09cfbf1dcf43e454a0318485ab85d9fe_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

09cfbf1dcf43e454a0318485ab85d9fe_JaffaCakes118
Size

334KB
MD5

09cfbf1dcf43e454a0318485ab85d9fe
SHA1

913e7cc64b7746f55c2dec4b4233fe4b65d27861
SHA256

40f0c00046717da63f6beb66475164d3d1bf6970d7184dc50a6bb7c59664292a
SHA512

bc16863568638b399e40f688649ab358714ccb664580aa48d84b283b4dbd623f49bd97871a000a5e1d32dd9bb2a2e2c7cdb24d59c8619ff1f8c50c61e1d30b20
SSDEEP

6144:cJxPc3/q1w03UJAJR8ppZizMAGFHBuddjMaWeyzVjeuleFop3IB9Z:qPc3/x0kGJREprodwEme65YX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09cfbf1dcf43e454a0318485ab85d9fe_JaffaCakes118

Files

09cfbf1dcf43e454a0318485ab85d9fe_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e3b6e2b62503cf7bd5dd0436c96b1243

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlxUnicodeStringToAnsiSize
memmove
NtOpenThreadToken
RtlDestroyHeap
RtlInitUnicodeString
NtRestoreKey
RtlIdentifierAuthoritySid
RtlDestroyQueryDebugBuffer
NtSetInformationThread
swprintf
RtlInitString
RtlFreeHeap
RtlAllocateHeap
RtlDeleteCriticalSection
RtlGetSaclSecurityDescriptor
NtOpenFile
RtlGetAce
NtSetSecurityObject
RtlFreeHandle
NtCreateSemaphore
NtCreateEvent
NtWriteFile
RtlCreateQueryDebugBuffer
RtlSelfRelativeToAbsoluteSD
RtlSetSecurityObject
NtQueryVolumeInformationFile
NtWaitForMultipleObjects
NtImpersonateAnonymousToken
RtlGetOwnerSecurityDescriptor
NtUnloadKey
NtDuplicateObject
atol
NtFilterToken
NtAccessCheckByTypeAndAuditAlarm
RtlCopySid
wcscpy
NtLoadKey
RtlNumberGenericTableElements
NtOpenProcess
NtAccessCheckByTypeResultListAndAuditAlarmByHandle
RtlAreAnyAccessesGranted
NtCreateDirectoryObject
NtSaveKeyEx
RtlQueryRegistryValues
_chkstk
NtAllocateVirtualMemory
NtQueryValueKey
wcslen
RtlAbsoluteToSelfRelativeSD
NtQuerySecurityObject
RtlUnwind
_vsnwprintf
RtlDetermineDosPathNameType_U
NtQuerySystemTime
NtAccessCheckAndAuditAlarm
NtClose
NtDeviceIoControlFile
wcscat
_wcsnicmp
RtlLengthSecurityDescriptor
_stricmp
NtQueryPerformanceCounter
RtlAddAuditAccessObjectAce
NtWaitForSingleObject
NtAccessCheckByTypeResultList
RtlExpandEnvironmentStrings_U
strncpy
NtPowerInformation
RtlGetFullPathName_U
NtAllocateLocallyUniqueId
iswctype
RtlSubAuthorityCountSid
RtlLengthSid
RtlIsTextUnicode
RtlSetOwnerSecurityDescriptor
NtAdjustGroupsToken
RtlGetControlSecurityDescriptor
NtAccessCheck
RtlEnumerateGenericTableWithoutSplaying
RtlConvertToAutoInheritSecurityObject
_ftol
RtlOpenCurrentUser
NtFreeVirtualMemory
RtlFirstFreeAce
RtlAllocateAndInitializeSid
wcstol
RtlSelfRelativeToAbsoluteSD2
NtCompareTokens
RtlEnterCriticalSection
RtlDestroyHandleTable
NtFlushBuffersFile
NtSetValueKey
NtQuerySymbolicLinkObject
RtlAddAccessDeniedAceEx
_alloca_probe
RtlAddAce
_wcslwr
RtlConvertSidToUnicodeString
wcsncpy
NtPrivilegedServiceAuditAlarm
RtlUnicodeStringToInteger
RtlInsertElementGenericTable
RtlCreateHeap
wcsstr
RtlCreateAcl
DbgPrint
NtClearEvent
RtlSetDaclSecurityDescriptor
RtlSetGroupSecurityDescriptor
NtTraceEvent
