21303ce823b0a051087d7eb8b7fa978c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

21303ce823b0a051087d7eb8b7fa978c_JaffaCakes118
Size

414KB
MD5

21303ce823b0a051087d7eb8b7fa978c
SHA1

1f0b3ded77d23209e1a70d8ab7940c9508379bc6
SHA256

2e04d11b65835955c3dc2b25ffec2f53c26c65bef209a27d02a7a2d1d41569c4
SHA512

3a9b814983e5121ed445e5caecc94712353a3fae41a3728b065b75eedd717c942db0c9a5dfd4b029a7404997882e5541ec6faf5798548d60e6d700b8d2a400d6
SSDEEP

12288:+ma4/y62oHQ2w6zThmpkUTj6nmkyWcfgMr:+ma4/y62WQb6zTUkyjY+V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21303ce823b0a051087d7eb8b7fa978c_JaffaCakes118

Files

21303ce823b0a051087d7eb8b7fa978c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

8f8db8fbe340726a3a745365b65a6b4f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rpcrt4

RpcBindingFree
RpcStringFreeW
I_RpcMapWin32Status
RpcBindingFromStringBindingW
NdrClientCall2
RpcStringBindingComposeW
I_RpcExceptionFilter
RpcSsDestroyClientContext

kernel32

Beep
LocalAlloc
GetCurrentThreadId
GetSystemInfo
GetCurrentProcess
SetLastError
DelayLoadFailureHook
GetTickCount
GetComputerNameExW
GetCurrentProcessId
InterlockedCompareExchange
GetProcAddress
UnhandledExceptionFilter
InterlockedDecrement
SetEvent
GetCurrentThread
TerminateProcess
CreateThread
CreateEventW
CloseHandle
VirtualAlloc
QueryPerformanceCounter
WaitForSingleObject
LoadLibraryA
VirtualFree
InterlockedIncrement
FreeLibrary
GetSystemTimeAsFileTime
GetComputerNameW
ResetEvent
GetLastError
SetUnhandledExceptionFilter
LocalFree

ntdll

RtlDeleteCriticalSection
RtlEnterCriticalSection
RtlSubAuthorityCountSid
NtOpenKey
RtlNtStatusToDosError
NtClose
NtQueryValueKey
RtlFreeUnicodeString
RtlInitString
RtlLengthSid
NtAllocateLocallyUniqueId
RtlLengthSecurityDescriptor
RtlSubAuthoritySid
RtlLeaveCriticalSection
NtAllocateVirtualMemory
RtlInitializeCriticalSection
RtlValidSid
NtQueryInformationToken
RtlEqualSid
RtlCopyLuid
RtlCopySid
NtCreateSemaphore
RtlGetNtProductType
RtlMakeSelfRelativeSD
RtlInitUnicodeString

msvcrt

_except_handler3
wcsncmp
memmove
wcsncpy
malloc
wcscpy
wcscat
_wcsnicmp
free
_adjust_fdiv
_initterm
wcslen

advapi32

RegOpenKeyExA
RegEnumValueW
QueryServiceStatus
RegDeleteKeyW
EqualDomainSid
RegQueryValueExA
RegOpenKeyExW
IsWellKnownSid
CreateWellKnownSid
RegEnumKeyW
RegSetValueExW
GetLengthSid
RegQueryInfoKeyW
RegDeleteValueW
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegEnumKeyExW
ConvertSidToStringSidW
OpenThreadToken
RegCloseKey

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 392KB - Virtual size: 391KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 920KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8f8db8fbe340726a3a745365b65a6b4f

Headers

File Characteristics

Imports

rpcrt4

kernel32

ntdll

msvcrt

advapi32

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 8KB - Virtual size: 8KB

.rsrc Size: 392KB - Virtual size: 391KB

.reloc Size: 512B - Virtual size: 28B

.data Size: 4KB - Virtual size: 920KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 392KB - Virtual size: 391KB

.reloc
Size: 512B - Virtual size: 28B

.data
Size: 4KB - Virtual size: 920KB