f740034724500da0d3467c1668f9c56b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f740034724500da0d3467c1668f9c56b_JaffaCakes118
Size

96KB
MD5

f740034724500da0d3467c1668f9c56b
SHA1

3429885a0a04d6b5fac9b84ac9685680bec8fa41
SHA256

8addbbcdd2a6bd5163946e6b18f182317a0f8c086cfbdfe221195c05b87195dd
SHA512

5d411af2a1ce49543140ad6009b7f7c288d1e21cb3785fbd949cce07e5b9b06a84c18d5cda7118ba6a08996b8a41bd28cca4ff7dd71e7c3315fd62fc2eb6a89e
SSDEEP

1536:v3XgzDJhNi/OWETNlqAcegD6nUUiQOuoP/MP0jfqSgsQ+5XzHMcSXNOKkd4vcP:PXaJhNeETNsAq6nUlk6/MPALpPyOKx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f740034724500da0d3467c1668f9c56b_JaffaCakes118

Files

f740034724500da0d3467c1668f9c56b_JaffaCakes118
.exe windows:6 windows x64 arch:x64

ac05ba171e5527e50d53aaf1f57aac18

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

bfsvc.pdb

Imports

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenThreadToken
GetTokenInformation
GetSecurityDescriptorControl
SetNamedSecurityInfoW
LookupPrivilegeValueW
GetSecurityDescriptorOwner
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
AdjustTokenPrivileges
ConvertSidToStringSidW
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
OpenProcessToken

kernel32

OutputDebugStringA
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FindFirstFileW
HeapAlloc
HeapFree
GetProcessHeap
WriteFile
GetVolumePathNameW
GetFileAttributesW
CreateFileW
SetLastError
FindClose
FindNextFileW
SetFileAttributesW
GetVolumeInformationW
MapViewOfFile
UnmapViewOfFile
Sleep
LocalFree
GetLastError
SetUnhandledExceptionFilter
GetFileSizeEx
CreateFileMappingW
CloseHandle
CopyFileExW
DeviceIoControl
GetFullPathNameW
CreateDirectoryW
GetCurrentThread

msvcrt

_wcsnicmp
fflush
wcsstr
_isatty
_write
_lseeki64
_fileno
_read
__pioinfo
__badioinfo
realloc
wcstombs
iswctype
ferror
malloc
fwprintf
wcsrchr
ungetc
_vsnwprintf
wctomb
_itoa
_snprintf
_iob
localeconv
isxdigit
isleadbyte
__mb_cur_max
mbtowc
isdigit
calloc
free
?terminate@@YAXXZ
memset
memcpy
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
_wcslwr
_errno
_wcsicmp
wcschr

imagehlp

CheckSumMappedFile

shell32

CommandLineToArgvW

shlwapi

PathRemoveBackslashW

ntdll

NtResetEvent
NtQueryValueKey
NtOpenKey
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
RtlAllocateHeap
RtlFreeHeap
NtSetInformationFile
LdrFindResource_U
LdrAccessResource
NtOpenFile
NtOpenProcess
NtCreateEvent
RtlNtStatusToDosError
NtSetInformationThread
NtWaitForSingleObject
NtQueryInformationProcess
NtQueryInformationFile
RtlInitUnicodeString
NtQueryInformationThread
NtDeviceIoControlFile
NtClose
NtQuerySystemInformation
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ac05ba171e5527e50d53aaf1f57aac18

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

imagehlp

shell32

shlwapi

ntdll

version

Sections

.text Size: 62KB - Virtual size: 62KB

.data Size: 1KB - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 27KB - Virtual size: 28KB

.text
Size: 62KB - Virtual size: 62KB

.data
Size: 1KB - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 27KB - Virtual size: 28KB