25d77855ff16e9be2f3d6faaa5bf2870_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

25d77855ff16e9be2f3d6faaa5bf2870_JaffaCakes118
Size

4.2MB
MD5

25d77855ff16e9be2f3d6faaa5bf2870
SHA1

2790e67682298a55be9ad6858b6413b0d3105344
SHA256

68a51ac1d4c550a90cfa34b8c2f3aa8a4f5542b8710b1be3cbe016a03546c286
SHA512

0b2ada9a6a6b9387a987eba12c615447a04ef38046ebc24e51d176ed8d58410f3a0efe5cf903058e8869e3efb46386e29cadb1a7c5be23e5934cbee377d7311d
SSDEEP

49152:oKeIZFjZKXQPRFPmtuNvYJ9LRXH5SGBLioVTFPSHGQhdPJM7GqVwXcIY1I6VWXdv:OIZFNKAOBJ9LRXH5VxRkesR6Kc6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25d77855ff16e9be2f3d6faaa5bf2870_JaffaCakes118

Files

25d77855ff16e9be2f3d6faaa5bf2870_JaffaCakes118
.exe windows:5 windows x86 arch:x86

57ae3f0b37ec4116ff8552f850bdedf6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\build\user\215212_TUNEUP-COM0-42\source\build\tuneup\RU_MT_SLL!Win32_vs140\bin\Release_Unicode_MT_SLL_vs140\Win32\TuneUpUtilitiesService32.pdb

Imports

kernel32

LocalFree
CreateDirectoryW
CopyFileW
WideCharToMultiByte
MoveFileW
MoveFileExW
MultiByteToWideChar
CreateFileW
InterlockedIncrement
GetModuleHandleW
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetSystemPowerStatus
SetConsoleCtrlHandler
LocalAlloc
CreateMutexW
OpenEventW
GetNativeSystemInfo
GetCommandLineW
lstrcmpW
SetThreadPriority
GetCurrentThread
OpenProcess
CompareFileTime
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OutputDebugStringA
lstrcmpA
GetSystemDirectoryW
GetCurrentProcess
Module32FirstW
GetProcessTimes
ReadProcessMemory
GetThreadLocale
GetTimeFormatW
GetDateFormatW
FindCloseChangeNotification
FindNextChangeNotification
GetFileSize
ReadFile
GetComputerNameW
GetLongPathNameW
OpenThread
SetLastError
CreateSemaphoreW
ReleaseSemaphore
MulDiv
GetPriorityClass
SetPriorityClass
SetDllDirectoryW
LockResource
FindResourceExW
GetSystemTime
GetStdHandle
GetCurrentThreadId
OutputDebugStringW
GetProcessHeap
HeapDestroy
HeapAlloc
HeapReAlloc
WriteConsoleW
HeapSize
HeapFree
FindClose
FindNextFileW
GetFileAttributesW
FindFirstFileW
CreateProcessW
GetCurrentProcessId
DecodePointer
RaiseException
QueueUserWorkItem
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
GetVersionExW
ReleaseMutex
WaitForMultipleObjects
OpenMutexW
ResumeThread
ProcessIdToSessionId
lstrlenW
ExpandEnvironmentStringsW
GetWindowsDirectoryW
lstrcmpiW
QueryDosDeviceW
GetProcAddress
lstrcpynW
FormatMessageW
WTSGetActiveConsoleSessionId
GetModuleFileNameW
GetTickCount
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
DeleteCriticalSection
GetLastError
ResetEvent
CreateThread
CloseHandle
TerminateThread
SetEvent
Sleep
GetExitCodeThread
CreateEventW
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
LoadLibraryW
GlobalMemoryStatusEx
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
IsWow64Process
LoadLibraryExA
SetStdHandle
ReadConsoleW
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileType
GetConsoleCP
GetACP
ExitProcess
SetFilePointerEx
GetModuleHandleExW
ExitThread
TryEnterCriticalSection
SetCriticalSectionSpinCount
GetThreadPriority
SetUnhandledExceptionFilter
GetFileAttributesExW
SetFileAttributesW
GetVersion
GetFileTime
AreFileApisANSI
HeapCreate
GetFullPathNameW
WriteFile
InterlockedCompareExchange
GetDiskFreeSpaceW
LockFile
GetConsoleMode
VirtualQuery
TerminateProcess
RtlUnwind
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
VirtualProtect
VirtualFree
VirtualAlloc
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
GetStartupInfoW
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
InitializeSListHead
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
QueryPerformanceFrequency
DuplicateHandle
GetStringTypeW
FlushFileBuffers
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTimeAsFileTime
SetFilePointer
LockFileEx
CreateFileMappingA
UnlockFile
HeapCompact
GetSystemInfo
DeleteFileW
DeleteFileA
GetVersionExA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapValidate
UnmapViewOfFile
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA

