c73359abc41b0542067d54a0b405bc0b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c73359abc41b0542067d54a0b405bc0b_JaffaCakes118
Size

1.9MB
MD5

c73359abc41b0542067d54a0b405bc0b
SHA1

4c1f5bb853b9d521d8739fe1894da1cb9e5d2548
SHA256

15060c4dda1b9fd2f58e2836aeba2a72493819e44a23033114b5b1ebee19a6f4
SHA512

978bbe74971e4631e16ad10171e9998660ad418ee3be8fc5433065647af9e835b2bfbcc3174665fb7deabc5d0117949ddfab0f0399f95df82a4f92c4dd5a465b
SSDEEP

49152:KWQiVg89ekYoZ+tR0+gH2chC7c0JIPpaI4m:KZixKCT7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c73359abc41b0542067d54a0b405bc0b_JaffaCakes118

Files

c73359abc41b0542067d54a0b405bc0b_JaffaCakes118
.exe windows:10 windows x64 arch:x64

1666acca6ac0f6bb4b1172192f5d9ff0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wbengine.pdb

Imports

advapi32

RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegCloseKey
TraceMessage
DuplicateTokenEx
RegQueryValueExW
GetUserNameW
EventSetInformation
EventRegister
EventUnregister
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
SetServiceStatus
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
GetLengthSid
IsValidSid
CopySid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
MakeAbsoluteSD
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
AddAce
InitializeAcl
GetAclInformation
IsValidSecurityDescriptor
RegEnumValueW
LookupAccountNameW
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
OpenSCManagerW
CreateServiceW
CloseServiceHandle
OpenServiceW
ControlService
DeleteService
InitiateShutdownW
RegGetValueW
TraceEvent
RegUnLoadKeyW
RegLoadKeyW
EventWriteTransfer
CheckTokenMembership
SetSecurityInfo
LsaNtStatusToWinError
GetSecurityDescriptorLength
GetSecurityInfo
EventWrite
EventEnabled
SetThreadToken
OpenThreadToken
EnableTrace
StartTraceW
ControlTraceW
LookupPrivilegeValueW
AdjustTokenPrivileges
RevertToSelf
SetFileSecurityW
LsaFreeMemory
EqualSid
GetWindowsAccountDomainSid
LogonUserExExW
ImpersonateLoggedOnUser
OpenProcessToken
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
LsaQueryInformationPolicy
LsaOpenPolicy
LsaClose
QueryServiceStatus
EnumDependentServicesW

kernel32

CreateThread
GetTickCount
RemoveDirectoryW
HeapSetInformation
CreateWaitableTimerW
WaitForSingleObjectEx
GetCurrentThreadId
GetCommandLineW
CopyFileW
DeviceIoControl
GetVolumePathNameW
GetSystemWindowsDirectoryW
GetDriveTypeW
GetFullPathNameW
TlsGetValue
OutputDebugStringW
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
SetErrorMode
CancelIoEx
GetFileAttributesExW
DeleteVolumeMountPointW
QueryDosDeviceW
SetVolumeMountPointW
SetWaitableTimer
GetLogicalDrives
GetFileSize
GetLongPathNameW
SetFileValidData
SetFilePointerEx
SetEndOfFile
RtlCompareMemory
SleepEx
GetOverlappedResult
GetCurrentThread
SetFilePointer
CancelIo
GetVolumeInformationW
CompareStringOrdinal
CopyFileExW
GetLocalTime
FormatMessageW
GetSystemDirectoryW
LocalAlloc
SetLastError
GetWindowsDirectoryW
GetUserGeoID
GetSystemInfo
GetComputerNameExW
GetVersionExW
GetTempPathW
GetProductInfo
ExpandEnvironmentStringsW
SetFileInformationByHandle
GetFileInformationByHandle
SetFileAttributesW
GetVolumeNameForVolumeMountPointW
FindNextFileW
FindFirstFileW
GetFileInformationByHandleEx
CreateDirectoryW
GetVolumePathNamesForVolumeNameW
GetDiskFreeSpaceExW
GetFileAttributesW
OutputDebugStringA
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
GetEnvironmentVariableW
HeapDestroy
GetProcessHeap
FindNextVolumeW
FindFirstVolumeW
GetTimeZoneInformation
SetThreadExecutionState
FileTimeToLocalFileTime
Sleep
SetVolumeLabelW
FileTimeToSystemTime
CompareFileTime
FindClose
MoveFileW
ReadFile
MoveFileExW
FlushFileBuffers
WriteFile
DeleteFileW
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetSystemTime
LocalFree
GetFileSizeEx
CreateFileW
ResetEvent
WaitForSingleObject
SetEvent
CloseHandle
CreateEventW
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
lstrcmpiW
FreeLibrary
GetModuleHandleW
DeleteCriticalSection
GetProcAddress
LoadResource
FindResourceExW
RaiseException
GetLastError
MultiByteToWideChar
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameW
EnterCriticalSection
SizeofResource
FindVolumeClose
HeapSize
HeapReAlloc
HeapFree
HeapAlloc

