4543e23ff678ca9d2c943a45b5b82a17_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4543e23ff678ca9d2c943a45b5b82a17_JaffaCakes118
Size

308KB
MD5

4543e23ff678ca9d2c943a45b5b82a17
SHA1

b95c75a95a02c07c5b6e23f4519551bb87ff6035
SHA256

1025fef57e115a84217be0f0dafe0f2fa65f69f1c7ff0103fae82816696b419b
SHA512

82a40800fcfed8ad6a6d4561e9093399860044a64a8da31aa06559e3559f9a73680ba0812299ed3dbe821b7d990d457095b4706309e244c1c540f89cbfde4779
SSDEEP

6144:NCALRGRcQxeo/8SjKI0EcF3jU9azNsQFnx0gBp6D:fLE2qeo/8SjKPjUur5xBq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4543e23ff678ca9d2c943a45b5b82a17_JaffaCakes118

Files

4543e23ff678ca9d2c943a45b5b82a17_JaffaCakes118
.dll windows:6 windows x64 arch:x64

95a2326623ef848d659869d728c4de10

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

msv1_0.pdb

Imports

msvcrt

strcpy_s
sprintf_s
_vsnprintf_s
wcsncat_s
wcscat_s
wcsncmp
wcscpy_s
wcsncpy_s
memmove
wcsrchr
towupper
strncmp
wcschr
_snwprintf_s
swprintf_s
_XcptFilter
_amsg_exit
free
malloc
_initterm
__C_specific_handler
memset
memcpy
memcmp
_ultow
_wcsicmp

ntdll

RtlCreateServiceSid
RtlInitializeCriticalSection
RtlFreeOemString
WinSqmSetDWORD
NtQuerySystemInformation
NtOpenKey
EtwGetTraceLoggerHandle
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
RtlIntegerToChar
NtSetValueKey
NtQueryValueKey
RtlDeleteResource
NtCreateKey
NtDeleteValueKey
RtlIntegerToUnicodeString
RtlUpcaseUnicodeStringToOemString
RtlAvlRemoveNode
RtlAvlInsertNodeEx
RtlEqualSid
RtlGetNtProductType
NtAllocateLocallyUniqueId
RtlCopyUnicodeString
RtlCheckTokenMembershipEx
NtCreateEvent
RtlAppendUnicodeStringToString
NtOpenEvent
RtlPrefixUnicodeString
RtlConvertSharedToExclusive
NtWaitForSingleObject
RtlAcquireResourceExclusive
RtlAppendUnicodeToString
RtlCopySid
RtlOemStringToUnicodeString
RtlInitializeResource
RtlLengthSid
RtlSubAuthorityCountSid
RtlCompareMemory
RtlInitializeSid
RtlUpperChar
EtwLogTraceEvent
RtlDowncaseUnicodeString
NtQuerySystemTime
RtlIdentifierAuthoritySid
WinSqmIncrementDWORD
RtlLengthRequiredSid
RtlSubAuthoritySid
RtlAcquireResourceShared
NtFilterToken
RtlAllocateAndInitializeSid
RtlDuplicateUnicodeString
RtlReleaseResource
NtClose
RtlImpersonateSelf
NtSetInformationThread
RtlFreeUnicodeString
RtlEqualDomainName
RtlEqualUnicodeString
RtlNtStatusToDosError
RtlCreateAcl
RtlSetDaclSecurityDescriptor
RtlAddAccessAllowedAce
RtlFreeHeap
RtlAllocateHeap
RtlImageNtHeader
NtSetEvent
NtOpenThreadToken
RtlFreeSid
RtlRunDecodeUnicodeString
RtlEraseUnicodeString
EtwTraceMessage
RtlInitString
RtlInitUnicodeString
NtOpenProcessToken
NtQueryInformationToken
NtSetSecurityObject
NtDuplicateObject
RtlCreateSecurityDescriptor
RtlNumberGenericTableElements
RtlGetElementGenericTable
RtlEnterCriticalSection
RtlDeleteElementGenericTable
NtQueryInformationProcess
RtlLookupElementGenericTable
RtlIpv6StringToAddressExW
RtlLeaveCriticalSection
NtDuplicateToken
NtOpenProcess
RtlInitializeGenericTable
RtlInsertElementGenericTable
RtlSystemTimeToLocalTime
RtlEqualString
RtlTimeToTimeFields
EtwEventEnabled
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EtwEventWrite
EtwEventUnregister
RtlUpcaseUnicodeString
EtwEventRegister

