5bf3b106fd7898417e51b5c853bf8b1d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5bf3b106fd7898417e51b5c853bf8b1d_JaffaCakes118
Size

335KB
MD5

5bf3b106fd7898417e51b5c853bf8b1d
SHA1

0d8931315928e71a7be63a7d2d36faf4f90d0939
SHA256

3ab2062057bffd8d1db24ff21f746681966c713a69b2bdb20904b78346df5df2
SHA512

291131383c6f74a6ebfa12595aa3420a46de1dd8991c6f5302e297549e7909b3dae449bab29051099fd6516cb756d79594aa46fa58c5e23e94d092d45ad3b19a
SSDEEP

6144:9Ec6gjvv56JinslYHSZSVI0sF7/lKs7o7uyEm6:9EDgjvv56QXV6J/lKco7uyEm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5bf3b106fd7898417e51b5c853bf8b1d_JaffaCakes118

Files

5bf3b106fd7898417e51b5c853bf8b1d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

060710b22a61d83fd32971a6b2d4c6ff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ws2_32.pdb

Imports

msvcrt

wcsrchr
time
_except_handler3
memmove
wcschr
_c_exit
_exit
_XcptFilter
_cexit
_wcsicmp
exit
__initenv
__getmainargs
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
wcslen
wcsncmp
_wtol
wcscpy
_itow
_wcsnicmp
wcscat
_initterm
wcsncpy
wcscspn
_ultow

advapi32

RegOpenKeyW
ConvertSidToStringSidW
LsaStorePrivateData
LsaLookupNames
LsaQueryInformationPolicy
OpenThreadToken
RegNotifyChangeKeyValue
InitializeSecurityDescriptor
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
SystemFunction029
SystemFunction005
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
SetSecurityDescriptorOwner
GetSecurityDescriptorDacl
GetLengthSid
CopySid
InitializeAcl
AddAce
SetSecurityDescriptorDacl
LsaOpenPolicy
LsaLookupSids
LsaFreeMemory
LsaClose
ImpersonateLoggedOnUser
CreateProcessAsUserW
GetTokenInformation
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
InitiateSystemShutdownW
RevertToSelf

kernel32

TerminateProcess
SetProcessShutdownParameters
lstrcmpiW
FormatMessageW
ExitThread
ReleaseMutex
DelayLoadFailureHook
RaiseException
GetExitCodeThread
SetErrorMode
SetUnhandledExceptionFilter
LoadLibraryA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcess
UnhandledExceptionFilter
GetModuleHandleA
CreateMutexW
LocalAlloc
LocalFree
Sleep
LeaveCriticalSection
EnterCriticalSection
SetLastError
CloseHandle
CreateThread
GetLastError
CreateProcessW
ExpandEnvironmentStringsW
InitializeCriticalSection
HeapAlloc
HeapFree
SetConsoleCtrlHandler
WaitForSingleObject
HeapCreate
FreeLibrary
GetProcAddress
InterlockedCompareExchange
CreateNamedPipeW
ReadFile
CancelIo
GetOverlappedResult
WaitForMultipleObjects
ConnectNamedPipe
TransactNamedPipe
WriteFile
GetTickCount
GetSystemTimeAsFileTime
GetModuleHandleW
GetComputerNameW
CreateEventW
SetEvent
ResetEvent
DeviceIoControl
CreateFileW
ResumeThread
GetCurrentProcessId
LoadLibraryW
GetDriveTypeW
OpenEventW
GetCurrentThread

user32

wsprintfW
BroadcastSystemMessageW
MessageBoxW
LoadStringW
RegisterServicesProcess

