456d165f34f71299a2bdb2f61ca2a659_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

456d165f34f71299a2bdb2f61ca2a659_JaffaCakes118
Size

252KB
MD5

456d165f34f71299a2bdb2f61ca2a659
SHA1

0e71e29c205bc4e2bf879c69854d02a060fcfe02
SHA256

4a4eb0ad983313cc5404f7f1294572cd5f049089fb25fdc863fc9132552eb524
SHA512

8334c739630aaf205eb87467c17bb55081cd302c76bf6c658528c338048d83060fd454657dfb69c0c1752a05bbdfd21336c3d840d3a9425f01f520874eddba25
SSDEEP

6144:hAyzRcWEHMq6pV1i+JydHxMoRQ+YedvjIUHtkviW0c:hAyzRcTH/GV1XJyTRQbwEC+iW0c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
456d165f34f71299a2bdb2f61ca2a659_JaffaCakes118

Files

456d165f34f71299a2bdb2f61ca2a659_JaffaCakes118
.dll windows:5 windows x86 arch:x86

6f1cae0958992201e0d357036a115800

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

p2pgasvc.pdb

Imports

msvcrt

wcscmp
iswdigit
wcschr
wcsncmp
_wcsnicmp
free
_stricmp
printf
wcslen
_vsnprintf
_except_handler3
_purecall
_onexit
__dllonexit
_adjust_fdiv
malloc
_initterm

advapi32

CryptCreateHash
TraceMessage
RegCloseKey
RegSetValueExW
RegCreateKeyExW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
OpenThreadToken
CheckTokenMembership
GetTokenInformation
GetWindowsAccountDomainSid
CreateWellKnownSid
RegisterServiceCtrlHandlerExW
SetServiceStatus
OpenSCManagerW
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptContextAddRef
OpenServiceW
QueryServiceStatus
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
RegQueryValueExW
RegOpenKeyExW
CloseServiceHandle
StartServiceW

kernel32

CompareFileTime
GetProcessHeap
HeapCreate
HeapDestroy
HeapAlloc
HeapFree
Sleep
SwitchToThread
CloseHandle
UnregisterWaitEx
InterlockedCompareExchange
SetEvent
RegisterWaitForSingleObject
CreateEventW
GetCurrentThread
lstrcmpiA
FileTimeToSystemTime
DeleteFileW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetSystemDirectoryW
GetLastError
LoadLibraryW
FreeLibrary
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
GetProcAddress

rpcrt4

RpcErrorGetNextRecord
RpcErrorStartEnumeration
RpcBindingInqAuthClientW
I_RpcBindingInqTransportType
RpcEpRegisterW
RpcServerRegisterIfEx
RpcServerRegisterAuthInfoW
RpcServerUseProtseqEpW
RpcServerUseProtseqW
I_RpcExceptionFilter
NdrClientCall2
RpcErrorEndEnumeration
RpcRevertToSelf
RpcImpersonateClient
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcServerUnregisterIfEx
RpcServerInqBindings
RpcStringFreeW
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcBindingVectorFree
NdrServerCall2

crypt32

CertEnumCertificatesInStore
CertVerifyValidityNesting
CryptDecodeObject
CertCloseStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertVerifySubjectCertificateContext
CertOpenStore
CertDuplicateStore

userenv

UnregisterGPNotification
RegisterGPNotification

Exports

Exports

SVCServiceMain

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6f1cae0958992201e0d357036a115800

Headers

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

rpcrt4

crypt32

userenv

Exports

Exports

Sections

.text Size: 67KB - Virtual size: 67KB

.data Size: 173KB - Virtual size: 173KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 67KB - Virtual size: 67KB

.data
Size: 173KB - Virtual size: 173KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 8KB