api-ms-win-security-base-l1-2-0

ImpersonateAnonymousToken
RevertToSelf
AdjustTokenPrivileges
GetLengthSid
GetTokenInformation
EqualSid
CheckTokenMembership

api-ms-win-core-file-l1-2-0

FlushFileBuffers
CompareFileTime
CreateFileW
WriteFile
SetFilePointer
CreateDirectoryW

api-ms-win-core-libraryloader-l1-1-1

GetProcAddress
LoadLibraryExW
LoadLibraryExA
GetModuleHandleW
GetModuleFileNameW
DisableThreadLibraryCalls
FreeLibrary

api-ms-win-core-processthreads-l1-1-1

OpenProcess
SetThreadToken
TerminateProcess
GetCurrentThreadId
SetThreadStackGuarantee
GetCurrentProcessId
GetCurrentThread
GetCurrentProcess

api-ms-win-core-errorhandling-l1-1-1

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-sysinfo-l1-2-0

GetSystemInfo
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetComputerNameExW
GetWindowsDirectoryW
GetLocalTime
GetVersionExW
GetTickCount

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegDeleteValueW
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegNotifyChangeKeyValue

api-ms-win-core-debug-l1-1-1

DebugBreak
IsDebuggerPresent

api-ms-win-core-synch-l1-2-0

Sleep
DeleteCriticalSection
LeaveCriticalSection
CreateEventW
EnterCriticalSection
InitializeCriticalSection

api-ms-win-core-processenvironment-l1-2-0

SetCurrentDirectoryW
ExpandEnvironmentStringsW
GetCurrentDirectoryW

api-ms-win-core-localization-l1-2-0

FormatMessageW
FormatMessageA

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-threadpool-legacy-l1-1-0

ChangeTimerQueueTimer
UnregisterWaitEx
DeleteTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-core-privateprofile-l1-1-0

GetProfileIntW

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree

api-ms-win-security-activedirectoryclient-l1-1-0

DsCrackNamesW
DsFreeNameResultW
DsUnBindW
DsBindWithSpnExW

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

cryptdll

aesCTSEncryptMsg
HMACwithSHA
aesCTSDecryptMsg
PBKDF2
CDLocateCheckSum

api-ms-win-core-memory-l1-1-1

MapViewOfFileEx
OpenFileMappingW
UnmapViewOfFile
VirtualQuery
CreateFileMappingW
VirtualAlloc
VirtualProtect

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
EnableTraceEx2
StartTraceW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

Exports

Exports

DllMain
LsaApCallPackage
LsaApCallPackagePassthrough
LsaApCallPackageUntrusted
LsaApInitializePackage
LsaApLogonTerminated
LsaApLogonUserEx2
Msv1_0ExportSubAuthenticationRoutine
Msv1_0SubAuthenticationPresent
MsvGetLogonAttemptCount
MsvIsLocalhostAliases
MsvSamLogoff
MsvSamValidate
MsvValidateTarget
SpInitialize
SpInstanceInit
SpLsaModeInitialize
SpUserModeInitialize

Sections

.text
Size: 267KB - Virtual size: 266KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

95a2326623ef848d659869d728c4de10

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-security-base-l1-2-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-libraryloader-l1-1-1

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-debug-l1-1-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-privateprofile-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-security-activedirectoryclient-l1-1-0

api-ms-win-core-threadpool-private-l1-1-0

cryptdll

api-ms-win-core-memory-l1-1-1

api-ms-win-eventing-controller-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 267KB - Virtual size: 266KB

.data Size: 16KB - Virtual size: 17KB

.pdata Size: 8KB - Virtual size: 7KB

.idata Size: 10KB - Virtual size: 9KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 512B - Virtual size: 352B

.text
Size: 267KB - Virtual size: 266KB

.data
Size: 16KB - Virtual size: 17KB

.pdata
Size: 8KB - Virtual size: 7KB

.idata
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 512B - Virtual size: 352B