307c29dde6bc32e0f834eaf4b54faa5c_JaffaCakes118

General

Target

307c29dde6bc32e0f834eaf4b54faa5c_JaffaCakes118
Size

88KB
MD5

307c29dde6bc32e0f834eaf4b54faa5c
SHA1

e63608ce21a4693a0cf6c2e6989bda1545ae64c5
SHA256

b3e9b6d692e5f1e7b9f45984dbf7eebb5dcec20391b086d9ba62785a404ad706
SHA512

1189e59b67ea75901a5c70c094df84c3ea3b51c08b279920d7fb85e4f8d33c7818b638797d7ac2183aeccbd42805dd83c25faedbbf0017a8335a45b12c12b6c7
SSDEEP

1536:Ud83bWixWSTkMUBVYn/Xs07DDBKbkECKP6Eo3/ErXj9GI1DAUL:8D5xMOYnx7BKbkVKfKE7jfb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
307c29dde6bc32e0f834eaf4b54faa5c_JaffaCakes118

Files

307c29dde6bc32e0f834eaf4b54faa5c_JaffaCakes118
.dll windows:5 windows x86 arch:x86

ac499b331f629120d499477b35ff002e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

swprintf
swscanf
_msize
sscanf
malloc
wcscat
wcscpy
fputs
_stricmp
fgets
free
wcslen
atol
tmpnam
fopen
fclose

user32

LoadStringA
CharToOemW
OemToCharW
wsprintfA

advapi32

RegQueryValueExA
LsaClose
LsaDelete
LsaOpenSecret
LsaOpenPolicy
RegEnumKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExA
RegSetValueExW
RegCreateKeyExW

kernel32

OpenFile
lstrlenW
CloseHandle
lstrcatW
WriteFile
lstrlenA
SetFilePointer
CreateFileA
GetVersion
LocalAlloc
MultiByteToWideChar
GetProcAddress
DeleteFileA
CopyFileA
GetLastError
LocalFree
LoadLibraryA
WritePrivateProfileStringA
WriteProfileStringA
FreeLibrary
LoadLibraryW
SetLastError
lstrcpyW
lstrcmpiW
GetPrivateProfileStringW

ntdll

RtlNtStatusToDosError
RtlInitUnicodeString

Exports

Exports

AddNetwarePrinterProvidor
AppendSzToFile
CleanupRegistryForNWCS
DeleteGatewayPassword
DeleteNetwarePrinterProvidor
GetKernelVersion
RemoveSzFromFile
SetEverybodyPermission
SetFileSysChangeValue
SetupRegistryForNWCS
lodctr
unlodctr

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac499b331f629120d499477b35ff002e

Headers

File Characteristics

Imports

msvcrt

user32

advapi32

kernel32

ntdll

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 14KB

.data Size: 69KB - Virtual size: 73KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 14KB - Virtual size: 14KB

.data
Size: 69KB - Virtual size: 73KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB