ede40ecf7d746a6562d0b6d9ed179c5e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ede40ecf7d746a6562d0b6d9ed179c5e_JaffaCakes118
Size

196KB
MD5

ede40ecf7d746a6562d0b6d9ed179c5e
SHA1

d7e6618bc474df8783c6ad883b893b2c15b8bca2
SHA256

ef587a0158423768749c5cb8519999c87904fdb0bdcba4d12d035bb5f8af88d1
SHA512

b8e4bf202d634fb4a93a4fd4d2999a754c8578e4b6fa3c630dd9580439d8026416510f722f02d575143b78a39248e1da359ad287b450577473314b268d1c1cfd
SSDEEP

3072:2oWR46RXX5rivqb84yjdKBkNWLxYeRApLy0KbqS+ouXO1thHKyM6RKhS3wopWi6:3WR46RTSjdWdlYy0K/Joo1s6RGS3w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ede40ecf7d746a6562d0b6d9ed179c5e_JaffaCakes118

Files

ede40ecf7d746a6562d0b6d9ed179c5e_JaffaCakes118
.dll windows:5 windows x86 arch:x86

62bf2ed7cd3e2a56ec247a3dcffdc25e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

authz.pdb

Imports

msvcrt

wcslen
wcsncpy
_except_handler3
free
_initterm
malloc
_wcsnicmp
_adjust_fdiv
wcsncmp
wcscpy
wcscat
memmove

ntdll

RtlConvertSidToUnicodeString
RtlFreeUnicodeString
RtlValidSid
RtlMakeSelfRelativeSD
RtlLengthSecurityDescriptor
NtClose
DbgPrint
NtQueryValueKey
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlInitializeCriticalSection
RtlNtStatusToDosError
RtlLengthSid
NtOpenKey
RtlInitUnicodeString
RtlCopySid
RtlCopyLuid
RtlEqualSid
RtlGetNtProductType
RtlSubAuthoritySid
RtlSubAuthorityCountSid
NtAllocateLocallyUniqueId
RtlInitString
NtQueryInformationToken

kernel32

FreeLibrary
LoadLibraryA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
GetComputerNameExW
GetComputerNameW
SetUnhandledExceptionFilter
GetProcAddress
GetCurrentThreadId
VirtualProtect
LocalFree
SetLastError
LocalAlloc
CloseHandle
CreateThread
CreateEventW
SetThreadPriority
SetEvent
WaitForSingleObject
GetLastError
InterlockedIncrement
InterlockedDecrement
VirtualAlloc
GetSystemInfo
VirtualFree
GetCurrentThread
GetCurrentProcess
InterlockedCompareExchange
ResetEvent

rpcrt4

I_RpcExceptionFilter
RpcSsDestroyClientContext
RpcStringFreeW
RpcBindingFree
RpcBindingFromStringBindingW
RpcStringBindingComposeW
NdrClientCall2
I_RpcMapWin32Status

advapi32

RegCloseKey
ConvertSidToStringSidW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
EqualDomainSid
CreateWellKnownSid
IsWellKnownSid
GetTokenInformation
GetLengthSid
OpenThreadToken
OpenProcessToken
RegQueryValueExA
RegOpenKeyExA
RegSetValueExW

Exports

Exports

ServiceMain
AuthzAddSidsToContext
AuthzCachedAccessCheck
AuthzFreeAuditEvent
AuthzFreeContext
AuthzFreeHandle
AuthzFreeResourceManager
AuthzGetInformationFromContext
AuthzInitializeContextFromAuthzContext
AuthzInitializeContextFromSid
AuthzInitializeContextFromToken
AuthzInitializeObjectAccessAuditEvent
AuthzInitializeResourceManager
AuthzOpenObjectAudit
AuthziAllocateAuditParams
AuthziFreeAuditEventType
AuthziFreeAuditParams
AuthziFreeAuditQueue
AuthziInitializeAuditEvent
AuthziInitializeAuditEventType
AuthziInitializeAuditParams
AuthziInitializeAuditParamsFromArray
AuthziInitializeAuditParamsWithRM
AuthziInitializeAuditQueue
AuthziLogAuditEvent
AuthziModifyAuditEvent
AuthziModifyAuditEventType
AuthziModifyAuditQueue
AuthziQueryAuditPolicy
AuthziSetAuditPolicy

Sections

.text
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62bf2ed7cd3e2a56ec247a3dcffdc25e

Headers

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

rpcrt4

advapi32

Exports

Exports

Sections

.text Size: 51KB - Virtual size: 50KB

.data Size: 1024B - Virtual size: 544B

.rsrc Size: 141KB - Virtual size: 141KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 51KB - Virtual size: 50KB

.data
Size: 1024B - Virtual size: 544B

.rsrc
Size: 141KB - Virtual size: 141KB

.reloc
Size: 1KB - Virtual size: 1KB