5442b70d471e0a9363c0506f42baa174_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5442b70d471e0a9363c0506f42baa174_JaffaCakes118
Size

1.1MB
MD5

5442b70d471e0a9363c0506f42baa174
SHA1

edb65b9a07c1453f5feed5cb3f786f5a2a5bc7c6
SHA256

f55466f8c4f711ca8f206ab98bca6846f55aacb44a4e2fd3c13a88f22d16bc24
SHA512

eff72bc0cb43be22d154433e9eea2432b9f42241f751c9eaa06e1f03b75e00eb5d4dbf9d8547c56cdefa5b961321150910cfc78fa8f5c6ef783e673e82e233ab
SSDEEP

24576:9lbBimdr+d793uBNB9ouyROHzPK7FqA/2YkRU86JG:9lbBH+d7VKD9ouywTPEUyruUb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5442b70d471e0a9363c0506f42baa174_JaffaCakes118

Files

5442b70d471e0a9363c0506f42baa174_JaffaCakes118
.exe windows:4 windows x86 arch:x86

308d12b1cb0c2749bbf7ad541fd84e71

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

netapi32

NetServerSetInfo
NetGroupDel
NetDfsAddStdRoot
NetLocalGroupGetMembers
NetapipBufferAllocate
NetLocalGroupAddMembers
NetJoinDomain
NetLocalGroupEnum
NetServerEnum
NetGroupSetInfo
NetShareGetInfo
NetUserGetGroups
NetLocalGroupSetInfo
NetUserDel
NetAlertRaiseEx
NetUseAdd
NetGetJoinInformation

imagehlp

ImageEnumerateCertificates
ImageRvaToSection
SymSetOptions
ImageNtHeader
ImageGetCertificateData
ImageLoad
CheckSumMappedFile
ImageRvaToVa
EnumerateLoadedModules64
ImageUnload
SymInitialize
ImageDirectoryEntryToData

kernel32

GlobalUnlock
VirtualAlloc
FreeResource
SleepEx
TerminateProcess
lstrlenW
Process32First
GetSystemTime
FindFirstChangeNotificationW
EnumSystemLocalesA
GetDevicePowerState
LockFile
GetVolumePathNameW
SetStdHandle
SetThreadAffinityMask
GetPrivateProfileStructA
FlushConsoleInputBuffer
GetVolumePathNameA
WaitForMultipleObjects
PrivMoveFileIdentityW
SetVolumeMountPointW
CreateProcessA
GetWriteWatch

advapi32

RevertToSelf
LookupAccountNameW
SystemFunction005
InitializeAcl
DeleteAce
WmiExecuteMethodW
GetWindowsAccountDomainSid
SetSecurityInfo
SetPrivateObjectSecurity
OpenServiceW
DuplicateToken
LsaOpenTrustedDomain
WriteEncryptedFileRaw
GetSidLengthRequired
GetPrivateObjectSecurity
ElfReportEventW
GetSidSubAuthority
RegSetValueExA
CryptGetKeyParam

odbc32

CursorLibLockDesc
CursorLibLockDbc
ValidateErrorQueue
VRetrieveDriverErrorsRowCol
SearchStatusCode
CursorLibTransact
PostODBCError
PostODBCComponentError
CursorLibLockStmt
LockHandle
VFreeErrors

Sections

.text
Size: 196KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.LJfR
Size: 816KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

308d12b1cb0c2749bbf7ad541fd84e71

Headers

File Characteristics

Imports

netapi32

imagehlp

kernel32

advapi32

odbc32

Sections

.text Size: 196KB - Virtual size: 193KB

.LJfR Size: 816KB - Virtual size: 1.2MB

.rsrc Size: 144KB - Virtual size: 140KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 196KB - Virtual size: 193KB

.LJfR
Size: 816KB - Virtual size: 1.2MB

.rsrc
Size: 144KB - Virtual size: 140KB

.reloc
Size: 4KB - Virtual size: 2KB