupAddMember
NetLocalGroupDelMember

ole32

CLSIDFromString
OleRun
CoCreateInstance
StringFromCLSID
CoUninitialize
CoTaskMemFree
OleSave
StgCreateDocfile
CoInitialize
CoInitializeSecurity
CoTaskMemRealloc
CoTaskMemAlloc
CoRegisterClassObject
CoRevokeClassObject
CoCreateGuid

oleaut32

SysStringByteLen
SysStringLen
VariantInit
SysAllocStringByteLen
VariantClear
VariantChangeType
RevokeActiveObject
SysAllocString
SysFreeString
GetErrorInfo
LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
LoadTypeLi
RegisterActiveObject

Sections

.text
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

301544f2408a1eb45c9a5a00c45500d2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

msvcirt

advapi32

kernel32

user32

rpcrt4

netapi32

ole32

oleaut32

Sections

.text Size: 83KB - Virtual size: 83KB

.data Size: 512B - Virtual size: 33KB

.rsrc Size: 25KB - Virtual size: 45KB

.text
Size: 83KB - Virtual size: 83KB

.data
Size: 512B - Virtual size: 33KB

.rsrc
Size: 25KB - Virtual size: 45KB