71e9d7d6c2599374443e691b417d825d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

71e9d7d6c2599374443e691b417d825d_JaffaCakes118
Size

366KB
MD5

71e9d7d6c2599374443e691b417d825d
SHA1

dd9ee6f7e1c9c61b3b9a504a24afd8028179d9b2
SHA256

bb77a05754eb2108b28b7ff3d45f739cb71df2b661f8cf83f66c5d56fb65dd2c
SHA512

f9eaaa523a73de8399433a681fd9194cbe34a316e18b350964c44920fb40049b129697395dc61ec70d74963994290fe2e91dd382c550e5ba130c6a0f60502911
SSDEEP

6144:+fqY0+iN8ulS5jGRM2z6dcIX4J4t3VnsjCqB/I9q1qhm:+fRdiS26dc94tFsjCq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
71e9d7d6c2599374443e691b417d825d_JaffaCakes118

Files

71e9d7d6c2599374443e691b417d825d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

52805d826531d2bd43ca6fc8d9f01ad5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\service-wrapper-java\src\c\wrapper32_VC8__Win32_Release\wrapper.pdb

Imports

mpr

WNetGetUniversalNameW

shell32

ShellExecuteExW

netapi32

NetWkstaGetInfo
NetApiBufferFree

wsock32

WSAGetLastError
gethostname
inet_addr
ioctlsocket
htons
ntohs
recv
bind
socket
closesocket
send
listen
accept
inet_ntoa
WSAStartup

shlwapi

PathIsDirectoryW
PathFindOnPathW

advapi32

DeleteService
OpenServiceW
LsaOpenPolicy
StartServiceCtrlDispatcherW
OpenSCManagerW
LsaQueryInformationPolicy
OpenProcessToken
CloseServiceHandle
CreateServiceW
LsaFreeMemory
QueryServiceConfigW
ConvertSidToStringSidW
ControlService
RegisterServiceCtrlHandlerW
LsaNtStatusToWinError
RegEnumValueW
SetServiceStatus
LsaClose
QueryServiceStatus
StartServiceW
LookupAccountSidW
LookupAccountNameW
RegQueryInfoKeyW
RegQueryValueExW
LsaAddAccountRights
RegisterEventSourceW
RegCreateKeyW
DeregisterEventSource
RegOpenKeyExW
ReportEventW
RegCloseKey
RegSetValueExW
GetTokenInformation

user32

GetWindowPlacement
GetSystemMetrics
FindWindowW
SetWindowPlacement
IsWindowVisible

crypt32

CryptDecodeObject
CryptQueryObject
CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptMsgClose

wintrust

WinVerifyTrust

pdh

PdhOpenQueryW
PdhCollectQueryData
PdhGetFormattedCounterValue

kernel32

GetConsoleCP
SetFilePointer
SetEndOfFile
GetProcessHeap
SetHandleCount
GetStartupInfoW
DeleteCriticalSection
RtlUnwind
GetFileInformationByHandle
FreeEnvironmentStringsW
SetEnvironmentVariableA
IsProcessorFeaturePresent
LCMapStringW
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetTickCount
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
CompareStringW
RaiseException
HeapSize
ReadFile
GetOEMCP
InterlockedIncrement
GetCPInfo
HeapCreate
EncodePointer
IsDebuggerPresent
MultiByteToWideChar
GetLastError
CreateMutexW
WaitForSingleObject
Sleep
FormatMessageW
WriteConsoleW
GetModuleFileNameW
lstrlenW
GlobalFree
GetCurrentThreadId
ReleaseMutex
CloseHandle
GetFullPathNameW
GetACP
PeekNamedPipe
GetEnvironmentStringsW
ConnectNamedPipe
GetModuleHandleW
CreateNamedPipeW
WriteFile
WideCharToMultiByte
GetLocaleInfoW
GetVersionExW
TerminateProcess
GetThreadLocale
GetProcAddress
GetSystemInfo
GetEnvironmentVariableW
lstrcmpA
SetPriorityClass
GetDriveTypeW
AllocConsole
FreeLibrary
CreateProcessW
GetCurrentProcess
QueryPerformanceCounter
GetUserDefaultLCID
GenerateConsoleCtrlEvent
OpenProcess
LoadLibraryW
GetExitCodeProcess
FileTimeToSystemTime
CreateFileW
FlushFileBuffers
SetThreadLocale
GetStdHandle
GetCurrentDirectoryW
GetLocalTime
LocalAlloc
SetConsoleCtrlHandler
GlobalMemoryStatusEx
CreatePipe
SetConsoleTitleW
QueryPerformanceFrequency
DuplicateHandle
FileTimeToLocalFileTime
GetCurrentProcessId
LocalFree
lstrcpyW
CreateThread
ExpandEnvironmentStringsW
HeapAlloc
GetFileType
HeapFree
EnterCriticalSection
LeaveCriticalSection
FindClose
FindFirstFileExW
DeleteFileW
GetTimeZoneInformation
GetSystemTimeAsFileTime
MoveFileW
GetStringTypeW
SetEnvironmentVariableW
SetCurrentDirectoryW
InterlockedDecrement
SetStdHandle
InitializeCriticalSectionAndSpinCount
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
ExitProcess
DecodePointer
FindNextFileW
GetCommandLineW
HeapSetInformation
UnhandledExceptionFilter
SetUnhandledExceptionFilter

Sections

.text
Size: 225KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

52805d826531d2bd43ca6fc8d9f01ad5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mpr

shell32

netapi32

wsock32

shlwapi

advapi32

user32

crypt32

wintrust

pdh

kernel32

Sections

.text Size: 225KB - Virtual size: 225KB

.rdata Size: 108KB - Virtual size: 108KB

.data Size: 5KB - Virtual size: 147KB

.rsrc Size: 9KB - Virtual size: 8KB

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 225KB - Virtual size: 225KB

.rdata
Size: 108KB - Virtual size: 108KB

.data
Size: 5KB - Virtual size: 147KB

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 17KB - Virtual size: 16KB