0f5c58012b1941dcd0f67ba077e90afe_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0f5c58012b1941dcd0f67ba077e90afe_JaffaCakes118
Size

129KB
MD5

0f5c58012b1941dcd0f67ba077e90afe
SHA1

3db2bf03d213bf9399a1c3e0fc147a411f76b1fd
SHA256

96baeea42954b38009f1d63aacfada44a0a48c6e211529c074824bf163804e9a
SHA512

8b0439b212dba132ca326ad23a02a8807fecd1bf3ebb8f6326f7e179bfbcac2a074737b9345f5f2c4f02822fe91679b25475b451db48f3732f50efe6f1882962
SSDEEP

3072:lmTTW5rsYtKGoIVnSs5gkIirxEMOc7DwlPUR9Y:wuhKGoM5gk9NOcPwlO9Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f5c58012b1941dcd0f67ba077e90afe_JaffaCakes118

Files

0f5c58012b1941dcd0f67ba077e90afe_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4c2ff0091a2062d19ea389bd7da65507

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

msisip.pdb

Imports

msvcrt

wcscat
vsprintf
sprintf
wcscpy
_purecall
wcsncmp
wcsncat
free
_wcsicmp
wcstok
wcsstr
_wcsupr
wcspbrk
wcsncpy
wcscspn
swprintf
_itow
_except_handler3
strncpy
wcslen
memmove

ntdll

NtSetInformationThread
RtlMakeSelfRelativeSD
RtlValidAcl
RtlGetSaclSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlCopySecurityDescriptor
RtlQueryInformationAcl
RtlDeleteSecurityObject
RtlAddAce
RtlSetSecurityObject
RtlInitializeResource
NtQueryKey
RtlNtStatusToDosError
NtRaiseHardError
RtlAdjustPrivilege
NtShutdownSystem
NtOpenProcessToken
NtAdjustPrivilegesToken
RtlAllocateAndInitializeSid
NtSetValueKey
NtDeleteKey
NtOpenKey
RtlQueryRegistryValues
LdrLoadDll
LdrGetProcedureAddress
LdrUnloadDll
RtlInitializeCriticalSectionAndSpinCount
RtlInitializeCriticalSection
RtlCompareMemory
RtlReleaseResource
RtlAcquireResourceExclusive
RtlEqualPrefixSid
RtlpNtEnumerateSubKey
RtlAbortRXact
RtlApplyRXact
NtOpenThreadToken
NtQueryInformationToken
RtlLengthSecurityDescriptor
RtlFreeUnicodeString
RtlIdentifierAuthoritySid
RtlAreAllAccessesGranted
NtCloseObjectAuditAlarm
RtlInitializeBitMap
RtlEnterCriticalSection
RtlLeaveCriticalSection
NtFlushKey
RtlGetNtProductType
RtlInitializeRXact
RtlInitializeSid
NtCreateToken
RtlConvertSidToUnicodeString
RtlpNtCreateKey
RtlpNtSetValueKey
RtlAppendUnicodeStringToString
RtlStartRXact
RtlCopyUnicodeString
NtQuerySystemTime
RtlAppendUnicodeToString
RtlApplyRXactNoFlush
RtlCreateSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlCreateAcl
RtlMapGenericMask
RtlAddAccessAllowedAce
RtlSetDaclSecurityDescriptor
RtlAddAuditAccessAce
RtlSetSaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
RtlGetDaclSecurityDescriptor
RtlGetAce
RtlSubAuthorityCountSid
RtlSubAuthoritySid
RtlSetBits
NtQueryValueKey
RtlSetAllBits
RtlFreeHeap
RtlAllocateHeap
RtlAddAttributeActionToRXact
RtlClearAllBits
DbgPrint
RtlLengthRequiredSid
NtDeleteObjectAuditAlarm
RtlValidSid
RtlAddActionToRXact
RtlpNtOpenKey
RtlpNtQueryValueKey
NtClose
NtAllocateLocallyUniqueId
NtAccessCheckByTypeResultListAndAuditAlarm
NtAccessCheckAndAuditAlarm
NtAccessCheck
NtAccessCheckByTypeResultList
RtlGetControlSecurityDescriptor
RtlEqualSid
RtlEqualUnicodeString
RtlInitUnicodeString
RtlCompareUnicodeString
RtlInitString
RtlEqualDomainName
RtlLengthSid
RtlCopySid
RtlValidSecurityDescriptor
RtlUpcaseUnicodeStringToOemString
RtlOemStringToUnicodeString
RtlEqualComputerName
RtlDnsHostNameToComputerName
RtlTimeToTimeFields
RtlExtendedIntegerMultiply
RtlExtendedLargeIntegerDivide
NtDelayExecution
NtRestoreKey
RtlUnicodeToOemN
RtlxUnicodeStringToOemSize
NlsMbOemCodePageTag
RtlIntegerToUnicodeString
NtPrivilegedServiceAuditAlarm
NtPrivilegeCheck
NtOpenThread
NtOpenProcess
NtCreateEvent
NtSetEvent
NtEnumerateKey
NtQuerySecurityObject
NtSetSecurityObject
NtDeleteValueKey
RtlCreateUnicodeString
NtConnectPort
NtRequestWaitReplyPort
NtOpenEvent

