3af9de70551858b19cd319d18e51be44_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3af9de70551858b19cd319d18e51be44_JaffaCakes118
Size

146KB
MD5

3af9de70551858b19cd319d18e51be44
SHA1

a5df23b804421c96c709a783bbf9f4c236b6a6b2
SHA256

36564e7852db435ec5b5716dedc4b704fd0d9aa096744db215554316aa1636af
SHA512

b7497a065437066b687d665771d508cfa897c32ead1746254ce1fe836c347fd06e46a1f6f75a1d3b89bafd16ef1b3760df0bfd433e35a9472c13f7fec0958579
SSDEEP

3072:xNEV9Lk6S3ARcIkma4AlAqezZb9YBD4Q6kx0EDn1:YQQRcIh9niB4hkx0U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3af9de70551858b19cd319d18e51be44_JaffaCakes118

Files

3af9de70551858b19cd319d18e51be44_JaffaCakes118
.dll windows:5 windows x86 arch:x86

a2a579d61fb6c01d6cfc5dece2dbb7b1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

srvsvc.pdb

Imports

msvcrt

wcscmp
wcstok
wcsncpy
memmove
towupper
_except_handler3
srand
rand
_wcsicmp
wcschr
_wcsnicmp
wcslen
wcscat
wcscpy

ntdll

NtQuerySymbolicLinkObject
RtlSetDaclSecurityDescriptor
RtlMakeSelfRelativeSD
NtOpenKey
NtQueryValueKey
NtCreateEvent
RtlAcquireResourceShared
NlsMbOemCodePageTag
RtlxUnicodeStringToOemSize
RtlUnicodeStringToOemString
RtlCopyUnicodeString
NtOpenFile
RtlUpcaseUnicodeStringToOemString
RtlCreateEnvironment
RtlSetEnvironmentVariable
RtlIntegerToUnicodeString
RtlDestroyEnvironment
RtlGetNtProductType
NtQuerySystemInformation
RtlLengthSecurityDescriptor
RtlQueryEnvironmentVariable_U
RtlValidSecurityDescriptor
RtlQueryRegistryValues
NtOpenSymbolicLinkObject
RtlCheckRegistryKey
RtlNtStatusToDosError
RtlCreateRegistryKey
RtlWriteRegistryValue
VerSetConditionMask
RtlAcquireResourceExclusive
RtlReleaseResource
RtlDosPathNameToNtPathName_U
RtlFreeUnicodeString
NtCreateFile
NtFsControlFile
RtlInitUnicodeString
RtlUnicodeStringToInteger
RtlValidRelativeSecurityDescriptor
RtlCopySecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlSetGroupSecurityDescriptor
NtOpenThreadToken
RtlSetSecurityObject
NtClose
RtlNewSecurityObject
NtQueryInformationFile
NtQueryVolumeInformationFile
DbgPrint
NtWaitForSingleObject
NtOpenEvent
RtlUpcaseUnicodeString
NtUnloadDriver
NtLoadDriver
RtlDeleteCriticalSection
RtlDeleteResource
RtlInitializeCriticalSection
RtlInitializeResource
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlDeleteSecurityObject
RtlTimeToSecondsSince1970
NtQuerySystemTime
NtCompleteConnectPort
NtAcceptConnectPort
RtlCompareMemoryUlong
NtListenPort
NtCreatePort
RtlInitAnsiString
NtRequestPort
NtReplyPort
RtlFreeHeap
NtSetInformationThread
NtImpersonateClientOfPort
NtReplyWaitReceivePortEx
RtlDeleteRegistryValue

kernel32

GetTickCount
DeviceIoControl
WaitForMultipleObjects
Sleep
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
CloseHandle
InterlockedIncrement
lstrcmpW
GetVersionExW
LoadLibraryW
FreeLibrary
FormatMessageW
LocalFree
DeleteCriticalSection
CreateEventW
CreateThread
SetEvent
RaiseException
VerifyVersionInfoW
WaitForSingleObject
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
DisableThreadLibraryCalls
LocalAlloc
GetCurrentThread
SetThreadPriority
ExitThread
GetSystemTime
GetDriveTypeW
GetSystemDirectoryW
SetLastError
CreateFileW
InitializeCriticalSection
GetLastError
GetProcAddress

advapi32

GetAce
SetFileSecurityW
GetFileSecurityW
IsValidSecurityDescriptor
LsaOpenPolicy
LsaQueryInformationPolicy
LsaFreeMemory
LsaClose
ImpersonateSelf
RegCloseKey
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegSetValueExW
CloseServiceHandle
StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
RegNotifyChangeKeyValue
EqualSid
GetAclInformation
AddAccessAllowedAceEx
GetLengthSid
GetSecurityDescriptorDacl
SetServiceStatus
I_ScSetServiceBitsW
RegisterServiceCtrlHandlerExW
CryptHashData
CryptReleaseContext
CryptDestroyHash
CryptDestroyKey
CryptVerifySignatureW
CryptImportKey
CryptCreateHash
RevertToSelf
CryptAcquireContextW
RegisterEventSourceW
ReportEventW
DeregisterEventSource

netapi32

NetpwPathCanonicalize
NetpwPathCompare
NetpwNameValidate
NetpwNameCanonicalize
NetpwNameCompare
NetApiBufferFree
DsGetSiteNameW
NetpNtStatusToApiStatus
NetpAccessCheckAndAudit
NetpDeleteSecurityObject
NetpCreateSecurityObject
I_NetPathType
NetpGetComputerName
NetpReleasePrivilege
NetpGetPrivilege
NetUnregisterDomainNameChangeNotification
NetRegisterDomainNameChangeNotification
NetpLocalTimeZoneOffset
NetApiBufferAllocate
NetMessageBufferSend
NetpwPathType

rpcrt4

RpcRevertToSelf
RpcImpersonateClient
UuidCreate
RpcStringFreeW
RpcBindingFree
RpcStringBindingParseW
RpcBindingToStringBindingW
RpcBindingServerFromClient
RpcServerUnregisterIf
RpcServerRegisterIfEx
RpcServerUseProtseqEpW
NdrServerCall2

user32

GetSystemMetrics

imagehlp

ImageEnumerateCertificates
ImageGetCertificateHeader
ImageGetCertificateData
ImageGetDigestStream

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a2a579d61fb6c01d6cfc5dece2dbb7b1

Headers

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

advapi32

netapi32

rpcrt4

user32

imagehlp

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 71KB

.data Size: 68KB - Virtual size: 67KB

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 72KB - Virtual size: 71KB

.data
Size: 68KB - Virtual size: 67KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 4KB - Virtual size: 4KB