23c8e175bf36fb6e6caf72b471f12ab5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

23c8e175bf36fb6e6caf72b471f12ab5_JaffaCakes118
Size

432KB
MD5

23c8e175bf36fb6e6caf72b471f12ab5
SHA1

44e9ee4f5c3f30e05e09be8b77ea5d5cc35bdd93
SHA256

b8006d52da86f718cc98ec69807eaafdb898c72ad0fd7c8f9453be59d91bd0ce
SHA512

d9659e5b74c7150677e0ad2100a5a7ca868f2e19da37dc376548ca6067078d4453e85610e1303018c1d941299c16581b97eb81ed97ef9a76e9c284bbdd1e1e22
SSDEEP

12288:qUCmZiCUmrWUhZu1oNW1BW9/Kr9tC3MvzwDse/5xPUX:AC1rWUhZuu41BW9/K37EDX/P8X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23c8e175bf36fb6e6caf72b471f12ab5_JaffaCakes118

Files

23c8e175bf36fb6e6caf72b471f12ab5_JaffaCakes118
.exe windows:10 windows x86 arch:x86

41721e0f933696d50ab32d544d64dcd3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

svchost.pdb

Imports

api-ms-win-core-crt-l2-1-0

_initterm
_initterm_e
__wgetmainargs

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
SetProcessAffinityUpdateMode
ExitProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64
GetTickCount

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
SetErrorMode
UnhandledExceptionFilter

api-ms-win-service-private-l1-1-3

I_RegisterSvchostNotificationCallback

api-ms-win-core-crt-l1-1-0

qsort_s
memset
memcpy
_wcsicmp

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
LoadLibraryExW

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
AcquireSRWLockExclusive
AcquireSRWLockShared
InitializeSRWLock
EnterCriticalSection
LeaveCriticalSection
ReleaseSRWLockShared

api-ms-win-service-winsvc-l1-1-0

RegisterServiceCtrlHandlerW

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW
SetServiceStatus

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
RegDisablePredefinedCacheEx
RegQueryValueExW
RegGetValueW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
ExpandEnvironmentStringsW

api-ms-win-core-processthreads-l1-1-1

SetProcessMitigationPolicy

api-ms-win-core-processthreads-l1-1-2

SetProtectedPolicy

rpcrt4

RpcServerUnregisterIfEx
I_RpcMapWin32Status
RpcServerUseProtseqEpW
RpcMgmtSetServerStackSize
RpcServerUnregisterIf
RpcServerRegisterIf
RpcMgmtStopServerListening
RpcServerListen
RpcMgmtWaitServerListen
I_RpcServerDisableExceptionFilter

api-ms-win-core-localization-l1-2-0

LCMapStringW

api-ms-win-security-base-l1-1-0

SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
GetLengthSid
AddAccessAllowedAce
InitializeAcl
GetTokenInformation
InitializeSecurityDescriptor

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-crt-utility-l1-1-0

bsearch_s

api-ms-win-core-sidebyside-l1-1-0

ReleaseActCtx
CreateActCtxW
DeactivateActCtx
ActivateActCtx

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

ntdll

RtlQueryHeapInformation
RtlImageNtHeader
_vsnwprintf
TpSetTimer
TpReleaseTimer
TpWaitForTimer
TpSetTimerEx
EtwEventWrite
RtlRunOnceExecuteOnce
RtlNtStatusToDosError
EtwEventEnabled
TpReleaseWait
RtlNtStatusToDosErrorNoTeb
TpSetWait
TpAllocWait
EtwEventRegister
RtlUnhandledExceptionFilter
NtSetInformationProcess
RtlSetProcessIsCritical
RtlInitializeCriticalSection
RtlInitializeSid
RtlAllocateHeap
RtlSubAuthoritySid
RtlGetDeviceFamilyInfoEnum
RtlReleaseSRWLockExclusive
RtlSubAuthorityCountSid
RtlAcquireSRWLockExclusive
RtlLengthRequiredSid
RtlDeriveCapabilitySidsFromName
RtlCopySid
RtlFreeHeap
TpAllocTimer
NtQuerySystemInformation

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 400KB - Virtual size: 992KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

41721e0f933696d50ab32d544d64dcd3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-crt-l2-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-service-private-l1-1-3

api-ms-win-core-crt-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-processthreads-l1-1-2

rpcrt4

api-ms-win-core-localization-l1-2-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-core-sidebyside-l1-1-0

api-ms-win-core-threadpool-private-l1-1-0

ntdll

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Sections

.text Size: 22KB - Virtual size: 22KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 20B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 400KB - Virtual size: 992KB

.text
Size: 22KB - Virtual size: 22KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 20B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 400KB - Virtual size: 992KB