0372471f7654a30adda1b2371372b5ae_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0372471f7654a30adda1b2371372b5ae_JaffaCakes118
Size

334KB
MD5

0372471f7654a30adda1b2371372b5ae
SHA1

570f5d30ea3b1081007666de815f141fb7c16705
SHA256

abd477d3054c33ee78fa54f27c4f6c29fb8815cdf8664068a2b3d281e1ea732a
SHA512

3d11f65bc3233a85bc56b6d83a9a924eb5c4f326859d3b8b1bb37cedb0f2d34f69d013ca5918aa72783aa8b6c264f517c9bf89fc4d14cd9607a8fc049906ad33
SSDEEP

6144:JKMmiDFwGuAET5Vcba+pM8qs55nlOnj7su07pqzoEmAiVt9LB:QRUpupT5Vv+a8qYJQc1kUHfL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0372471f7654a30adda1b2371372b5ae_JaffaCakes118

Files

0372471f7654a30adda1b2371372b5ae_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7d1f9ab8b36af1cd635283bced9cf330

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemTime
UnmapViewOfFile
GetProfileIntA
GetFileSizeEx
ReadFile
LeaveCriticalSection
SleepEx
WritePrivateProfileStringW
OpenProcess
SetEvent
EnterCriticalSection
lstrcmpW
GetTickCount
lstrcpyA
GetOverlappedResult
ReleaseMutex
LoadLibraryW
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetPrivateProfileIntW
FindNextFileW
CompareFileTime
InterlockedIncrement
GetCurrentProcessId
GetProfileStringA
FindClose
GetWindowsDirectoryW
InitializeCriticalSection
SearchPathW
Sleep
OpenEventW
CopyFileW
GetVersionExA
WaitForMultipleObjectsEx
GetFileTime
GetComputerNameA
QueryPerformanceCounter
FindFirstFileW
CreateMutexW
LocalReAlloc
HeapFree
GetFileSize
WriteFile
WaitForSingleObject
CreateFileMappingW
GetLogicalDriveStringsW
GetModuleHandleW
CreateEventA
DuplicateHandle
GetModuleFileNameW
HeapAlloc
GetModuleHandleExW
IsBadWritePtr
GetSystemWindowsDirectoryW
_lclose
RaiseException
GlobalMemoryStatus
DeleteCriticalSection
LocalAlloc
lstrcpynW
GetCurrentProcess
WideCharToMultiByte
GetPriorityClass
VirtualAlloc
GetSystemDirectoryW
AreFileApisANSI
lstrlenA
GetVolumeInformationW
UnhandledExceptionFilter
InterlockedDecrement
lstrlenW
ReadProcessMemory
lstrcmpiW
GetCurrentThread
lstrcatW
GetComputerNameExW
LoadResource
GetLocalTime
FreeLibrary
ResetEvent
GetUserDefaultUILanguage
MoveFileW
LoadLibraryExW
GetFileAttributesExW
SetThreadPriority
GetLongPathNameW
DeviceIoControl
GetDiskFreeSpaceW
GetDiskFreeSpaceExW
lstrcpyW
ExitThread
ExpandEnvironmentStringsA
CreateFileW
GetProcAddress
GetFileAttributesW
CancelIo
ResumeThread
MultiByteToWideChar
GetFullPathNameW
LocalFree
SizeofResource
GetLastError
DelayLoadFailureHook
CloseHandle
CreateFileA
CreateFileMappingA
GetModuleHandleA
GetProcessHeap
MapViewOfFile
SetErrorMode
InterlockedExchange
SetUnhandledExceptionFilter
WaitNamedPipeW
OpenFile
CreateProcessInternalW
OutputDebugStringW
GetSystemInfo
SetNamedPipeHandleState
GetPrivateProfileStringW
FormatMessageW
GetCurrentThreadId
FindFirstFileExW
GetFullPathNameA
CreateProcessInternalA
ExpandEnvironmentStringsW
GetComputerNameW
DeleteFileW
OpenMutexW
GetCommandLineW
SetLastError
TerminateProcess
VirtualFree
FindResourceExW
CreateEventW
InterlockedCompareExchange
EnumUILanguagesW
FindResourceA
GetDriveTypeW
LoadLibraryA
CreateThread
SetFilePointer
InterlockedExchangeAdd

ntdll

wcscat
RtlQueryRegistryValues
NtPrivilegeObjectAuditAlarm
RtlInitializeHandleTable
RtlValidSecurityDescriptor
NtPowerInformation
NtFilterToken
RtlSetOwnerSecurityDescriptor
NtSaveKeyEx
RtlDosPathNameToNtPathName_U
RtlInitUnicodeString
NtDeleteValueKey
RtlCopyLuid
RtlInitializeSid
RtlAreAllAccessesGranted
RtlOpenCurrentUser
_ftol
RtlCreateHeap
RtlSetSecurityObject
_chkstk
NtSetInformationFile
_ultow
NtQueryInformationProcess
RtlSetControlSecurityDescriptor
NtDeleteKey
NtAccessCheckByTypeResultListAndAuditAlarmByHandle
NtClearEvent
strchr
NtDuplicateObject
RtlCreateSecurityDescriptor
NtQueryVolumeInformationFile
sprintf
RtlDetermineDosPathNameType_U
NtFlushBuffersFile
RtlIsTextUnicode
wcslen
iswctype
RtlStringFromGUID
_itow
_wcslwr
NtSetEvent
NtQueryValueKey
RtlDeleteAce
RtlInitializeGenericTable
NtAccessCheckByTypeResultList
RtlSetGroupSecurityDescriptor
DbgPrint
NtOpenKey
RtlUpcaseUnicodeChar
RtlLengthRequiredSid
RtlInitUnicodeStringEx
RtlSetSecurityObjectEx
RtlMakeSelfRelativeSD
NtOpenObjectAuditAlarm
strncpy
RtlImpersonateSelf
NtUnloadKey
RtlValidRelativeSecurityDescriptor
RtlUnwind
NtCompareTokens
RtlNtStatusToDosError
NtQueryKey
NtWriteFile
RtlUnicodeStringToInteger
RtlFreeSid
NtOpenProcessToken
_stricmp
RtlUnicodeStringToAnsiString
RtlUpcaseUnicodeStringToOemString
RtlEnumerateGenericTableWithoutSplaying
atol
RtlLookupElementGenericTable
NtQuerySystemTime
RtlAddAuditAccessAceEx
wcsncpy
RtlTimeToSecondsSince1970
RtlEqualUnicodeString
NtAccessCheck
NtCloseObjectAuditAlarm
RtlFlushSecureMemoryCache
RtlFormatCurrentUserKeyPath
RtlEnterCriticalSection
wcscmp
RtlNewSecurityObjectWithMultipleInheritance
NtOpenThreadToken
RtlGetControlSecurityDescriptor
RtlEqualSid
NtSaveKey
RtlInitAnsiString
NtOpenSymbolicLinkObject
NtAccessCheckByTypeAndAuditAlarm
RtlDeleteCriticalSection
RtlAddAccessAllowedAce
RtlAppendUnicodeToString
memmove
RtlUnicodeToMultiByteN
RtlCreateQueryDebugBuffer
NtClose
swprintf
RtlxAnsiStringToUnicodeSize
RtlCompareUnicodeString
NtImpersonateAnonymousToken
RtlIsGenericTableEmpty
RtlSubAuthoritySid
NtCreateFile
NtQueryVirtualMemory
NtOpenProcess
RtlAdjustPrivilege
RtlCopyUnicodeString
NtFreeVirtualMemory
NtAccessCheckByType
RtlFreeHandle
RtlUnicodeToMultiByteSize
RtlFreeAnsiString
RtlAddAce
NtQuerySymbolicLinkObject
RtlInitString
RtlDestroyHeap
_snwprintf
RtlCreateUnicodeString
RtlLeaveCriticalSection
NtSetInformationToken
_strnicmp
RtlIntegerToUnicodeString
RtlAddAuditAccessObjectAce
NtRestoreKey
NtWaitForSingleObject
RtlRandom
NtSetValueKey
NtFlushKey
NtDeleteObjectAuditAlarm
RtlGUIDFromString
RtlNewSecurityObject
RtlAllocateAndInitializeSid
NtNotifyChangeMultipleKeys
RtlCopySid
NtTerminateProcess
RtlSubAuthorityCountSid
NtAllocateLocallyUniqueId
RtlAddAccessAllowedAceEx
RtlSetSaclSecurityDescriptor
RtlGetVersion
NtQueryPerformanceCounter
NtAccessCheckByTypeResultListAndAuditAlarm
NtAllocateVirtualMemory
RtlQuerySecurityObject
RtlOemStringToUnicodeString
RtlMapGenericMask
RtlInitializeCriticalSection
wcsrchr
RtlExpandEnvironmentStrings_U
RtlAnsiStringToUnicodeString
RtlInsertElementGenericTable
_vsnwprintf
RtlAreAnyAccessesGranted
NtTraceEvent
RtlGetAce
RtlSetSecurityDescriptorRMControl
NtWaitForMultipleObjects
NtQuerySystemInformation
RtlAddAccessDeniedObjectAce
strstr
tolower
NlsMbCodePageTag
NtDuplicateToken
NtFsControlFile
RtlGetFullPathName_U
wcschr
RtlDestroyHandleTable
wcsncmp
RtlConvertToAutoInheritSecurityObject
RtlImageNtHeader
RtlSelfRelativeToAbsoluteSD2
RtlAbsoluteToSelfRelativeSD
RtlNewSecurityObjectEx
RtlLengthSecurityDescriptor
RtlAppendUnicodeStringToString
RtlAddAccessDeniedAce
RtlAddAccessAllowedObjectAce
RtlValidSid
wcscpy
RtlGetSecurityDescriptorRMControl
RtlCreateUnicodeStringFromAsciiz
RtlPrefixUnicodeString
NtPrivilegeCheck
NtQueryInformationThread
NtQueryInformationFile
RtlGetDaclSecurityDescriptor
NtSetInformationThread
RtlSetInformationAcl
RtlAddAccessDeniedAceEx
RtlFirstFreeAce
NtEnumerateKey
RtlFreeHeap
NtAdjustGroupsToken
NtPrivilegedServiceAuditAlarm
RtlQueryProcessDebugInformation
_wcsnicmp
wcstombs
NtSaveMergedKeys
RtlConvertSidToUnicodeString
RtlxUnicodeStringToAnsiSize
RtlCreateAcl
RtlSelfRelativeToAbsoluteSD
RtlAllocateHeap
NtReplaceKey
_wcsicmp
RtlReAllocateHeap
RtlLengthSid
NtCreateEvent
RtlDuplicateUnicodeString
NtEnumerateValueKey
RtlSetDaclSecurityDescriptor
wcsstr
RtlNumberGenericTableElements
RtlDeleteElementGenericTable
RtlEqualPrefixSid
NtReleaseSemaphore
RtlDestroyQueryDebugBuffer
RtlMultiByteToUnicodeN
NtQueryMultipleValueKey
mbstowcs
NtAccessCheckAndAuditAlarm
NtDeviceIoControlFile
RtlCompareMemory
RtlGetNtProductType
RtlIdentifierAuthoritySid
_alloca_probe
wcstoul
RtlValidAcl
NtSetSecurityObject
NtAdjustPrivilegesToken
RtlAllocateHandle
NtQuerySecurityObject
wcstol
RtlDeleteSecurityObject
RtlAddAuditAccessAce
NtSetInformationProcess
NtNotifyChangeKey
NtOpenFile
RtlGetOwnerSecurityDescriptor
NtQueryInformationToken
RtlGetSaclSecurityDescriptor
RtlQueryInformationAcl
NtReadFile
NtCreateDirectoryObject
RtlIsValidIndexHandle
RtlFreeUnicodeString
NtSetInformationObject
NtLoadKey
RtlGetGroupSecurityDescriptor
NtCreateKey
NtCreateSemaphore

rpcrt4

RpcStringBindingComposeW
RpcBindingFree
RpcBindingToStringBindingW
NDRCContextBinding
RpcStringBindingParseW
RpcBindingSetAuthInfoExW
RpcSsDestroyClientContext
RpcEpResolveBinding
NdrClientCall2
RpcBindingSetAuthInfoExA
RpcStringFreeW
UuidCreate
I_RpcMapWin32Status
RpcBindingSetAuthInfoW
UuidFromStringW
RpcImpersonateClient
RpcBindingSetAuthInfoA
RpcRaiseException
RpcBindingFromStringBindingW
UuidToStringW
RpcRevertToSelf
I_RpcExceptionFilter
I_RpcBindingIsClientLocal

Sections

.text
Size: 261KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7d1f9ab8b36af1cd635283bced9cf330

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

rpcrt4

Sections

.text Size: 261KB - Virtual size: 261KB

.rsrc Size: 15KB - Virtual size: 14KB

.data Size: 3KB - Virtual size: 7.1MB

.rdata Size: 52KB - Virtual size: 52KB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 261KB - Virtual size: 261KB

.rsrc
Size: 15KB - Virtual size: 14KB

.data
Size: 3KB - Virtual size: 7.1MB

.rdata
Size: 52KB - Virtual size: 52KB

.tls
Size: 512B - Virtual size: 4KB