user32

PeekMessageA
MsgWaitForMultipleObjectsEx
IsWindowUnicode
PeekMessageW
DispatchMessageA
TranslateMessage
GetMessageW
CharUpperW
DispatchMessageW
LoadStringW
PostThreadMessageW
CharNextW
GetDesktopWindow
wsprintfW

advapi32

StartServiceCtrlDispatcherW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumKeyW
OpenThreadToken
QueryServiceConfigW
RegNotifyChangeKeyValue
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegisterServiceCtrlHandlerExW
ChangeServiceConfig2W
ChangeServiceConfigW
SetServiceStatus
QueryServiceStatusEx
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
OpenSCManagerW
DeleteService
ControlService
StartServiceW
OpenServiceW
CloseServiceHandle
CreateServiceW
RegCreateKeyExW
ConvertStringSidToSidW
RegSetValueExW
LogonUserW
RegDeleteValueW
LookupAccountSidW
ConvertSidToStringSidW
LookupAccountNameW
RegEnumValueW
EqualSid
AllocateAndInitializeSid
IsValidSid
FreeSid
CreateProcessAsUserW
DuplicateTokenEx
GetTokenInformation
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
ImpersonateLoggedOnUser
RegOpenCurrentUser
RevertToSelf
EnumServicesStatusExW
RegOpenKeyW
EnumDependentServicesW

shell32

SHGetSpecialFolderLocation
SHGetMalloc
SHGetFolderPathW
SHGetPathFromIDListW
SHGetSpecialFolderPathW

ole32

CoInitialize
CoImpersonateClient
CoRevertToSelf
StringFromCLSID
CoRegisterClassObject
CoResumeClassObjects
CoRevokeClassObject
CoAddRefServerProcess
CoReleaseServerProcess
CoDisconnectObject
CLSIDFromString
CoInitializeSecurity
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateFreeThreadedMarshaler
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoCreateInstance
StringFromGUID2

oleaut32

SysStringLen
RegisterTypeLi
VarUI4FromStr
VariantInit
SysStringByteLen
LoadTypeLi
VariantClear
SysFreeString
SysAllocString
VariantChangeType
UnRegisterTypeLi
VariantTimeToSystemTime
SystemTimeToVariantTime
LoadRegTypeLi
SysAllocStringByteLen

