0ab5bf3d68c000eef4ece095a89ecd82_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0ab5bf3d68c000eef4ece095a89ecd82_JaffaCakes118
Size

219KB
MD5

0ab5bf3d68c000eef4ece095a89ecd82
SHA1

c155d033524660d2dbe3fb4e7b21a54cc192cdc4
SHA256

99afb982b73ca7f494d2fa558c1299123ecc4c297b9852ff2cb55f45b8c743d5
SHA512

c7b3238d4e397bcf11f28f42f6422594ad57120d48b6d55584407f3377eddd877b697c46c7053c86bf1e35e1a9abe0a3387943b3b4efa2810612b1eaabf5d5f4
SSDEEP

3072:F41jTmW34gbOgW3vIiRcic5ckzLkdh4K/rYIUAVxTX2c9cmcmFAjB+7LR2jfL2d3:NW3EfRJSpzLkcK/rTHTX2mNNmc7LRMq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ab5bf3d68c000eef4ece095a89ecd82_JaffaCakes118

Files

0ab5bf3d68c000eef4ece095a89ecd82_JaffaCakes118
.dll windows:5 windows x86 arch:x86

d205474a74fae5397d58e6e35688ac50

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

umpnpmgr.pdb

Imports

advapi32

FreeSid
RegisterServiceCtrlHandlerExW
GetTokenInformation
LookupPrivilegeValueW
SetServiceStatus
RegEnumKeyW
RegOpenKeyW
PrivilegeCheck
OpenThreadToken
CheckTokenMembership
RegQueryInfoKeyW
SetEntriesInAclW
SetSecurityDescriptorControl
RegGetKeySecurity
GetSecurityDescriptorDacl
GetAclInformation
GetAce
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegEnumValueW
RegDeleteKeyW
RegDeleteValueW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
DuplicateTokenEx
IsValidSecurityDescriptor
SetSecurityDescriptorDacl
AddAccessAllowedAceEx
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
AllocateAndInitializeSid
CreateProcessAsUserW
OpenProcessToken
RegEnumKeyExW
RegSetKeySecurity
AddAce
EqualSid

kernel32

HeapReAlloc
LoadLibraryA
SetConsoleCtrlHandler
LocalFree
CompareFileTime
GetCurrentThread
lstrcmpiW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapCreate
DisableThreadLibraryCalls
VerifyVersionInfoW
CompareStringW
lstrlenW
HeapFree
HeapAlloc
WaitForMultipleObjects
ReleaseMutex
GetVolumeNameForVolumeMountPointW
CloseHandle
FreeLibrary
GetProcAddress
LoadLibraryW
OpenProcess
LeaveCriticalSection
WaitNamedPipeW
GetLastError
SetEvent
WaitForSingleObject
DuplicateHandle
GetCurrentProcess
CreateEventW
SetLastError
WideCharToMultiByte
ResetEvent
WriteFile
CancelIo
GetOverlappedResult
ConnectNamedPipe
CreateNamedPipeW
FindClose
FindFirstFileW
GetSystemDirectoryW
GetCurrentThreadId
OpenEventW
CreateThread
CreateFileW

msvcrt

_adjust_fdiv
malloc
free
_wtoi
qsort
_except_handler3
wcschr
_vsnwprintf
_initterm

ntdll

VerSetConditionMask
NtPlugPlayControl
NtClose
NtDuplicateToken
RtlInitUnicodeString
NtGetPlugPlayEvent

rpcrt4

I_RpcBindingIsClientLocal
UuidFromStringW
RpcServerUnregisterIf
RpcServerRegisterIfEx
NdrServerCall2
RpcStringFreeW
UuidCreate
RpcImpersonateClient
RpcRevertToSelf
UuidEqual
UuidToStringW
I_RpcExceptionFilter

user32

BroadcastSystemMessageExW
GetThreadDesktop
CloseDesktop
BroadcastSystemMessageW
DeviceEventWorker
GetWindowThreadProcessId
CharUpperW
SetThreadDesktop

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

winsta

WinStationQueryInformationW

Exports

Exports

DeleteServicePlugPlayRegKeys
PNP_GetDeviceList
PNP_GetDeviceListSize
PNP_GetDeviceRegProp
PNP_HwProfFlags
PNP_SetActiveService
RegisterScmCallback
RegisterServiceNotification
ServiceEntry

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d205474a74fae5397d58e6e35688ac50

Headers

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

ntdll

rpcrt4

user32

userenv

winsta

Exports

Exports

Sections

.text Size: 105KB - Virtual size: 104KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 103KB - Virtual size: 103KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 105KB - Virtual size: 104KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 103KB - Virtual size: 103KB

.reloc
Size: 5KB - Virtual size: 5KB