WUDFSvc.pdb
Static task
static1
Behavioral task
behavioral1
Sample
456b1aa4f93bc0f9a14f387bb7d8625f_JaffaCakes118.dll
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
456b1aa4f93bc0f9a14f387bb7d8625f_JaffaCakes118.dll
Resource
win10v2004-20240709-en
General
-
Target
456b1aa4f93bc0f9a14f387bb7d8625f_JaffaCakes118
-
Size
110KB
-
MD5
456b1aa4f93bc0f9a14f387bb7d8625f
-
SHA1
e6d74d246618fb0f80267a755032a5505ab157c4
-
SHA256
07d96b03391331ea87858da81826430930640cfd4997d7d06c584dec6894b4f6
-
SHA512
2f0038a09b82ed2216133f9f32cc6ce80ddd67c8624c128773753c6bd9f950b13e995bd573b4fcec9240d50faf101dbc171a313950b916f597299b85e935006b
-
SSDEEP
1536:zTWA8xtKxmoR5dsxQW+nFj50p2rX91MtkG9rgnuNZeO3xgd:J8Pg3Kx125G59CUUMg
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 456b1aa4f93bc0f9a14f387bb7d8625f_JaffaCakes118
Files
-
456b1aa4f93bc0f9a14f387bb7d8625f_JaffaCakes118.dll windows:6 windows x86 arch:x86
9904eb65711716550454bfb2bae4805a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
msvcrt
wcsncmp
memset
_adjust_fdiv
_amsg_exit
_initterm
free
malloc
_XcptFilter
kernel32
GetLastError
EnterCriticalSection
DeleteCriticalSection
CloseHandle
UnregisterWait
CreateEventW
InitializeCriticalSection
ExpandEnvironmentStringsW
SearchPathW
GetSystemDirectoryW
InterlockedIncrement
InterlockedDecrement
DeviceIoControl
CreateFileW
SetEvent
LeaveCriticalSection
CreateProcessW
ResumeThread
GetExitCodeProcess
QueueUserWorkItem
InterlockedExchange
Sleep
InterlockedCompareExchange
RtlUnwind
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WaitForSingleObject
lstrlenW
WaitForMultipleObjects
LocalFree
advapi32
SetServiceStatus
GetTraceEnableFlags
TraceMessage
RegisterServiceCtrlHandlerExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
ConvertSidToStringSidW
EqualSid
GetTokenInformation
OpenProcessToken
RegSetKeySecurity
IsValidSecurityDescriptor
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSecurityDescriptorLength
IsValidAcl
AddAccessAllowedAceEx
InitializeAcl
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
LogonUserW
CreateProcessAsUserW
RegEnumKeyExW
RegGetKeySecurity
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetLengthSid
GetAce
GetTraceEnableLevel
ntdll
DbgPrint
NtClose
_vsnwprintf
rpcrt4
RpcStringFreeW
UuidToStringW
UuidCreate
UuidFromStringW
setupapi
SetupDiEnumDeviceInfo
CM_Query_And_Remove_SubTreeW
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
CM_Get_DevNode_Status_Ex
SetupDiOpenDeviceInfoW
CM_Setup_DevNode
SetupDiOpenDevRegKey
SetupDiGetDeviceInfoListDetailW
SetupDiCreateDeviceInfoList
SetupDiGetClassDevsW
SetupDiGetDeviceInstanceIdW
wudfplatform
InitializePlatformLibrary
GetAndInitializePlatformObject
WdfGetLpcInterface
Exports
Exports
ServiceMain
SvchostPushServiceGlobals
Sections
.text Size: 47KB - Virtual size: 47KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 57KB - Virtual size: 58KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