rpcrt4

RpcBindingFree
RpcStringBindingParseA
RpcBindingToStringBindingA
RpcSsGetContextBinding
I_RpcBindingIsClientLocal
I_RpcMapWin32Status
RpcImpersonateClient
RpcRevertToSelf
RpcServerRegisterAuthInfoW
RpcServerUseProtseqExW
RpcServerUseProtseqW
RpcServerInqBindings
RpcEpRegisterW
RpcBindingVectorFree
NdrServerCall2
UuidToStringA
RpcStringFreeA
RpcMgmtStopServerListening
RpcBindingServerFromClient
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcStringFreeW
RpcServerRegisterIf
RpcServerUseProtseqEpW

kernel32

lstrcpyW
GetModuleFileNameW
GetModuleHandleA
CompareStringW
GetSystemDefaultLCID
InterlockedExchange
FormatMessageW
GetLastError
LocalFree
InterlockedIncrement
InterlockedDecrement
GetTickCount
GetComputerNameExW
GetComputerNameW
GetVersionExW
MultiByteToWideChar
GetLocalTime
DeleteCriticalSection
LoadLibraryW
DelayLoadFailureHook
CloseHandle
SetFilePointer
CreateFileW
GetWindowsDirectoryW
FlushFileBuffers
WaitForSingleObject
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
DisableThreadLibraryCalls
LoadLibraryA
InterlockedCompareExchange
CompareFileTime
GetEnvironmentVariableW
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
RemoveDirectoryW
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GlobalMemoryStatus
GetDiskFreeSpaceA
GetComputerNameA
GetProcAddress
LocalAlloc
lstrlenW
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetStringTypeW
Sleep
SetConsoleCtrlHandler
SetProcessShutdownParameters
SetErrorMode
FreeLibrary
InitializeCriticalSection
CreateThread
WriteFile

advapi32

TraceEvent
RegCloseKey
RegSetValueExW
RegCreateKeyExW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
RegQueryValueExW
RegOpenKeyW
ConvertSidToStringSidW
GetSecurityDescriptorLength
LsaFreeMemory
GetLengthSid
GetSidSubAuthority
InitializeSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetWindowsAccountDomainSid
RegQueryValueExA
ConvertSidToStringSidA
RegSetValueExA
RegCreateKeyA
SystemFunction007
SystemFunction006
CheckTokenMembership
MapGenericMask
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
RegSaveKeyW
RegReplaceKeyW
RegLoadKeyW
LsaOpenPolicy
LsaStorePrivateData
LsaClose
RegUnLoadKeyW
GetUserNameA
ElfRegisterEventSourceW
ElfReportEventW
ElfDeregisterEventSource
ImpersonateLoggedOnUser
RevertToSelf
SystemFunction030
SystemFunction021
SystemFunction023
SystemFunction024
SystemFunction026
SystemFunction015
SystemFunction013
RegOpenKeyExW
SystemFunction025
SystemFunction027
SystemFunction031
SystemFunction029
InitializeAcl
AddAuditAccessAce
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
MakeSelfRelativeSD
AddAccessDeniedObjectAce
AddAccessDeniedAce
AddAccessAllowedObjectAce
AddAccessAllowedAce
FindFirstFreeAce
GetAce
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner

user32

wsprintfW
wsprintfA
GetMessageTime
GetCursorPos
GetSystemMetrics

cryptdll

CDGenerateRandomBits

dnsapi

DnsValidateName_W
DnsNameCompare_W

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 224KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c2ff0091a2062d19ea389bd7da65507

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

rpcrt4

kernel32

advapi32

user32

cryptdll

dnsapi

Sections

.text Size: 64KB - Virtual size: 60KB

.data Size: 224KB - Virtual size: 235KB

.rsrc Size: 10KB - Virtual size: 9KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 64KB - Virtual size: 60KB

.data
Size: 224KB - Virtual size: 235KB

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 10KB - Virtual size: 10KB