b70625d1badca4756475c8bb1bd492ac_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b70625d1badca4756475c8bb1bd492ac_JaffaCakes118
Size

944KB
MD5

b70625d1badca4756475c8bb1bd492ac
SHA1

f183c9b0ec6a02ea482dd183ef1087e00751a109
SHA256

c747718c35ebf7d6dba5439b216ab8d5fb82af31a537d09da6e97887e06d69b5
SHA512

31d88a89d97a916ae962a07c37d2cf9d5efa6459ded6a06c709a57b130a8f9896657cbd98976df8d672cbdab08e4c368ef9946ecd951da03b7eb406022620bb8
SSDEEP

24576:7tDAOTsRqOH1OzxwUuu6GkPOjWF3mQprh:5rTsRZ1lQkWe3BV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b70625d1badca4756475c8bb1bd492ac_JaffaCakes118

Files

b70625d1badca4756475c8bb1bd492ac_JaffaCakes118
.exe windows:6 windows x64 arch:x64

bace865127db5af8054aeb672f05b8b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\project\src\EmSolution\03.Autoever\AxonService\out\bin\x64-Release\AutowayMplusService.pdb

Imports

kernel32

DeviceIoControl
SetThreadContext
VirtualFreeEx
CreateRemoteThread
ReadProcessMemory
VirtualAllocEx
GetThreadContext
VirtualProtectEx
WriteProcessMemory
IsWow64Process
OpenThread
GetExitCodeThread
SuspendThread
TerminateThread
Thread32First
Thread32Next
ReleaseActCtx
CreateActCtxW
LocalAlloc
FindNextFileW
MoveFileW
CopyFileW
FindClose
FindFirstFileW
QueueUserWorkItem
GetPrivateProfileIntW
GetPrivateProfileStringW
GetCurrentProcessId
GetTickCount
DeleteFileW
CreateFileW
GetCurrentDirectoryW
SetLastError
OutputDebugStringA
WriteFile
FormatMessageA
RaiseException
DuplicateHandle
GetCurrentThread
CreateThread
GetCurrentThreadId
IsDebuggerPresent
SetThreadPriority
GetThreadPriority
CreateEventW
ExpandEnvironmentStringsW
GetProcAddress
GetCommandLineW
GetModuleHandleW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
TerminateProcess
GetExitCodeProcess
ResetEvent
SetEvent
WaitForMultipleObjects
GetFileAttributesW
GetTempPathW
GetTempFileNameW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
ReadFile
SetUnhandledExceptionFilter
RtlCaptureStackBackTrace
GetSystemTimeAsFileTime
QueryPerformanceCounter
CreateDirectoryW
QueryPerformanceFrequency
QueryThreadCycleTime
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
GetModuleHandleExW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
UnregisterWaitEx
RegisterWaitForSingleObject
GetWindowsDirectoryW
GetSystemDirectoryW
GetVersionExW
GetNativeSystemInfo
FindFirstFileExW
SetFilePointerEx
FlushFileBuffers
LoadLibraryW
AcquireSRWLockShared
ReleaseSRWLockShared
VirtualQueryEx
GetSystemInfo
DeleteCriticalSection
InitializeCriticalSectionEx
DecodePointer
FormatMessageW
K32EnumProcessModulesEx
K32GetModuleBaseNameW
TryEnterCriticalSection
EnterCriticalSection
CreateNamedPipeW
LeaveCriticalSection
InitializeCriticalSection
DisconnectNamedPipe
ConnectNamedPipe
WideCharToMultiByte
EncodePointer
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
WaitForSingleObjectEx
InitializeSListHead
GetStartupInfoW
OutputDebugStringW
RtlUnwindEx
RtlPcToFileHeader
FreeLibrary
LoadLibraryExW
GetConsoleCP
GetFullPathNameW
SetStdHandle
ExitProcess
ExitThread
ResumeThread
FreeLibraryAndExitThread
HeapReAlloc
GetACP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadConsoleW
GetTimeZoneInformation
GetDriveTypeW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
HeapSize
WriteConsoleW
GetModuleFileNameW
Sleep
GetConsoleMode
GetFileType
GetStdHandle
OpenProcess
ProcessIdToSessionId
GetCurrentProcess
WaitForSingleObject
CreateProcessW
HeapFree
LocalFree
GetProcessHeap
HeapAlloc
GetLastError
CloseHandle

user32

wsprintfW

advapi32

OpenServiceW
CloseServiceHandle
RegSetValueExW
RegNotifyChangeKeyValue
ControlService
RegisterServiceCtrlHandlerExW
OpenSCManagerW
StartServiceCtrlDispatcherW
CreateServiceW
ChangeServiceConfig2W
DeleteService
StartServiceW
SetServiceStatus
AllocateAndInitializeSid
EqualSid
FreeSid
RegCreateKeyW
RegOpenKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
GetTokenInformation
LookupAccountSidW
ConvertSidToStringSidW
ImpersonateLoggedOnUser
CreateProcessAsUserW
RevertToSelf
DuplicateTokenEx
OpenProcessToken
SetTokenInformation
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenThreadToken

shell32

SHGetKnownFolderPath
SHFileOperationW
CommandLineToArgvW
SHGetFolderPathW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

shlwapi

PathFindExtensionW
SHSetValueW
SHDeleteKeyW
SHGetValueW
PathRemoveFileSpecW
PathFindFileNameW
SHDeleteValueW

dbghelp

SymInitialize
SymSetOptions
SymGetLineFromAddr64
SymFromAddr
SymGetSearchPathW
SymSetSearchPathW

winmm

timeEndPeriod
timeBeginPeriod
timeGetTime

ole32

CoInitializeEx
CoTaskMemFree
CoInitializeSecurity
CoUninitialize
CoInitialize
CoCreateInstance
CoSetProxyBlanket

oleaut32

SysAllocString
SysFreeString
VariantChangeType
VariantClear
VariantInit

Exports

Exports

GetHandleVerifier

Sections

.text
Size: 627KB - Virtual size: 627KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 263KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bace865127db5af8054aeb672f05b8b0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

userenv

shlwapi

dbghelp

winmm

ole32

oleaut32

Exports

Exports

Sections

.text Size: 627KB - Virtual size: 627KB

.rdata Size: 263KB - Virtual size: 262KB

.data Size: 12KB - Virtual size: 26KB

.pdata Size: 33KB - Virtual size: 33KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 627KB - Virtual size: 627KB

.rdata
Size: 263KB - Virtual size: 262KB

.data
Size: 12KB - Virtual size: 26KB

.pdata
Size: 33KB - Virtual size: 33KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB