072315e989bd3bbf3f73120a2b03976f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

072315e989bd3bbf3f73120a2b03976f_JaffaCakes118
Size

440KB
MD5

072315e989bd3bbf3f73120a2b03976f
SHA1

97f99bef3506643ab6df98258694817496b7e7e7
SHA256

5ba2c4d85a7761b00eae99bae7d618e9d882b55bc94a48de57b01bdf3bda486a
SHA512

f94f089de94eeeaba3fbe86030e4ce92b8a13863fa89e07557e014c42963a2007081c615326b1dac0c22fbdfbc1b8840fb4089cc01f47916ba1da1d6af1b8e53
SSDEEP

12288:2SoGeUquwOZXmjUyL7x8zmwx1dLElT8Rg:2SkurNm4Ul8qWLK8R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
072315e989bd3bbf3f73120a2b03976f_JaffaCakes118

Files

072315e989bd3bbf3f73120a2b03976f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

733c0a6550ad1675b9f353aa5342c858

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtClearEvent
wcstombs
NtEnumerateValueKey
RtlSubAuthoritySid
RtlRandom
NtQueryVirtualMemory
RtlUnicodeToMultiByteSize
RtlAddAccessAllowedObjectAce
RtlDeleteSecurityObject
NtPrivilegeCheck
RtlCreateHeap
NtRestoreKey
NtFlushBuffersFile
NtImpersonateAnonymousToken
NtAccessCheckByTypeResultListAndAuditAlarm
NlsMbCodePageTag
_wcsicmp
RtlOpenCurrentUser
NtSaveKey
wcscmp
RtlConvertToAutoInheritSecurityObject
NtDeleteValueKey
RtlAddAccessAllowedAceEx
NtAccessCheckAndAuditAlarm
NtFilterToken
RtlNewSecurityObject
RtlInitializeCriticalSection
tolower
NtAdjustGroupsToken
RtlExpandEnvironmentStrings_U
RtlDuplicateUnicodeString
RtlMultiByteToUnicodeN
NtSetInformationObject
RtlEqualPrefixSid
NtReadFile
RtlAddAce
_snwprintf
NtSetInformationThread
RtlFreeAnsiString
NtTerminateProcess
RtlMakeSelfRelativeSD
RtlUnicodeStringToInteger
RtlSelfRelativeToAbsoluteSD2
RtlInitString
RtlSubAuthorityCountSid
NtQueryValueKey
RtlNewSecurityObjectEx
RtlDosPathNameToNtPathName_U
RtlSetSecurityObject
RtlGetGroupSecurityDescriptor
RtlQueryProcessDebugInformation
RtlDestroyHeap
RtlEnterCriticalSection
NtAccessCheckByTypeResultListAndAuditAlarmByHandle
RtlxUnicodeStringToAnsiSize
RtlDeleteCriticalSection
NtOpenProcessToken
swprintf
RtlNumberGenericTableElements
NtCreateFile
RtlInitUnicodeStringEx
NtQueryMultipleValueKey
RtlGetSecurityDescriptorRMControl
_ftol
NtDuplicateToken
NtOpenFile
RtlCreateAcl
RtlLookupElementGenericTable
RtlFreeHeap
sprintf
NtSetSecurityObject
_ultow
RtlSetInformationAcl
RtlSetOwnerSecurityDescriptor
RtlInitAnsiString
RtlQuerySecurityObject
_chkstk
RtlUnwind
RtlQueryRegistryValues
RtlSetControlSecurityDescriptor
NtOpenThreadToken
NtCreateKey
atol
NtPrivilegeObjectAuditAlarm
RtlCreateSecurityDescriptor
RtlSetSecurityObjectEx
NtPowerInformation
RtlGetSaclSecurityDescriptor
RtlGetOwnerSecurityDescriptor
NtQueryKey
wcstoul
RtlUpcaseUnicodeStringToOemString
RtlInitUnicodeString
RtlInitializeGenericTable
RtlDestroyQueryDebugBuffer
RtlNewSecurityObjectWithMultipleInheritance
wcsncpy
memmove
strstr
NtAccessCheckByTypeResultList
NtAccessCheck
RtlSetGroupSecurityDescriptor
NtQuerySystemInformation
RtlGetFullPathName_U
NtFreeVirtualMemory
RtlGUIDFromString
NtPrivilegedServiceAuditAlarm
RtlGetControlSecurityDescriptor
RtlAddAuditAccessObjectAce
RtlAllocateHeap
RtlValidSid
RtlDeleteAce
NtWaitForMultipleObjects
RtlAddAccessDeniedAceEx
RtlIdentifierAuthoritySid
RtlNtStatusToDosError
RtlDestroyHandleTable
NtFsControlFile
RtlAdjustPrivilege
NtNotifyChangeMultipleKeys
RtlSetSecurityDescriptorRMControl
NtQuerySecurityObject
RtlEqualSid
RtlFreeHandle
RtlInsertElementGenericTable
RtlGetDaclSecurityDescriptor
strchr
RtlValidRelativeSecurityDescriptor
wcsncmp
RtlAllocateHandle
NtWriteFile
RtlOemStringToUnicodeString
NtCloseObjectAuditAlarm
RtlGetAce
RtlTimeToSecondsSince1970
RtlIsGenericTableEmpty
RtlAppendUnicodeStringToString
NtFlushKey
RtlFreeUnicodeString
NtCreateSemaphore
NtSetValueKey
RtlInitializeSid
wcschr
RtlUnicodeToMultiByteN
RtlEnumerateGenericTableWithoutSplaying
_vsnwprintf
RtlStringFromGUID
NtSaveKeyEx
NtSetInformationFile
wcscat
RtlCopyUnicodeString
RtlGetNtProductType
NtQueryPerformanceCounter
RtlAllocateAndInitializeSid
NtQuerySystemTime
RtlSetDaclSecurityDescriptor
RtlDeleteElementGenericTable
NtAllocateLocallyUniqueId
RtlLengthRequiredSid
wcstol
_wcsnicmp
NtAccessCheckByType
RtlEqualUnicodeString
NtUnloadKey
NtOpenKey
_stricmp
NtAccessCheckByTypeAndAuditAlarm
RtlFreeSid
NtOpenObjectAuditAlarm
RtlAddAccessAllowedAce
NtDeleteKey
wcsrchr
RtlAddAccessDeniedAce
LdrLoadDll
NtAdjustPrivilegesToken
NtReleaseSemaphore
RtlUpcaseUnicodeChar
RtlSetSaclSecurityDescriptor
NtLoadKey
RtlAbsoluteToSelfRelativeSD
NtQueryInformationProcess
RtlInitializeHandleTable
RtlSelfRelativeToAbsoluteSD
NtAllocateVirtualMemory
RtlLengthSecurityDescriptor
_itow
_strnicmp
NtQueryVolumeInformationFile
RtlIntegerToUnicodeString
RtlGetVersion
NtQuerySymbolicLinkObject
wcslen
NtDuplicateObject
RtlValidAcl
RtlLeaveCriticalSection
NtQueryInformationThread
NtSaveMergedKeys
NtSetInformationToken
RtlAppendUnicodeToString
RtlCreateQueryDebugBuffer
RtlDetermineDosPathNameType_U
RtlIsValidIndexHandle
NtDeviceIoControlFile
NtWaitForSingleObject
RtlIsTextUnicode
RtlFlushSecureMemoryCache
iswctype
wcscpy
NtTraceEvent
RtlMapGenericMask
RtlxAnsiStringToUnicodeSize
NtClose
RtlConvertSidToUnicodeString
wcsstr
RtlQueryInformationAcl
RtlFormatCurrentUserKeyPath
RtlUnicodeStringToAnsiString
NtCompareTokens
RtlPrefixUnicodeString
RtlFirstFreeAce
RtlAddAccessDeniedObjectAce
mbstowcs
RtlImpersonateSelf
RtlAddAuditAccessAceEx
NtOpenSymbolicLinkObject
RtlCompareMemory
RtlAreAnyAccessesGranted
NtSetInformationProcess
NtReplaceKey
RtlImageNtHeader
strncpy
NtSetEvent
NtQueryInformationToken
_alloca_probe
_wcslwr
NtNotifyChangeKey
NtDeleteObjectAuditAlarm
RtlAddAuditAccessAce
RtlAnsiStringToUnicodeString
NtOpenProcess
NtQueryInformationFile
RtlCopyLuid
RtlCreateUnicodeString
RtlAreAllAccessesGranted
RtlCompareUnicodeString
DbgPrint
NtEnumerateKey
NtCreateEvent
RtlLengthSid
RtlCreateUnicodeStringFromAsciiz
RtlReAllocateHeap
RtlValidSecurityDescriptor
RtlCopySid

mpr

WNetOpenEnumW

kernel32

GetProfileIntA
GlobalMemoryStatus
GetTickCount
EnterCriticalSection
GetComputerNameExW
GetFullPathNameW
GetComputerNameW
FindClose
WaitNamedPipeW
GetPrivateProfileStringW
GetCommandLineW
GetOverlappedResult
SleepEx
GetLastError
CreateProcessInternalA
GetModuleHandleA
GetSystemTimeAsFileTime
CreateFileMappingW
HeapAlloc
SetUnhandledExceptionFilter
SetFilePointer
GetWindowsDirectoryW
VirtualAlloc
OpenMutexW
GetCurrentThreadId
EnumUILanguagesW
GetFullPathNameA
SizeofResource
ExpandEnvironmentStringsW
DeleteFileW
CreateEventA
SetErrorMode
GetFileAttributesW
GetCurrentThread
DuplicateHandle
HeapFree
SetThreadPriority
OutputDebugStringW
RaiseException
OpenEventW
GetVersionExA
WideCharToMultiByte
CompareFileTime
InterlockedExchangeAdd
lstrcpyW
GetProcAddress
ReadFile
GetPrivateProfileIntW
FindFirstFileExW
InitializeCriticalSection
GetCurrentProcessId
GetLogicalDriveStringsW
ReleaseMutex
ReadProcessMemory
LoadLibraryExW
lstrcatW
GetFileAttributesExW
FindFirstFileW
CloseHandle
ExpandEnvironmentStringsA
VirtualFree
GetLongPathNameW
GetDiskFreeSpaceW
WaitForMultipleObjectsEx
lstrlenW
MultiByteToWideChar
GetProcessHeap
LeaveCriticalSection
_lclose
LocalFree
GetSystemWindowsDirectoryW
DeviceIoControl
LocalAlloc
lstrcpynW
InterlockedCompareExchange
SetLastError
Sleep
GetProfileStringA
OpenProcess
GetModuleHandleW
CreateFileMappingA
ResetEvent
FindResourceA
ResumeThread
IsBadWritePtr
WriteFile
MapViewOfFile
CreateFileW
CreateEventW
GetVolumeInformationW
lstrlenA
UnhandledExceptionFilter
MoveFileW
AreFileApisANSI
CreateMutexW
FindResourceExW
DelayLoadFailureHook
OpenFile
GetFileSize
UnmapViewOfFile
TerminateProcess
GetLocalTime
FormatMessageW
GetDriveTypeW
GetFileTime
GetSystemInfo
DeleteCriticalSection
CancelIo
LoadLibraryW
InterlockedDecrement
GetSystemDirectoryW
lstrcmpiW
GetSystemTime
lstrcpyA
GetUserDefaultUILanguage
CreateProcessInternalW
GetFileSizeEx
ExitThread
CreateThread
CopyFileW
LoadLibraryA
InterlockedExchange
LocalReAlloc
WritePrivateProfileStringW
QueryPerformanceCounter
LoadResource
SearchPathW
GetPriorityClass
InterlockedIncrement
SetNamedPipeHandleState
GetComputerNameA
lstrcmpW
SetEvent
GetModuleFileNameW
CreateFileA
FreeLibrary
WaitForSingleObject
GetCurrentProcess
GetTimeZoneInformation
FindNextFileW
GetDiskFreeSpaceExW
GetModuleHandleExW

rpcrt4

NDRCContextBinding
UuidCreate
RpcBindingSetAuthInfoA
I_RpcExceptionFilter
RpcStringFreeW
RpcImpersonateClient
NdrClientCall2
UuidToStringW
RpcBindingSetAuthInfoExW
RpcSsDestroyClientContext
I_RpcBindingIsClientLocal
RpcRevertToSelf
RpcBindingSetAuthInfoExA
RpcStringBindingComposeW
RpcBindingSetAuthInfoW
RpcBindingToStringBindingW
RpcBindingFree
I_RpcMapWin32Status
RpcRaiseException
RpcStringBindingParseW
RpcBindingFromStringBindingW
UuidFromStringW
RpcEpResolveBinding

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 257KB - Virtual size: 904KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

733c0a6550ad1675b9f353aa5342c858

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

mpr

kernel32

rpcrt4

Sections

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 257KB - Virtual size: 904KB

.rsrc Size: 160KB - Virtual size: 160KB

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 257KB - Virtual size: 904KB

.rsrc
Size: 160KB - Virtual size: 160KB