369f15678877176b382cbaf5875a6d4e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

369f15678877176b382cbaf5875a6d4e_JaffaCakes118
Size

871KB
MD5

369f15678877176b382cbaf5875a6d4e
SHA1

c3afc08677a02d4a1a24a167da3414da20dfbb04
SHA256

f55f5772fa3a9d543df4f9aeb0954b683b94bdc02732a67e0082178fce2ac8e3
SHA512

a483b76628000ddea010186a7bae658d8d19bfab0dd9ae93ad97e6897865fd4097928f52256c09e03e77547fea76921fdd804acf2b8a88295eb05a5c60f498ea
SSDEEP

24576:tGrSYysu5I/dBUY7oKKfn0WKURR44FZ24Wfua5:ASBsu5I/dBfcKKfn0WxRR4A2hfu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
369f15678877176b382cbaf5875a6d4e_JaffaCakes118

Files

369f15678877176b382cbaf5875a6d4e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c231aabf132bc76523d441336214a696

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

adsldpc

SchemaOpen
LdapValueFree
GetDisplayName
LdapGetSubSchemaSubEntryPath
LdapInitializeSearchPreferences
LdapTypeToAdsTypeDNWithString
LdapAttributeFree
LdapReadAttribute
SchemaIsClassAContainer
ADsEnumClasses
?SetAtDisabler@CLexer@@QAEXH@Z
LdapGetSyntaxOfAttributeOnServer
ADSIOpenDSObject
LdapDeleteExtS
LdapTypeToAdsTypeCopyConstruct
SchemaGetObjectCount
FreeADsStr
LdapGetDn
ADsGetColumn
LdapModDnS
ADSIModifyRdn
AdsTypeToLdapTypeCopyGeneralizedTime
GetSyntaxOfAttribute
ADsFreeColumn
LdapModifyExtS
LdapTypeFreeLdapObjects
InitObjectInfo
??1CLexer@@QAE@XZ
LdapFirstAttribute
SchemaAddRef
ADSIExecuteSearch
ADsDeleteDSObject
ConvertSidToU2Trustee
LdapResult
LdapCrackUserDNtoNTLMUser2
SchemaGetStringsFromStringTable
FindSearchTableIndex
LdapNextAttribute
LdapGetSyntaxIdOfAttribute
ReallocADsStr
GetDefaultServer
ADsCreateDSObjectExt
ADsCreateDSObject
LdapGetNextPageS

msvcrt40

?rdbuf@stdiostream@@QBEPAVstdiobuf@@XZ
_wfindnext
strspn
??5istream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
??0stdiostream@@QAE@PAU_iobuf@@@Z
?epptr@streambuf@@IBEPADXZ
_ismbckata
_mbccpy
?unlockc@ios@@KAXXZ
_spawnve
?is_open@fstream@@QBEHXZ
floor
iswpunct
??_G__non_rtti_object@@UAEPAXI@Z
_wgetcwd
_heapchk
??0istream_withassign@@QAE@ABV0@@Z
??4iostream@@IAEAAV0@AAV0@@Z
towupper
fread
_getdrive
?pbackfail@streambuf@@UAEHH@Z
?getint@istream@@AAEHPAD@Z
??_Gexception@@UAEPAXI@Z
__p__mbctype
?setmode@filebuf@@QAEHH@Z
?iword@ios@@QBEAAJH@Z
?underflow@filebuf@@UAEHXZ
_lseeki64
??0ostream_withassign@@QAE@XZ
??_Estdiostream@@UAEPAXI@Z

msvcirt

??0streambuf@@IAE@PADH@Z
?rdbuf@stdiostream@@QBEPAVstdiobuf@@XZ
?tellp@ostream@@QAEJXZ
??_8iostream@@7Bistream@@@
?egptr@streambuf@@IBEPADXZ
?flags@ios@@QAEJJ@Z
??_Estrstream@@UAEPAXI@Z
??_8ostrstream@@7B@
?setbuf@strstreambuf@@UAEPAVstreambuf@@PADH@Z
??4fstream@@QAEAAV0@AAV0@@Z
??_8ifstream@@7B@
??5istream@@QAEAAV0@AAG@Z
??_Gfilebuf@@UAEPAXI@Z
??_8ostream@@7B@
?read@istream@@QAEAAV1@PACH@Z
??_Estrstreambuf@@UAEPAXI@Z
??5istream@@QAEAAV0@AAE@Z
?str@istrstream@@QAEPADXZ
??_Eostrstream@@UAEPAXI@Z
?eof@ios@@QBEHXZ
?unbuffered@streambuf@@IAEXH@Z
?fLockcInit@ios@@0HA
?width@ios@@QBEHXZ
?setmode@ofstream@@QAEHH@Z
??_8fstream@@7Bistream@@@
??4strstreambuf@@QAEAAV0@ABV0@@Z
?base@streambuf@@IBEPADXZ
?getline@istream@@QAEAAV1@PADHD@Z
?peek@istream@@QAEHXZ
??_7stdiostream@@6B@
??0istrstream@@QAE@PAD@Z

