fbbb5e4cbb8f7cc1059ad52fdf925ce9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fbbb5e4cbb8f7cc1059ad52fdf925ce9_JaffaCakes118
Size

92KB
MD5

fbbb5e4cbb8f7cc1059ad52fdf925ce9
SHA1

e9c63463284b888dfff2e3df49f0dd3460aa6e15
SHA256

ad5ccb4b9377392bd5502a4d2f172d69cf4a447d07eea9da2738a9a6c6ff10b7
SHA512

acdf4ef22a86b01aa69d8b20ee58676602d2ee8e42eadf6e57dbf50e7dafcfd93960b0053e43f0548514d1d42e7d22270056fc5834ba2cd736aec24e134f97ba
SSDEEP

1536:1bsmnMIpgHZOPmuewdopSbmoJh8iVVCwwwc6UCTp9ydpLiuThfu3:1M2g5emu7jFJLDC14ydpLicE3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fbbb5e4cbb8f7cc1059ad52fdf925ce9_JaffaCakes118

Files

fbbb5e4cbb8f7cc1059ad52fdf925ce9_JaffaCakes118
.dll windows:6 windows x86 arch:x86

7816582c931678b97982a607a11719b9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

rasauto.pdb

Imports

msvcrt

free
malloc
_XcptFilter
_initterm
_amsg_exit
_except_handler4_common
tolower
_stricmp
wcsrchr
_vsnwprintf
wcschr
memset
_wcsnicmp
_strlwr
_wcslwr
wcsstr
_wcsicmp
time
memcpy
_strupr
_vsnprintf
atol

ntdll

WinSqmSetDWORD
NtClose
NtWaitForSingleObject
NtDeviceIoControlFile
NtCreateFile
RtlInitUnicodeString
NtCancelIoFile
RtlOpenCurrentUser
NtQuerySystemInformation
NtOpenFile
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlUnicodeStringToAnsiString
NtSetInformationThread

kernel32

LocalFree
LocalAlloc
CloseHandle
GetLastError
WaitForMultipleObjects
CreateEventW
WaitForSingleObject
FreeLibrary
GetProcAddress
LoadLibraryW
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrcmpiW
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GetTickCount
SetEvent
GetComputerNameW
CreateThread
QueueUserWorkItem
GetCurrentThread
WTSGetActiveConsoleSessionId
DisableThreadLibraryCalls
CreateEventA
lstrlenW
Sleep
VirtualFree
VirtualAlloc
ResetEvent
GetExitCodeProcess
InterlockedExchange
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
K32GetModuleBaseNameA
GlobalFree
GlobalAlloc
InterlockedCompareExchange

advapi32

SetSecurityDescriptorOwner
RegDeleteValueW
RegDeleteKeyExW
RegEnumKeyExW
WmiNotificationRegistrationW
RegisterServiceCtrlHandlerExW
SetServiceStatus
RegQueryValueExW
CreateProcessAsUserW
RegNotifyChangeKeyValue
RegOpenKeyExW
DuplicateToken
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
OpenThreadToken
DuplicateTokenEx
SetThreadToken
RegCreateKeyExW
RegSetValueExW
RegCloseKey

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

rasman

RasGetInfo

tapi32

lineGetMessage
lineInitializeExW
lineGetTranslateCapsW
lineShutdown

ws2_32

WSAStartup
inet_ntoa
ntohl
gethostbyname
inet_addr

rtutils

TracePrintfExA
RouterLogEventW
RouterLogDeregisterW
RouterLogRegisterW
TraceDeregisterExA
TraceRegisterExA

wtsapi32

WTSFreeMemory
WTSQueryUserToken
WTSQuerySessionInformationW

rpcrt4

I_RpcExceptionFilter

user32

CharNextW
CharPrevW

Exports

Exports

ServiceMain
SetAddressDisabledEx

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7816582c931678b97982a607a11719b9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

advapi32

userenv

rasman

tapi32

ws2_32

rtutils

wtsapi32

rpcrt4

user32

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 79KB

.data Size: 1024B - Virtual size: 11KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 12KB

.text
Size: 80KB - Virtual size: 79KB

.data
Size: 1024B - Virtual size: 11KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 12KB