user32

UnregisterClassA
CharNextW
LoadStringW
GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
CharUpperW
MessageBoxW
CharUpperBuffW

msvcrt

swscanf_s
??_V@YAXPEAX@Z
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
memcpy
wcsstr
wcsrchr
wcscspn
towlower
_wgetenv
_wtol
_wtoi
wcscpy_s
wcstok_s
_wcsicmp
_vsnwprintf
memmove_s
calloc
memmove
_wcsnicmp
wcsncmp
_exit
_cexit
wcscmp
__setusermatherr
_initterm
_wcmdln
_fmode
_commode
_errno
?terminate@@YAXXZ
realloc
wcscat_s
_scwprintf
wcschr
wcstoul
_callnewh
_wcstoi64
_resetstkoflw
_lock
_unlock
__dllonexit
memset
_onexit
??1type_info@@UEAA@XZ
wcsncpy_s
malloc
free
_purecall
memcpy_s
__C_specific_handler
__CxxFrameHandler3
memcmp
_vsnprintf
_CxxThrowException
exit

ntdll

NtQueryValueKey
NtOpenKey
RtlUnlockBootStatusData
RtlGetSetBootStatusData
RtlCreateSystemVolumeInformationFolder
WinSqmAddToStreamEx
RtlFreeUnicodeString
NtCreateFile
RtlFreeHeap
RtlDosPathNameToNtPathName_U
RtlClearAllBits
RtlSetBits
RtlNumberOfSetBits
RtlInitializeBitMap
RtlFindNextForwardRunClear
RtlClearBits
RtlAreBitsSet
RtlSetBit
EtwTraceMessage
RtlNumberOfClearBits
RtlSetAllBits
NtClose
RtlFormatCurrentUserKeyPath
NtQueryVolumeInformationFile
NtSetInformationKey
NtQueryKey
NtQuerySystemInformation
NtQueryInformationFile
RtlGetLastNtStatus
RtlAreBitsClear
RtlNtStatusToDosError
WinSqmAddToStream
RtlInitUnicodeString
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

ole32

CoInitializeSecurity
CoInitializeEx
CoCreateInstance
StringFromGUID2
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoRegisterClassObject
CoResumeClassObjects
CoRevokeClassObject
CoSuspendClassObjects
CreateClassMoniker
CreateStreamOnHGlobal
CoCreateGuid
CLSIDFromString
CoImpersonateClient
CoRevertToSelf
CoDisconnectObject
GetRunningObjectTable

oleaut32

SysStringByteLen
SysAllocStringByteLen
VariantClear
SysAllocString
VariantInit
VarBstrCmp
RegisterTypeLi
SysFreeString
VarUI4FromStr
SystemTimeToVariantTime
VariantCopy
SysStringLen
LoadTypeLi
UnRegisterTypeLi
SysAllocStringLen
VarBstrCat

