3d5d58a330f3cbc23756b3d4c8ff5092_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3d5d58a330f3cbc23756b3d4c8ff5092_JaffaCakes118
Size

56KB
MD5

3d5d58a330f3cbc23756b3d4c8ff5092
SHA1

9d7eb4bf4c352ecd788f91e44a3bd0f83bcd2ddd
SHA256

e541e8b9a419ee1ddafe17b8e76c35674176734892561cc5f800f5d2a58aa4f4
SHA512

f193da74b3bd79f0bb5720f55be2bca7b78539f6cd58a5880a21d9b28171a3e10ba3f2bb6b84e842fdda3f53fc517929aaf423bf28ebdaa16e2dc234b742693e
SSDEEP

1536:xBljY8A2zj4XnSjZhXiQaoKiYkIQ023FC:xjVzjKGZTKiYXeY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d5d58a330f3cbc23756b3d4c8ff5092_JaffaCakes118

Files

3d5d58a330f3cbc23756b3d4c8ff5092_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5644d26c23e80a4c036aa49ffcde113e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitThread
GetFileAttributesW
LoadLibraryA
GetModuleHandleW
VirtualAlloc
GetLogicalDrives
FreeConsole
lstrcmpiW
GetSystemTimeAsFileTime
GetWriteWatch
CloseConsoleHandle
SetFileApisToANSI
ReadConsoleOutputCharacterW
GetProcAddress
UnlockFileEx
GetCurrentProcess
InterlockedIncrement
QueueUserAPC
DeleteTimerQueueTimer
GetPriorityClass
SetConsoleIcon
SystemTimeToFileTime
SleepEx
UnregisterWaitEx
GetProcessShutdownParameters

printui

ConstructPrinterFriendlyName
ShowErrorMessageSC
PnPInterface
vQueueCreate
vServerPropPages
vPrinterPropPages
DllGetClassObject
bFolderRefresh
UnregisterPrintNotify
DllMain
vDocumentDefaults
ConnectToPrinterDlg

wldap32

ber_printf
ldap_modify_s
ldap_next_reference
ldap_search
ldap_bind
ldap_parse_reference
cldap_openW
ber_bvfree
ldap_count_values_len
ldap_initA
ldap_add_s
ldap_simple_bind_s
ldap_delete_ext_sA

oleacc

IID_IAccessibleHandler
GetStateTextW
CreateStdAccessibleProxyW
AccessibleObjectFromWindow
DllUnregisterServer
LIBID_Accessibility
GetStateTextA
AccessibleObjectFromEvent
CreateStdAccessibleObject
DllGetClassObject
WindowFromAccessibleObject
DllRegisterServer

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5644d26c23e80a4c036aa49ffcde113e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

printui

wldap32

oleacc

Sections

.text Size: 18KB - Virtual size: 17KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 11KB - Virtual size: 98KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 236B

.text
Size: 18KB - Virtual size: 17KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 11KB - Virtual size: 98KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 236B