kernel32

CreateConsoleScreenBuffer
Module32First
Heap32Next
GetDriveTypeW
ConvertDefaultLocale
UnregisterWait
GetACP
AddRefActCtx
VirtualLock
_lclose
VirtualAlloc
QueryDepthSList
GetDateFormatA
RequestDeviceWakeup
ReadFileScatter
EraseTape
GetModuleHandleW
SetVolumeLabelA
SetEndOfFile
GetLogicalDrives
Module32NextW
EnumResourceLanguagesW
SetConsoleTitleA
TlsFree
OutputDebugStringA
QueryPerformanceCounter
GetStartupInfoW
SetSystemTimeAdjustment
OpenMutexW
LoadResource
SetConsoleNumberOfCommandsA
lstrcpyW
AddAtomA
EnumCalendarInfoExW
SetWaitableTimer
SetFileShortNameA
GetCalendarInfoW
GlobalFindAtomW
lstrcmpiA
SetErrorMode
GetConsoleDisplayMode
CreateTimerQueue
CreateThread
LoadLibraryA

gdi32

EnumFontsW
PaintRgn
FONTOBJ_cGetAllGlyphHandles
SetDIBitsToDevice
ScaleWindowExtEx
MaskBlt
EngLineTo
GdiPlayJournal
SetMagicColors
SetFontEnumeration
SetMapMode
PATHOBJ_vEnumStart
DdEntry55
FONTOBJ_pifi
GetObjectW
GdiAddGlsBounds
GetStretchBltMode
FillRgn
GetGlyphIndicesA
SetDeviceGammaRamp
FONTOBJ_vGetInfo
GetPath
GdiDrawStream
DdEntry22
EngBitBlt
GetMetaFileBitsEx
SetMetaRgn
GetClipBox
GdiComment
LineDDA

dnsapi

DnsRecordTypeForName
DnsGetDomainName
DnsIsStatusRcode
DnsGlobals
DnsModifyRecordsInSet_W
Dns_ReadPacketName
DnsRemoveRegistrations
DnsAsyncRegisterTerm
Dns_WriteRecordStructureToPacketEx
Dns_CreateSocketEx
DnsRegisterClusterAddress
DnsReplaceRecordSetA
DnsFreeConfigStructure
DnsUpdateTest_UTF8
Dns_RecvTcp
DnsExtractRecordsFromMessage_W
DnsAllocateRecord
Dns_ReadPacketNameAllocate
GetCurrentTimeInSeconds
CombineRecordsInBlob
DnsWriteReverseNameStringForIpAddress
Dns_SkipToRecord
DnsGetCacheDataTable
Dns_UpdateLibEx
DnsApiRealloc
NetInfo_IsForUpdate
Dns_SendAndRecvUdp
DnsIpv6AddressToString
Dns_GetRandomXid
DnsNotifyResolverEx
Dns_InitializeWinsock
Dns_AllocateMsgBuf
DnsQueryExW
QueryDirectEx
DnsApiFree
Dns_SendEx
DnsAsyncRegisterInit
DnsValidateUtf8Byte
Dns_WriteQuestionToMessage
DnsStatusString
DnsApiAlloc

Sections

.text
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 327KB - Virtual size: 327KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 396KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c231aabf132bc76523d441336214a696

Headers

DLL Characteristics

File Characteristics

Imports

adsldpc

msvcrt40

msvcirt

kernel32

gdi32

dnsapi

Sections

.text Size: 144KB - Virtual size: 144KB

.rdata Size: 327KB - Virtual size: 327KB

.data Size: 396KB - Virtual size: 1.8MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 144KB - Virtual size: 144KB

.rdata
Size: 327KB - Virtual size: 327KB

.data
Size: 396KB - Virtual size: 1.8MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B