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate
UuidFromStringW

vssapi

CreateVssBackupComponentsInternal
VssFreeSnapshotPropertiesInternal
CreateVssExamineWriterMetadataInternal

virtdisk

DetachVirtualDisk
CreateVirtualDisk
SetVirtualDiskInformation
GetVirtualDiskPhysicalPath
OpenVirtualDisk
GetStorageDependencyInformation
AttachVirtualDisk
GetVirtualDiskInformation
GetVirtualDiskOperationProgress
CompactVirtualDisk

bcd

BcdSetSystemStoreDevice
BcdOpenSystemStore
BcdForciblyUnloadStore
BcdCloseStore
BcdImportStoreWithFlags

setupapi

SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupGetInfDriverStoreLocationW
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupEnumPublishedInfW
SetupDiGetDeviceRegistryPropertyW

spp

SppFreeBadWritersArray

netapi32

NetShareAdd
NetShareDel
NetShareGetInfo
NetApiBufferFree

xmllite

CreateXmlReaderInputWithEncodingName
CreateXmlReader

bcrypt

BCryptGetProperty
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptHashData
BCryptCreateHash
BCryptOpenAlgorithmProvider

clusapi

GetNodeClusterState

wer

WerReportSubmit
WerReportCreate
WerReportSetParameter
WerReportCloseHandle
WerReportAddFile

Exports

Exports

??0CTraceFailureHelper@@QEAA@AEAVCTraceProvider@@JPEBGKPEBX@Z
??0CTraceFunction@@QEAA@AEAVCTraceProvider@@PEBGH1PEBX@Z
??0CTraceHelper@@QEAA@AEAVCTraceProvider@@PEBGKPEBX@Z
??0CTraceProvider@@QEAA@W4COMPONENT_CODE@@@Z
??1CTraceFunction@@QEAA@XZ
??1CTraceProvider@@QEAA@XZ
??4CTraceProvider@@QEAAAEAV0@AEBV0@@Z
?EtwEnabled@CTraceProvider@@QEAA_NW4TRACE_FLAG@@@Z
?EtwTrace@CTraceProvider@@QEAAXAEBUDLS_TRACE_EVENT@@@Z
?OdsEnabled@CTraceProvider@@QEAA_NW4TRACE_FLAG@@@Z
?OdsTrace@CTraceProvider@@QEAAXAEBUDLS_TRACE_EVENT@@@Z
?QueryTaskId@CTraceProvider@@SA?AU_GUID@@XZ
?SetTraceControlInfo@CTraceProvider@@QEAAX_N_KK@Z
?Trace@CTraceProvider@@QEAAXW4TRACE_FLAG@@PEBGKPEBX1PEAD@Z
?TraceMessage@CTraceFailureHelper@@QEAAXPEBGZZ
?TraceMessage@CTraceHelper@@QEAAXW4TRACE_FLAG@@PEBGZZ
?m_dwTraceCurrSize@CTraceProvider@@0KA
?m_dwTraceLevel@CTraceProvider@@0KA
?m_dwTraceMaxNum@CTraceProvider@@0KA
?m_dwTraceMaxSize@CTraceProvider@@0KA
?m_dwTraceNextNum@CTraceProvider@@0KA
?m_errLogCriticalSection@CTraceProvider@@0U_RTL_CRITICAL_SECTION@@A
?m_errorFile@CTraceProvider@@0PEAU_iobuf@@EA
?m_errorTracingInBadState@CTraceProvider@@0_NA
?m_isCriticalSectionIntialized@CTraceProvider@@0_NA

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 400KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1666acca6ac0f6bb4b1172192f5d9ff0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

ntdll

ole32

oleaut32

rpcrt4

vssapi

virtdisk

bcd

setupapi

spp

netapi32

xmllite

bcrypt

clusapi

wer

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 171KB - Virtual size: 170KB

.data Size: 3KB - Virtual size: 9KB

.pdata Size: 30KB - Virtual size: 29KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 400KB - Virtual size: 1.1MB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 171KB - Virtual size: 170KB

.data
Size: 3KB - Virtual size: 9KB

.pdata
Size: 30KB - Virtual size: 29KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 400KB - Virtual size: 1.1MB