rpcrt4

RpcServerRegisterAuthInfoW
RpcBindingFree
RpcEpResolveBinding
RpcBindingFromStringBindingW
RpcStringBindingComposeW
NdrClientCall2
RpcAsyncCompleteCall
RpcAsyncInitializeHandle
NdrAsyncServerCall
NdrAsyncClientCall
RpcMgmtStopServerListening
RpcMgmtWaitServerListen
NdrServerCall2
I_RpcBindingIsClientLocal
RpcRevertToSelf
I_RpcMapWin32Status
RpcImpersonateClient
RpcStringBindingParseW
RpcStringFreeW
RpcBindingToStringBindingW
RpcServerRegisterIfEx
RpcServerUseProtseqEpW
RpcServerRegisterIf
RpcServerListen
RpcServerUnregisterIf

ntdll

RtlCreateAcl
NtCreateKey
NtQueryValueKey
NtSetValueKey
NtDeleteValueKey
NtEnumerateKey
NtQuerySecurityObject
RtlFreeHeap
NtOpenKey
NtDeleteKey
RtlSetControlSecurityDescriptor
RtlValidSecurityDescriptor
RtlLengthSecurityDescriptor
NtPrivilegeObjectAuditAlarm
NtPrivilegeCheck
NtOpenThreadToken
NtAccessCheckAndAuditAlarm
NtSetInformationThread
NtAdjustPrivilegesToken
NtDuplicateToken
NtOpenProcessToken
NtQueryInformationToken
RtlQuerySecurityObject
RtlAddAccessAllowedAce
RtlValidRelativeSecurityDescriptor
RtlMapGenericMask
RtlCopyUnicodeString
NtSetInformationFile
NtQueryInformationFile
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
NtWaitForSingleObject
NtQueryDirectoryFile
NtDeleteFile
NtSetInformationProcess
NtSetEvent
RtlGetAce
RtlQueryInformationAcl
RtlGetDaclSecurityDescriptor
RtlAllocateHeap
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlConvertSharedToExclusive
RtlConvertExclusiveToShared
RtlRegisterWait
RtlGetNtProductType
RtlEqualUnicodeString
RtlLengthSid
RtlCopySid
RtlUnicodeStringToAnsiString
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlNewSecurityObject
RtlAddAce
RtlSetOwnerSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetSaclSecurityDescriptor
RtlSubAuthorityCountSid
NtOpenDirectoryObject
NtQueryDirectoryObject
RtlCompareUnicodeString
NtLoadDriver
NtUnloadDriver
RtlExpandEnvironmentStrings_U
RtlAdjustPrivilege
NtFlushKey
NtOpenFile
RtlDosPathNameToNtPathName_U
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
RtlFreeUnicodeString
RtlAreAllAccessesGranted
NtDeleteObjectAuditAlarm
NtCloseObjectAuditAlarm
RtlQueueWorkItem
RtlCopyLuid
RtlDeregisterWait
RtlReleaseResource
RtlAcquireResourceExclusive
RtlAcquireResourceShared
RtlInitializeResource
RtlDeleteSecurityObject
NtInitializeRegistry
NtQueryKey
NtClose
RtlInitUnicodeString
NtSetSystemEnvironmentValue
RtlNtStatusToDosError
NtShutdownSystem
RtlSetSecurityObject
RtlMakeSelfRelativeSD
RtlInitializeSid
RtlLengthRequiredSid
RtlSubAuthoritySid
NtSetSecurityObject

userenv

UnloadUserProfile
CreateEnvironmentBlock
LoadUserProfileW
DestroyEnvironmentBlock

scesrv

ScesrvInitializeServer
ScesrvTerminateServer

Sections

.text
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 212KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

060710b22a61d83fd32971a6b2d4c6ff

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

user32

rpcrt4

ntdll

userenv

scesrv

Sections

.text Size: 77KB - Virtual size: 76KB

.data Size: 212KB - Virtual size: 222KB

.rsrc Size: 33KB - Virtual size: 33KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 77KB - Virtual size: 76KB

.data
Size: 212KB - Virtual size: 222KB

.rsrc
Size: 33KB - Virtual size: 33KB

.reloc
Size: 12KB - Virtual size: 12KB