RtlGUIDFromString
wcstoul
NtOpenSymbolicLinkObject
RtlMakeSelfRelativeSD
NtSetEvent
RtlAddAccessDeniedAce
RtlGetGroupSecurityDescriptor
RtlAreAllAccessesGranted
NtQueryMultipleValueKey
RtlIsGenericTableEmpty
RtlMultiByteToUnicodeN
RtlDosPathNameToNtPathName_U
RtlDeleteElementGenericTable
RtlLeaveCriticalSection
RtlPrefixUnicodeString
RtlUpcaseUnicodeStringToOemString
NtSetInformationObject
RtlAddAccessDeniedObjectAce
RtlCompareUnicodeString
RtlUpcaseUnicodeChar
RtlAnsiStringToUnicodeString
RtlValidSid
RtlUnicodeToMultiByteN
NtPrivilegeObjectAuditAlarm
RtlUnicodeToMultiByteSize
RtlMapGenericMask
RtlCompareMemory
RtlOemStringToUnicodeString
RtlGetNtProductType
RtlQueryProcessDebugInformation
NtEnumerateKey
sprintf
RtlSetSaclSecurityDescriptor
NtSaveMergedKeys
RtlEqualPrefixSid
NtEnumerateValueKey
NtQueryInformationFile
NtCloseObjectAuditAlarm
RtlAddAuditAccessAceEx
NtAccessCheckByTypeResultListAndAuditAlarm
RtlLengthRequiredSid
RtlCopyUnicodeString
wcscmp
RtlGetVersion
wcschr
RtlIntegerToUnicodeString
RtlInitAnsiString
wcsncmp
RtlFreeSid
RtlIsValidIndexHandle
RtlNtStatusToDosError
NtDeleteObjectAuditAlarm
NtQueryInformationThread
NtNotifyChangeKey
RtlAdjustPrivilege
NtReplaceKey
RtlEqualUnicodeString
RtlxAnsiStringToUnicodeSize
NlsMbCodePageTag
RtlCopyLuid
wcstombs
NtTerminateProcess
RtlGetSecurityDescriptorRMControl
tolower
RtlInitializeHandleTable
NtQueryVirtualMemory
RtlAddAccessAllowedObjectAce
RtlAddAccessAllowedAceEx
NtCreateFile
RtlAppendUnicodeToString
RtlInitializeCriticalSection
NtQueryKey
RtlValidAcl
RtlAppendUnicodeStringToString
NtAdjustPrivilegesToken
RtlQueryInformationAcl
RtlValidSecurityDescriptor
_wcsicmp
RtlFormatCurrentUserKeyPath
NtOpenProcessToken
RtlDeleteSecurityObject
RtlNewSecurityObject
RtlImpersonateSelf
RtlStringFromGUID
RtlNewSecurityObjectEx
RtlGetDaclSecurityDescriptor
NtDeleteKey
RtlSetSecurityDescriptorRMControl
RtlInitializeGenericTable
RtlFlushSecureMemoryCache
RtlCreateUnicodeString
_strnicmp
_itow
RtlDuplicateUnicodeString
RtlAddAccessAllowedAce
RtlUnicodeStringToAnsiString
RtlDeleteAce
RtlCreateUnicodeStringFromAsciiz
RtlAddAuditAccessAce
NtDeleteValueKey
NtNotifyChangeMultipleKeys
_snwprintf
NtOpenKey
NtOpenObjectAuditAlarm
NtQueryInformationToken
NtPrivilegeCheck
strchr
RtlTimeToSecondsSince1970
NtFsControlFile
RtlEqualSid
NtFlushKey
NtSetInformationFile
mbstowcs
RtlSetControlSecurityDescriptor
RtlSetInformationAcl
RtlFreeUnicodeString
NtDuplicateToken
RtlSetSecurityObjectEx
RtlQuerySecurityObject
NtQueryInformationProcess
_ultow
NtSetInformationToken
RtlNewSecurityObjectWithMultipleInheritance
NtSetInformationProcess
wcsrchr
NtReadFile
RtlInitUnicodeStringEx
NtCreateKey
NtSaveKey
RtlInitializeSid
RtlValidRelativeSecurityDescriptor
NtAccessCheckByType
RtlRandom
strstr
RtlCreateSecurityDescriptor
RtlSubAuthoritySid
RtlFreeAnsiString
NtQuerySystemInformation
RtlReAllocateHeap
RtlAllocateHandle
RtlLookupElementGenericTable
RtlImageNtHeader
NtReleaseSemaphore

