f7824ed042e10cdc21aa4eec419fc98d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f7824ed042e10cdc21aa4eec419fc98d_JaffaCakes118
Size

1.4MB
MD5

f7824ed042e10cdc21aa4eec419fc98d
SHA1

1e76fe8e4193e1aa9da2a0da3c09980cc55b26ba
SHA256

9bff744d7bff4b267ea40bcc24dac38fb6341c5d2949790e0cd114914fc0d937
SHA512

5691a5743841c23b841b0b03c43e5096ab071ed3718be1c1314f57c8338bcb58d9f3c9853ead7cbf696858c2ab471e20f38f9b95b46e5b7557f43af312d8a9b2
SSDEEP

24576:bvc+c6bmwiorvQbK0nHW/7ftV+uaJhEQKYizg38RmQT2gskCQTUi74xi:b6EsL2i8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f7824ed042e10cdc21aa4eec419fc98d_JaffaCakes118

Files

f7824ed042e10cdc21aa4eec419fc98d_JaffaCakes118
.exe windows:6 windows x64 arch:x64

e3ff3442218c4d590bc6cead27a5fd92

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\x\CVE-2020-0787-EXP-ALL-WINDOWS-VERSION-master\BitsArbitraryFileMove-master\x64\Debug\BitsArbitraryFileMoveExploit.pdb

Imports

advapi32

OpenProcessToken
DuplicateTokenEx
SetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
CreateProcessAsUserW

user32

UnregisterClassW

ole32

CoCreateGuid
StringFromCLSID
CoInitializeEx
CoInitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoTaskMemFree
StringFromIID
CLSIDFromString
CoCreateInstance
CoGetStdMarshalEx
CoMarshalInterface
CoUninitialize
CreateStreamOnHGlobal

oleaut32

SysStringLen
SysAllocString
SysAllocStringByteLen
LoadTypeLi
CreateTypeLib2
SysStringByteLen
SysFreeString
GetErrorInfo
CreateErrorInfo
SetErrorInfo
VariantChangeType
VariantInit
VariantClear

kernel32

ReadConsoleW
GetStringTypeW
SetStdHandle
HeapQueryInformation
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
FindClose
HeapReAlloc
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetConsoleCtrlHandler
GetCurrentThread
GetCommandLineW
GetCommandLineA
CreateFileW
DeleteFileW
FindFirstFileW
FindNextFileW
GetFileSize
QueryDosDeviceW
ReadFile
WriteFile
DecodePointer
CloseHandle
RaiseException
GetLastError
SetLastError
InitializeCriticalSectionEx
DeleteCriticalSection
SetEvent
CreateEventW
GetCurrentProcess
GetCurrentProcessId
ProcessIdToSessionId
GetWindowsDirectoryW
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
IsWow64Process
GetModuleFileNameW
LocalAlloc
LocalFree
FormatMessageW
CopyFileW
GetStdHandle
CreateDirectoryW
GetFileAttributesW
RemoveDirectoryW
GetTempPathW
Sleep
SetConsoleTextAttribute
GetFullPathNameW
GetModuleHandleW
GetProcAddress
GetFileInformationByHandle
DeviceIoControl
GetOverlappedResult
WaitForSingleObject
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
DuplicateHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
MultiByteToWideChar
WideCharToMultiByte
IsDebuggerPresent
OutputDebugStringW
GetSystemInfo
HeapValidate
HeapSize
WriteConsoleW
GetFileType
ExitProcess
GetModuleHandleExW
EncodePointer
LoadLibraryExW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetCurrentThreadId
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
FreeLibrary
RtlPcToFileHeader
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind

shell32

ShellExecuteW

shlwapi

PathFindFileNameW
PathIsDirectoryW
PathRemoveFileSpecW

urlmon

URLDownloadToFileW

Sections

.textbss
Size: - Virtual size: 485KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 293KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3ff3442218c4d590bc6cead27a5fd92

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

user32

ole32

oleaut32

kernel32

shell32

shlwapi

urlmon

Sections

.textbss Size: - Virtual size: 485KB

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 293KB - Virtual size: 293KB

.data Size: 5KB - Virtual size: 27KB

.pdata Size: 56KB - Virtual size: 55KB

.idata Size: 8KB - Virtual size: 7KB

.msvcjmc Size: 1024B - Virtual size: 760B

.00cfg Size: 512B - Virtual size: 283B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 8KB

.textbss
Size: - Virtual size: 485KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 293KB - Virtual size: 293KB

.data
Size: 5KB - Virtual size: 27KB

.pdata
Size: 56KB - Virtual size: 55KB

.idata
Size: 8KB - Virtual size: 7KB

.msvcjmc
Size: 1024B - Virtual size: 760B

.00cfg
Size: 512B - Virtual size: 283B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB