JaffaCakes118_7913b537a0abb790594b45e7f92bbd10

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_7913b537a0abb790594b45e7f92bbd10
Size

335KB
MD5

7913b537a0abb790594b45e7f92bbd10
SHA1

89a5ede2588081620a719927a5e6c9c81053d40a
SHA256

337da0f9707b59fee809ff632840f51f31c3d7d25268fb0ab994d49a89d179f9
SHA512

5c8d5be7c134f83a4a9ad2b6cc24b4ef94e5f9cf07c2d898029666e1b0c12ef6b0ed47ba28f04aff47aec2167dd61f92e969d4895071b02339ee1b5ee4a9b8fc
SSDEEP

6144:84co6jgW4CS35RLY+0ERNklPtn/ejOZZAmavcTC+wfsoIw8h:nc/jgW4CS35JYkRNklP0jQSCTC+wfsvf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_7913b537a0abb790594b45e7f92bbd10

Files

JaffaCakes118_7913b537a0abb790594b45e7f92bbd10
.exe windows:6 windows x86 arch:x86

fb687f4f7acc1f20b5382a2c932a259e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

net1.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyW
LsaClose
GetSidSubAuthority
CopySid
GetSidLengthRequired
GetSidSubAuthorityCount
LsaFreeMemory
EqualSid
LsaLookupSids
GetLengthSid
LsaQueryInformationPolicy
LsaOpenPolicy
LsaLookupNames2
LsaLookupNames
SetSecurityDescriptorDacl
LookupAccountNameW
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
CreateWellKnownSid
LookupAccountSidW
GetAce
GetSecurityDescriptorDacl
GetServiceKeyNameW
OpenSCManagerW
GetServiceDisplayNameW
CloseServiceHandle
EnumDependentServicesW
QueryServiceStatus
OpenServiceW

kernel32

GetComputerNameExW
Sleep
CompareStringW
GetUserDefaultLCID
GetCommandLineW
GetStdHandle
SetThreadUILanguage
GetCPInfo
GetConsoleOutputCP
GetLastError
HeapSetInformation
WideCharToMultiByte
GetComputerNameW
LocalFree
LocalAlloc
GetDriveTypeW
GetTimeFormatW
GetDateFormatW
GetProfileStringW
SetSystemTime
SetLocalTime
GetTickCount
GetProcAddress
LoadLibraryW
GlobalAlloc
GlobalFree
lstrlenW
GetTimeZoneInformation
FreeLibrary
SetLastError
GetModuleFileNameW
WriteConsoleW
WriteFile
FormatMessageW
PeekConsoleInputW
GetConsoleMode
SetConsoleMode
ReadConsoleW
GetFileType
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
InterlockedExchange
InterlockedCompareExchange
SetUnhandledExceptionFilter
GetModuleHandleA
GetComputerNameA

msvcrt

_snwprintf_s
putchar
_local_unwind4
_wcsdup
wcstok
_vsnwprintf_s
_ftol2
_ftol2_sse
wcstod
_strnicmp
_stricmp
wcspbrk
strchr
_controlfp
_except_handler4_common
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_XcptFilter
_exit
__getmainargs
memmove
wcscspn
iswctype
calloc
wcsrchr
srand
rand
_wcsrev
malloc
realloc
free
_ultow
memcpy
swprintf_s
wcsstr
wcsncat_s
wcschr
exit
sprintf_s
setlocale
_wcsnicmp
_iob
_fileno
_setmode
qsort
wcsspn
wcscpy_s
wcsncmp
memset
wcsncpy_s
_wcslwr
wcscat_s
_wcsupr
_wcsicmp
_cexit

dsrole

DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation

netutils

NetpwListCanonicalize
NetpwNameCompare
NetpwListTraverse
NetApiBufferReallocate
NetpwPathType
NetpwNameCanonicalize
NetApiBufferAllocate
NetpwNameValidate
NetApiBufferFree
NetapipBufferAllocate

logoncli

DsGetDcNameW

browcli

NetServerEnum

samcli

NetUserSetInfo
NetUserEnum
NetUserGetInfo
NetGroupGetInfo
NetGroupGetUsers
NetGroupEnum
NetGroupDelUser
NetGroupAddUser
NetGroupDel
NetGroupSetInfo
NetGroupAdd
NetUserDel
NetUserAdd
NetUserModalsSet
NetUserModalsGet
NetUserGetGroups

srvcli

NetSessionEnum
NetFileClose
NetFileGetInfo
NetFileEnum
NetServerTransportEnum
NetSessionDel
NetSessionGetInfo
NetConnectionEnum
NetShareDel
NetShareEnum
NetShareSetInfo
NetShareAdd
NetShareCheck
NetShareDelSticky
NetRemoteTOD
NetServerGetInfo
NetServerSetInfo
NetShareGetInfo

wkscli

NetWkstaTransportEnum
NetUseDel
NetUseEnum
NetWkstaUserGetInfo
NetWkstaGetInfo

netapi32

NetServiceControl
NetServiceEnum
NetStatisticsGet
NetServiceInstall

samlib

SamDeleteAlias
SamCloseHandle
SamRemoveMemberFromAlias
SamFreeMemory
SamQueryInformationAlias
SamLookupIdsInDomain
SamLookupNamesInDomain
SamOpenDomain
SamConnect
SamEnumerateAliasesInDomain
SamGetMembersInAlias
SamSetInformationAlias
SamGetAliasMembership
SamCreateAliasInDomain
SamAddMemberToAlias
SamOpenAlias

ntdsapi

DsFreeNameResultW
DsCrackNamesW
DsBindW
DsUnBindW

ntdll

RtlAllocateHeap
RtlInitializeSid
RtlLengthRequiredSid
RtlSubAuthoritySid
RtlCopySid
RtlSubAuthorityCountSid
NtClose
NtQuerySystemTime
RtlNtStatusToDosError
RtlTimeFieldsToTime
NtSetInformationThread
NtAdjustPrivilegesToken
NtDuplicateToken
RtlQueryTimeZoneInformation
RtlCompareMemory
RtlxOemStringToUnicodeSize
NlsMbOemCodePageTag
RtlOemStringToUnicodeString
RtlInitAnsiString
RtlInitUnicodeString
RtlTimeToSecondsSince1970
RtlLengthSid
RtlGetNtProductType
NtOpenProcessToken
RtlInitString

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 196KB - Virtual size: 1.3MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fb687f4f7acc1f20b5382a2c932a259e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

dsrole

netutils

logoncli

browcli

samcli

srvcli

wkscli

netapi32

samlib

ntdsapi

ntdll

Sections

.text Size: 96KB - Virtual size: 95KB

.data Size: 34KB - Virtual size: 54KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

.vmp0 Size: 196KB - Virtual size: 1.3MB

.text
Size: 96KB - Virtual size: 95KB

.data
Size: 34KB - Virtual size: 54KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB

.vmp0
Size: 196KB - Virtual size: 1.3MB