3c3629733ea4fa06701ccadc3a93c46b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3c3629733ea4fa06701ccadc3a93c46b_JaffaCakes118
Size

49KB
MD5

3c3629733ea4fa06701ccadc3a93c46b
SHA1

37d7beee96c7d866f6dcd1b67c87847877529f7a
SHA256

b478dba7459a9ae1c82db06ccb9a560d303a808c1a14b18d05270fbb2618abd6
SHA512

abef106cae0624853d18fb5e07b648e198f6adf08ce24620023c0486849311e41e171748901f3a4fde6c6617959552b41169bb95652527a5fbdbfba87b4c208e
SSDEEP

768:r5rJFqgnBZjbRWsz1IWuzT2d6zmoRrI7cwE9sQ0k3IB8KKO6Us8fcIROeD:r5rJFqgnTjbRRIv3HccGxEO5sZIROeD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c3629733ea4fa06701ccadc3a93c46b_JaffaCakes118

Files

3c3629733ea4fa06701ccadc3a93c46b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

83b86bc6a91d101b175ee2e18de6fe93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
EnumDateFormatsW
SetConsoleMenuClose
GetVersionExW
VirtualAlloc
FindNextFileW
FileTimeToLocalFileTime
HeapCreate
SetFileTime
GetSystemWow64DirectoryW
AreFileApisANSI
LockFile
FindNextVolumeMountPointW
GetStartupInfoA
ResetWriteWatch
LoadLibraryA
GlobalUnWire
GetConsoleCP
GetModuleHandleW
WritePrivateProfileSectionW
SetThreadAffinityMask
GetPriorityClass
Toolhelp32ReadProcessMemory
HeapAlloc
GetSystemTimeAsFileTime
OutputDebugStringA
AddRefActCtx
InterlockedPopEntrySList
lstrcatW
PeekConsoleInputA
SleepEx
SetComPlusPackageInstallStatus
GetConsoleInputExeNameA
Heap32ListNext
GetMailslotInfo
EnumSystemLocalesA
CreateSemaphoreW
SetFileValidData
QueryDepthSList

hlink

HlinkIsShortcut
HlinkCreateBrowseContext
HlinkOnNavigate
HlinkResolveShortcutToMoniker
HlinkResolveMonikerForData
HlinkCreateShortcut
HlinkResolveShortcut
HlinkPreprocessMoniker
HlinkUpdateStackItem
HlinkCreateFromMoniker
HlinkCreateShortcutFromString
HlinkClone
HlinkCreateFromData
HlinkNavigateToStringReference
HlinkSetSpecialReference
HlinkResolveStringForData
OleSaveToStreamEx
HlinkGetSpecialReference
HlinkNavigate
HlinkTranslateURL
HlinkCreateShortcutFromMoniker
HlinkQueryCreateFromData
HlinkGetValueFromParams
HlinkCreateFromString
HlinkResolveShortcutToString
HlinkCreateExtensionServices
HlinkOnRenameDocument
HlinkParseDisplayName

ntmarta

AccProvHandleGetAccessInfoPerObjectType
AccLookupAccountName
AccSetEntriesInAList
AccProvHandleSetAccessRights
AccProvSetAccessRights
AccProvGetAccessInfoPerObjectType
AccRewriteSetEntriesInAcl
AccProvHandleRevokeAccessRights
AccProvHandleGetAllRights
AccProvGrantAccessRights
AccConvertAclToAccess
AccProvRevokeAccessRights
AccConvertAccessToSD
AccGetExplicitEntries
AccProvIsAccessAudited
AccProvRevokeAuditRights
AccRewriteSetHandleRights
AccLookupAccountSid
AccRewriteSetNamedRights
AccProvCancelOperation
AccRewriteGetNamedRights
AccTreeResetNamedSecurityInfo
AccProvHandleRevokeAuditRights
AccGetAccessForTrustee
AccRewriteGetHandleRights

secur32

AddCredentialsA
SaslIdentifyPackageA
SealMessage
QuerySecurityPackageInfoA
LsaRegisterPolicyChangeNotification
DeleteSecurityPackageW
ImportSecurityContextA
GetUserNameExA
LsaEnumerateLogonSessions
LsaLogonUser
TranslateNameA
FreeContextBuffer
QueryContextAttributesA
SecpTranslateNameEx
InitializeSecurityContextA
AcquireCredentialsHandleW
LsaRegisterLogonProcess
SecpTranslateName
AddSecurityPackageA
GetUserNameExW
InitSecurityInterfaceW
SecpFreeMemory
GetComputerObjectNameA
MakeSignature
SaslAcceptSecurityContext
AcceptSecurityContext
CompleteAuthToken
QuerySecurityContextToken
SaslGetProfilePackageW

mtxoci

oermsg
ologof
ocan
obreak
ocof
odessp
oexec
orol
oflng
oopt
ofetch
olog
GetXaSwitch
MTxOciGetVersion
oexfet
ologTransacted
oexn
odefinps
ocom
MTxOciRegisterCursor
MTxOciInit
opinit
oerhms
Enlist
oopen
oclose
oparse

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

83b86bc6a91d101b175ee2e18de6fe93

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

hlink

ntmarta

secur32

mtxoci

Sections

.text Size: 38KB - Virtual size: 38KB

.rdata Size: 8KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 38KB - Virtual size: 38KB

.rdata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB