4de2c72423747b4c0a5ca9061fff0d02_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4de2c72423747b4c0a5ca9061fff0d02_JaffaCakes118
Size

137KB
MD5

4de2c72423747b4c0a5ca9061fff0d02
SHA1

b4aeb679b1a5cb18947141fb1d24fca895f17eaa
SHA256

1572ca87f1c020926f966b7b616caec1c3c65ae88ef566fb84584669f9839f50
SHA512

32710590d1e91d0d10882a07ba2623dc0d0766f6b8b06ccbc6548757669367c24c2a55abe28b83c012f15e56fc5fadc9a0b7f6506da1aa97d186eede40b6054b
SSDEEP

1536:hFpIxvlQ5JJfcBgLDLh5upEGKTwXN70PTP/K8WVqcwunVj:G7QVcaLDL7QEv4N7MTi8WVqKnVj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4de2c72423747b4c0a5ca9061fff0d02_JaffaCakes118

Files

4de2c72423747b4c0a5ca9061fff0d02_JaffaCakes118
.dll windows:5 windows x86 arch:x86

c17072799bde3fc644e0ad2de098b190

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

sfc_os.pdb

Imports

ntdll

RtlFreeHeap
RtlDeleteCriticalSection
LdrGetProcedureAddress
RtlInitString
LdrLoadDll
RtlReAllocateHeap
LdrUnloadDll
wcscmp
_chkstk
NtResetEvent
NtSetEvent
LdrAccessResource
LdrFindResource_U
RtlUnwind
NtQueryVirtualMemory
RtlAllocateHeap
NtQueryInformationFile
NtWriteFile
NtDeleteFile
NtCreateKey
NtQueryValueKey
NtSetValueKey
RtlFreeUnicodeString
NtFlushBuffersFile
NtSetInformationFile
NtUnmapViewOfSection
NtCreateSection
NtMapViewOfSection
RtlDosPathNameToNtPathName_U
NtCreateFile
NtFsControlFile
NtOpenFile
wcstoul
RtlInitializeCriticalSection
NtOpenKey
RtlExpandEnvironmentStrings_U
_vsnwprintf
towlower
wcschr
wcsstr
swprintf
memmove
wcslen
_wcsnicmp
NtClose
RtlInitUnicodeString
wcscpy
RtlGetAce
RtlQueryInformationAcl
RtlGetDaclSecurityDescriptor
NtQuerySecurityObject
RtlCompareUnicodeString
NtWaitForMultipleObjects
NtCreateEvent
NtNotifyChangeDirectoryFile
_wcsicmp
NtWaitForSingleObject
wcscat
RtlEnterCriticalSection
RtlLeaveCriticalSection
wcsrchr
wcsncpy
RtlNtStatusToDosError

user32

SetDlgItemTextW
RegisterDeviceNotificationW
DestroyWindow
wsprintfW
LoadStringW
SetThreadDesktop
CreateDialogParamW
SendMessageW
MsgWaitForMultipleObjects
IsDialogMessageW
GetDlgItemTextW
DispatchMessageW
PeekMessageW
GetDlgItem
EnableWindow
ShowWindow
UpdateWindow
SetForegroundWindow
EndDialog
FindWindowW
RegisterWindowMessageW
PostMessageW
UnregisterDeviceNotification
OpenInputDesktop
GetUserObjectInformationW
CloseDesktop
RegisterClassW
CreateWindowExW
DefWindowProcW
GetSystemMetrics
GetWindowRect
SetWindowLongW
MoveWindow
DialogBoxParamW
MessageBoxW
TranslateMessage

kernel32

GetComputerNameW
LocalAlloc
GetComputerNameExW
LeaveCriticalSection
EnterCriticalSection
HeapFree
HeapAlloc
GetProcessHeap
InitializeCriticalSection
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
QueryPerformanceCounter
LoadLibraryA
InterlockedCompareExchange
DelayLoadFailureHook
GetTickCount
OpenEventW
ResetEvent
CreateDirectoryW
GetLocalTime
WideCharToMultiByte
GetSystemWow64DirectoryW
GetCurrentProcess
GetFileSize
GetDiskFreeSpaceExW
GetModuleFileNameW
InterlockedExchange
WaitForSingleObject
GetCurrentThreadId
DisableThreadLibraryCalls
CreateFileW
lstrcpynW
GetDriveTypeW
FormatMessageW
LocalFree
LoadLibraryW
GetProcAddress
FreeLibrary
CreateEventW
SetEvent
GetModuleHandleW
GetVersionExW
FindFirstFileW
SetFileAttributesW
DeleteFileW
FindNextFileW
FindClose
GetSystemTimeAsFileTime
CreateThread
CloseHandle
ExpandEnvironmentStringsW
GetLastError
GetFileAttributesW
SetLastError

rpcrt4

RpcStringFreeW
RpcImpersonateClient
NdrClientCall2
NdrServerCall2
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcBindingFree
I_RpcMapWin32Status
RpcServerRegisterIf
RpcServerUseProtseqEpW
RpcServerListen
RpcRevertToSelf

advapi32

RegCreateKeyExW
RegisterEventSourceW
RevertToSelf
ImpersonateLoggedOnUser
DeregisterEventSource
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
ReportEventW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

wintrust

CryptCATAdminEnumCatalogFromHash
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseCatalogContext
WinVerifyTrust
CryptCATAdminAcquireContext
CryptCATAdminReleaseContext
CryptCATAdminCalcHashFromFileHandle

crypt32

CertFreeCertificateContext

ole32

StringFromIID
CoTaskMemFree
StringFromGUID2
IIDFromString

Exports

Exports

SfcGetNextProtectedFile
SfcIsFileProtected
SfcWLEventLogoff
SfcWLEventLogon

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c17072799bde3fc644e0ad2de098b190

Headers

File Characteristics

PDB Paths

Imports

ntdll

user32

kernel32

rpcrt4

advapi32

wintrust

crypt32

ole32

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 95KB

.data Size: 512B - Virtual size: 20KB

.rsrc Size: 34KB - Virtual size: 33KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 96KB - Virtual size: 95KB

.data
Size: 512B - Virtual size: 20KB

.rsrc
Size: 34KB - Virtual size: 33KB

.reloc
Size: 6KB - Virtual size: 5KB