kernel32

WaitForMultipleObjectsEx
ResetEvent
OutputDebugStringW
GetSystemTimeAsFileTime
GetCurrentThread
CreateFileA
DeviceIoControl
GetSystemWindowsDirectoryW
GetPrivateProfileIntW
Sleep
FindNextFileW
OpenEventW
SetEvent
InterlockedDecrement
lstrcpyA
CompareFileTime
GetModuleFileNameW
FindResourceA
DelayLoadFailureHook
SetErrorMode
OpenProcess
HeapAlloc
FindFirstFileW
WaitForSingleObject
InitializeCriticalSection
GetSystemInfo
GetComputerNameW
GetTickCount
MapViewOfFile
GetProcAddress
LocalAlloc
LocalFree
RaiseException
GetFileSizeEx
ExitThread
WritePrivateProfileStringW
GetFileAttributesW
InterlockedIncrement
ExpandEnvironmentStringsW
SleepEx
SetFilePointer
OpenMutexW
ReadFile
LoadLibraryW
WriteFile
QueryPerformanceCounter
GetProcessHeap
GetSystemTime
MultiByteToWideChar
GetProfileStringA
DeleteCriticalSection
lstrcmpiW
GetFileTime
GetModuleHandleW
lstrcpyW
GetComputerNameExW
CreateProcessInternalW
MoveFileW
GetDiskFreeSpaceW
GetProfileIntA
WaitNamedPipeW
UnmapViewOfFile
CloseHandle
CreateEventA
InterlockedExchangeAdd
LoadResource
SizeofResource
SetUnhandledExceptionFilter
GetTimeZoneInformation
GetFileAttributesExW
EnumUILanguagesW
HeapFree
CancelIo
UnhandledExceptionFilter
DuplicateHandle
ReadProcessMemory
FormatMessageW
GetFileSize
SearchPathW
GetOverlappedResult
CreateFileMappingW
GetLogicalDriveStringsW
EnterCriticalSection
GetLongPathNameW
LoadLibraryExW
CreateEventW
GetLastError
CreateThread
SetNamedPipeHandleState
CreateProcessInternalA
GetUserDefaultUILanguage
LocalReAlloc
WideCharToMultiByte
GetDriveTypeW
CopyFileW
ExpandEnvironmentStringsA
InterlockedExchange
LeaveCriticalSection
GetFullPathNameW
lstrcpynW
GetCurrentProcessId
TerminateProcess
GetPrivateProfileStringW
GetLocalTime
GetModuleHandleA
SetThreadPriority
GetCurrentProcess
CreateMutexW
FreeLibrary
lstrlenW
InterlockedCompareExchange
lstrlenA
GetCommandLineW
GetSystemDirectoryW
GetVolumeInformationW
LoadLibraryA
GetWindowsDirectoryW
GetDiskFreeSpaceExW
GetVersionExA
FindClose
CreateFileW
lstrcatW
VirtualAlloc
FindResourceExW
AreFileApisANSI
GetFullPathNameA
DeleteFileW
OpenFile
IsBadWritePtr
VirtualFree
lstrcmpW
ResumeThread
GetPriorityClass
FindFirstFileExW
GetCurrentThreadId
SetLastError
GetComputerNameA
CreateFileMappingA
ReleaseMutex
_lclose
GetModuleHandleExW
GlobalMemoryStatus

rpcrt4

RpcBindingSetAuthInfoExW
RpcStringBindingComposeW
RpcImpersonateClient
RpcStringFreeW
UuidFromStringW
I_RpcExceptionFilter
RpcBindingFromStringBindingW
I_RpcBindingIsClientLocal
RpcBindingFree
NDRCContextBinding
RpcBindingSetAuthInfoA
RpcBindingSetAuthInfoW
RpcStringBindingParseW
UuidCreate
RpcSsDestroyClientContext
UuidToStringW
RpcBindingToStringBindingW
RpcRaiseException
I_RpcMapWin32Status
NdrClientCall2
RpcBindingSetAuthInfoExA
RpcEpResolveBinding
RpcRevertToSelf

Sections

.text
Size: 261KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e3b6e2b62503cf7bd5dd0436c96b1243

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

rpcrt4

Sections

.text Size: 261KB - Virtual size: 261KB

.rsrc Size: 15KB - Virtual size: 14KB

.data Size: 3KB - Virtual size: 7.1MB

.rdata Size: 52KB - Virtual size: 52KB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 261KB - Virtual size: 261KB

.rsrc
Size: 15KB - Virtual size: 14KB

.data
Size: 3KB - Virtual size: 7.1MB

.rdata
Size: 52KB - Virtual size: 52KB

.tls
Size: 512B - Virtual size: 4KB