25cb1918604976fc6719f8377a65b4f0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

25cb1918604976fc6719f8377a65b4f0_JaffaCakes118
Size

355KB
MD5

25cb1918604976fc6719f8377a65b4f0
SHA1

8f818b34fb4db9b2bebe5d784ea3f219d66c7418
SHA256

c27eb403a850a53b7e9058b63743a68c54337c1c6e00f0015f75bce64677e8d3
SHA512

95eb841bf0c0f80d62218e6ad7687a365cfce057d5a8fd668f535dd7821a22fbc2bb2b638757190698a2b651c6cf3de5fce8da84151b6ee26e97d03782690640
SSDEEP

6144:dkB+hWu9Vmc2Ur471rkTGICCO67vlpryARc/X6bFimlUzpWr+0gcitfNvvxE8:dKbcWBwGICMvfyt/XqFiml0A50Nv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25cb1918604976fc6719f8377a65b4f0_JaffaCakes118

Files

25cb1918604976fc6719f8377a65b4f0_JaffaCakes118
.dll windows:5 windows x86 arch:x86

2bd32e892316abc824f9984353697157

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ipsecsvc.pdb

Imports

advapi32

AddAccessDeniedAce
GetAce
SetSecurityDescriptorDacl
GetSecurityDescriptorLength
MakeSelfRelativeSD
RegDeleteKeyW
RegEnumKeyExW
RegDeleteValueW
OpenProcessToken
RegOpenKeyExW
InitializeAcl
GetLengthSid
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
TraceMessage
RegCloseKey
RegQueryValueExW
RegOpenKeyW
RegSetValueExW
RegCreateKeyExW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
SetServiceStatus
RegisterServiceCtrlHandlerExW
AddAccessAllowedAce

authz

AuthzAccessCheck

crypt32

CertStrToNameW

iphlpapi

GetPerAdapterInfo
GetAdaptersInfo
AllocateAndGetIfTableFromStack
GetIpAddrTable
NhGetInterfaceNameFromGuid
GetInterfaceInfo

kernel32

SetEvent
DeleteCriticalSection
GetCurrentProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
DisableThreadLibraryCalls
WaitForSingleObject
CloseHandle
ResetEvent
WaitForMultipleObjects
HeapFree
CreateEventW
InitializeCriticalSection
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
GetLastError
LocalAlloc
VirtualProtect
LocalFree
VirtualAlloc
FormatMessageW
LeaveCriticalSection
PulseEvent
HeapAlloc
GetProcessHeap
DeviceIoControl
CreateFileW

lsasrv

LsaIWriteAuditEvent

msvcrt

wcsstr
wcscat
wcschr
_wtol
_snwscanf
mktime
_adjust_fdiv
wcsncpy
malloc
_initterm
free
_wcsicmp
_except_handler3
time
mbstowcs
wcscmp
wcscpy
wcslen

netapi32

NetApiBufferFree
DsGetDcNameW

ntdll

RtlLengthSid

oakley

ord33
ord37
ord39
ord40
ord38
ord27
ord28
ord23
ord25
ord24
ord35
ord26
ord34
ord36
ord30
ord31

rpcrt4

RpcServerRegisterAuthInfoW
RpcServerUseProtseqW
RpcServerRegisterIfEx
RpcServerInqBindings
RpcEpRegisterW
RpcServerUnregisterIfEx
RpcBindingVectorFree
RpcEpUnregister
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcBindingInqAuthClientW
RpcStringFreeW
RpcFreeAuthorizationContext
RpcGetAuthorizationContextForClient
NdrServerCall2
RpcImpersonateClient
RpcRevertToSelf
UuidCreate
I_RpcBindingIsClientLocal
RpcServerInqDefaultPrincNameW

user32

wsprintfW

userenv

FreeGPOListW
GetGPOListW
RefreshPolicy

wldap32

ord36
ord41
ord73
ord13
ord208
ord26
ord27
ord97
ord140
ord88
ord79
ord77
ord142
ord210
ord145
ord16
ord14
ord224

ws2_32

WSACleanup
ntohs
ntohl
inet_addr
closesocket
WSAIoctl
WSAEventSelect
htons
WSACreateEvent
WSAGetLastError
WSASocketW
WSAStartup

Exports

Exports

ServiceMain

Sections

.text
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2bd32e892316abc824f9984353697157

Headers

File Characteristics

PDB Paths

Imports

advapi32

authz

crypt32

iphlpapi

kernel32

lsasrv

msvcrt

netapi32

ntdll

oakley

rpcrt4

user32

userenv

wldap32

ws2_32

Exports

Exports

Sections

.text Size: 150KB - Virtual size: 149KB

.data Size: 14KB - Virtual size: 13KB

.rsrc Size: 184KB - Virtual size: 183KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 150KB - Virtual size: 149KB

.data
Size: 14KB - Virtual size: 13KB

.rsrc
Size: 184KB - Virtual size: 183KB

.reloc
Size: 6KB - Virtual size: 6KB