ntdll

ZwOpenThreadToken
RtlGetOwnerSecurityDescriptor
RtlAddAccessAllowedAceEx
RtlGetAce
RtlGetSaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlSetSaclSecurityDescriptor
RtlExpandEnvironmentStrings_U
RtlCreateUnicodeString
LdrLoadDll
RtlDosPathNameToNtPathName_U
LdrUnloadDll
LdrGetProcedureAddress
RtlIsDosDeviceName_U
RtlLengthSid
ZwResetEvent
ZwSetEvent
ZwCreateEvent
ZwCreateFile
RtlGetCurrentDirectory_U
ZwReleaseMutant
RtlLocalTimeToSystemTime
RtlSystemTimeToLocalTime
RtlQueryEnvironmentVariable_U
RtlInitializeCriticalSection
RtlDeleteCriticalSection
ZwResumeThread
ZwDelayExecution
LdrShutdownThread
RtlCreateUserThread
ZwQueryInformationThread
CsrClientCallServer
RtlGetGroupSecurityDescriptor
ZwTerminateThread
ZwWaitForSingleObject
ZwTerminateProcess
ZwQuerySystemInformation
ZwDeviceIoControlFile
ZwQueryInformationToken
RtlLeaveCriticalSection
RtlEnterCriticalSection
ZwQueryInformationFile
ZwOpenFile
RtlFreeUnicodeString
ZwFsControlFile
RtlTimeToTimeFields
ZwQueryVirtualMemory
ZwReadVirtualMemory
ZwOpenProcess
ZwOpenMutant
RtlInitUnicodeString
RtlFreeHeap
RtlReAllocateHeap
RtlAllocateHeap
ZwQueryValueKey
ZwOpenKey
ZwQueryInformationProcess
NtClose
RtlOpenCurrentUser
ZwClose
ZwAdjustPrivilegesToken
RtlNtStatusToDosError
ZwQueryAttributesFile
ZwQueryDirectoryFile
NlsMbOemCodePageTag
RtlxOemStringToUnicodeSize
RtlxAnsiStringToUnicodeSize
RtlOemStringToUnicodeString
RtlAnsiStringToUnicodeString
RtlxUnicodeStringToOemSize
RtlxUnicodeStringToAnsiSize
RtlUnicodeStringToOemString
RtlUnicodeStringToAnsiString
ZwWaitForMultipleObjects
ZwCancelIoFile
ZwNotifyChangeDirectoryFile
NtLockFile
RtlValidSecurityDescriptor
RtlCopySid
RtlAddAccessDeniedAceEx
ZwOpenSymbolicLinkObject
RtlInitAnsiString
ZwUnmapViewOfSection
ZwReadFile
ZwCreateSection
RtlCreateAcl
ZwQuerySecurityObject
RtlEqualSid
ZwSetSecurityObject
RtlSetGroupSecurityDescriptor
RtlCreateSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlUpcaseUnicodeChar
ZwQuerySymbolicLinkObject
ZwCreateSemaphore
ZwReleaseSemaphore
LdrGetDllHandle
ZwSetInformationFile
ZwFlushVirtualMemory
ZwFlushBuffersFile
ZwMapViewOfSection
RtlGetFullPathName_U
ZwWriteFile
ZwCreateKey
ZwLoadKey
ZwUnloadKey
ZwDeleteValueKey
ZwDeleteKey
ZwSetValueKey
ZwEnumerateKey
ZwEnumerateValueKey
ZwQueryKey
NtUnlockFile

shlwapi

PathFindOnPathW
PathSearchAndQualifyW
PathFileExistsW
PathRemoveBlanksW
PathFindFileNameW
PathParseIconLocationW
PathIsDirectoryW
StrCmpNIW
PathRemoveFileSpecW
PathAddBackslashW
PathAppendW
PathIsRelativeW
StrStrIW
PathIsRootW
PathStripPathW
PathFindExtensionW
PathCanonicalizeW

wtsapi32

WTSCloseServer
WTSEnumerateSessionsW
WTSOpenServerW
WTSFreeMemory
WTSQueryUserToken
WTSQuerySessionInformationW

setupapi

SetupDiSetClassInstallParamsW
SetupDiChangeState
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetClassDescriptionW
SetupDiDestroyDriverInfoList
SetupDiGetClassDevsW

psapi

EnumProcesses
GetModuleFileNameExW
GetProcessImageFileNameW
GetModuleBaseNameW

userenv

CreateEnvironmentBlock
UnloadUserProfile
DestroyEnvironmentBlock

netapi32

NetLocalGroupAddMembers
NetUserDel
NetLocalGroupDelMembers
NetApiBufferFree
NetUserGetInfo
NetUserAdd

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

msi

ord116
ord92
ord8
ord118
ord160
ord159
ord32
ord70
ord217
ord173
ord141

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 703KB - Virtual size: 702KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

57ae3f0b37ec4116ff8552f850bdedf6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

ntdll

shlwapi

wtsapi32

setupapi

psapi

userenv

netapi32

version

msi

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rdata Size: 703KB - Virtual size: 702KB

.data Size: 22KB - Virtual size: 78KB

.gfids Size: 5KB - Virtual size: 4KB

.rsrc Size: 55KB - Virtual size: 54KB

.reloc Size: 165KB - Virtual size: 164KB

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 703KB - Virtual size: 702KB

.data
Size: 22KB - Virtual size: 78KB

.gfids
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 55KB - Virtual size: 54KB

.reloc
Size: 165KB - Virtual size: 164KB