6933ebec63114ae8c0d9e677d9132058_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6933ebec63114ae8c0d9e677d9132058_JaffaCakes118
Size

140KB
MD5

6933ebec63114ae8c0d9e677d9132058
SHA1

b8004256eb8e3e5497eb20552825ca115b9d574f
SHA256

1c83a7e4faca0d21b41381bbec8709ee568c5338cc0a677941e278f4e6f8dcb5
SHA512

bd945a5e7e6f8598e1feff8c011b218fb1cf5710251f1aca8021ff7adad591d577d08ee041da5766685fcd96198d2bf1fc6b26fc1cac566feade5dfcd95e9aa0
SSDEEP

1536:HtN4xDlPXOzGIeOGeP/V9dKISS/Af3kvP23rrUHFZKV/+S3q4KCh+RVX:kzPXtjCt6SQ+23rO0VGSa4KChyVX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6933ebec63114ae8c0d9e677d9132058_JaffaCakes118

Files

6933ebec63114ae8c0d9e677d9132058_JaffaCakes118
.dll windows:5 windows x86 arch:x86

efd10f31a0de9b564c563f0c13f36b60

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

sfc_os.pdb

Imports

ntdll

RtlExpandEnvironmentStrings_U
NtOpenKey
_vsnwprintf
RtlInitializeCriticalSection
wcstoul
wcschr
NtQueryInformationFile
NtWriteFile
NtDeleteFile
towlower
wcsstr
RtlAllocateHeap
RtlFreeHeap
RtlNtPathNameToDosPathName
RtlpEnsureBufferSize
LdrGetProcedureAddress
RtlInitString
LdrLoadDll
RtlReAllocateHeap
LdrUnloadDll
wcscmp
_chkstk
NtCreateKey
NtQueryValueKey
NtSetValueKey
RtlFreeUnicodeString
NtFlushBuffersFile
NtSetInformationFile
NtUnmapViewOfSection
NtCreateSection
NtMapViewOfSection
RtlDosPathNameToNtPathName_U
NtCreateFile
NtFsControlFile
NtOpenFile
swprintf
memmove
NtWaitForMultipleObjects
NtCreateEvent
NtNotifyChangeDirectoryFile
_wcsicmp
NtWaitForSingleObject
NtResetEvent
NtSetEvent
LdrAccessResource
LdrFindResource_U
RtlUnwind
NtQueryVirtualMemory
RtlDeleteCriticalSection
wcscat
RtlEnterCriticalSection
wcslen
_wcsnicmp
NtClose
RtlInitUnicodeString
wcscpy
RtlLeaveCriticalSection
wcsrchr
wcsncpy
RtlNtStatusToDosError

user32

DefWindowProcW
SetWindowPos
CreateWindowExW
RegisterClassW
CloseDesktop
GetUserObjectInformationW
OpenInputDesktop
DestroyWindow
wsprintfW
LoadStringW
SetThreadDesktop
GetSystemMetrics
SendMessageW
MsgWaitForMultipleObjects
IsDialogMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
GetDlgItem
EnableWindow
ShowWindow
UpdateWindow
SetForegroundWindow
EndDialog
FindWindowW
GetWindowRect
MoveWindow
DialogBoxParamW
MessageBoxW
SetWindowLongW
UnregisterDeviceNotification
PostMessageW
RegisterWindowMessageW
GetDlgItemTextW
SetDlgItemTextW
RegisterDeviceNotificationW
CreateDialogParamW
SendMessageTimeoutW

kernel32

LocalAlloc
HeapFree
HeapAlloc
GetProcessHeap
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
QueryPerformanceCounter
LoadLibraryA
InterlockedCompareExchange
DelayLoadFailureHook
GetTickCount
OpenEventW
ResetEvent
CreateDirectoryW
GetLocalTime
WideCharToMultiByte
GetSystemWow64DirectoryW
GetCurrentProcess
GetFileSize
GetDiskFreeSpaceExW
GetModuleFileNameW
InterlockedExchange
WaitForSingleObject
GetCurrentThreadId
DisableThreadLibraryCalls
CreateFileW
lstrcpynW
GetDriveTypeW
FormatMessageW
LocalFree
LoadLibraryW
GetProcAddress
FreeLibrary
CreateEventW
SetEvent
GetModuleHandleW
GetVersionExW
GetSystemTimeAsFileTime
FindFirstFileW
SetFileAttributesW
DeleteFileW
FindNextFileW
FindClose
CreateThread
CloseHandle
ExpandEnvironmentStringsW
GetLastError
GetFileAttributesW
SetLastError

rpcrt4

RpcStringFreeW
RpcImpersonateClient
NdrClientCall2
NdrServerCall2
RpcServerUseProtseqEpW
RpcServerRegisterIfEx
I_RpcMapWin32Status
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcBindingSetAuthInfoExW
RpcBindingFree
RpcRevertToSelf

advapi32

RegCreateKeyExW
RegisterEventSourceW
RevertToSelf
ImpersonateLoggedOnUser
DeregisterEventSource
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegGetValueW
AllocateAndInitializeSid
FreeSid
RegDeleteValueW
CheckTokenMembership
LookupAccountSidW
CreateWellKnownSid
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
ReportEventW

wintrust

CryptCATAdminAcquireContext
WinVerifyTrust
CryptCATAdminReleaseCatalogContext
CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseContext

crypt32

CertFreeCertificateContext

ole32

StringFromIID
CoTaskMemFree
StringFromGUID2
IIDFromString

Exports

Exports

SfcGetNextProtectedFile
SfcIsFileProtected
SfcWLEventLogoff
SfcWLEventLogon

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

efd10f31a0de9b564c563f0c13f36b60

Headers

File Characteristics

PDB Paths

Imports

ntdll

user32

kernel32

rpcrt4

advapi32

wintrust

crypt32

ole32

Exports

Exports

Sections

.text Size: 97KB - Virtual size: 96KB

.data Size: 512B - Virtual size: 21KB

.rsrc Size: 35KB - Virtual size: 35KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 97KB - Virtual size: 96KB

.data
Size: 512B - Virtual size: 21KB

.rsrc
Size: 35KB - Virtual size: 35KB

.reloc
Size: 6KB - Virtual size: 5KB