72c521e7f27aa33acbbd69c7b13fbce4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

72c521e7f27aa33acbbd69c7b13fbce4_JaffaCakes118
Size

154KB
MD5

72c521e7f27aa33acbbd69c7b13fbce4
SHA1

24876e9ad8642003769feebef79d9333ea7e74e3
SHA256

ce1296f86b554d307b8167db2578be48ba4bf784f3dfdf8def0ae45ab4f02193
SHA512

5313e8241a56d58c53ec0feed1a60a9b5f3f2935c24c69268fd29b3061ec2b5c660d2af6ba518d7307de4139142e89cca448a3f06c22e787f7fed345fc3d5519
SSDEEP

3072:m41oIi05OUTekVN1aI0Ld/c6uK9tE5VooXrxI:9oIi0QoFVcd17WPXt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
72c521e7f27aa33acbbd69c7b13fbce4_JaffaCakes118

Files

72c521e7f27aa33acbbd69c7b13fbce4_JaffaCakes118
.exe windows:5 windows x86 arch:x86

498852db595535929c48e83b0ad9168e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

swprintf
_wcsicmp
_except_handler3
wcscat
sprintf
_wtol
wcsrchr
wcsncpy
strtoul
wcstoul
wcsncat
_ultoa
free
wcschr
wcscpy
wcscmp
srand
_initterm
wcslen
rand
wcstombs
wcsncmp
malloc
time
_adjust_fdiv

iphlpapi

GetIpAddrTable
IcmpCreateFile
IcmpSendEcho
SendARP

ntdll

RtlSetSaclSecurityDescriptor
RtlInitUnicodeString
RtlCreateAcl
RtlAddAce
NtAddAtom
NtDeviceIoControlFile
NtCancelIoFile
RtlNewSecurityObject
RtlGUIDFromString
NtWaitForSingleObject
NtAllocateVirtualMemory
RtlCopySid
RtlxOemStringToUnicodeSize
NtClose
RtlxUnicodeStringToOemSize
RtlOemStringToUnicodeString
RtlInitString
NlsMbOemCodePageTag
RtlLengthSid
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
NtConnectPort
NtRequestPort
NtCreateFile
RtlSetGroupSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlDeleteSecurityObject
RtlUpcaseUnicodeString
RtlNtStatusToDosError
RtlUnicodeStringToOemString

advapi32

SystemFunction036
SetSecurityDescriptorDacl
SetServiceStatus
RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyW
QueryServiceStatus
StartServiceW
OpenSCManagerW
AddAccessAllowedAce
FreeSid
RegisterServiceCtrlHandlerExW
ReportEventW
AccessCheck
OpenServiceW
RegQueryInfoKeyW
RegSetValueExW
RegEnumValueW
RegOpenKeyW
RegQueryValueExW
AllocateAndInitializeSid
CloseServiceHandle
RegOpenKeyExW
InitializeSecurityDescriptor
RegEnumKeyExW
GetLengthSid
InitializeAcl
OpenThreadToken
RegCloseKey
LsaNtStatusToWinError
DeregisterEventSource
RegisterEventSourceW

user32

MessageBoxW

dnsapi

DnsAsyncRegisterInit
DnsAsyncRegisterHostAddrs
DnsRemoveRegistrations
DnsNotifyResolver
DnsQueryConfigDword
DnsAsyncRegisterTerm

rpcrt4

RpcServerRegisterIfEx
UuidCreate
RpcBindingVectorFree
RpcServerInqBindings
RpcBindingFromStringBindingW
UuidToStringW
RpcBindingSetOption
RpcRevertToSelf
RpcStringFreeW
RpcBindingFree
RpcEpUnregister
RpcEpRegisterW
RpcImpersonateClient
RpcBindingSetAuthInfoW
RpcStringBindingComposeW
RpcBindingToStringBindingW
RpcStringBindingParseW
NdrClientCall2
RpcServerRegisterAuthInfoW
RpcServerUseProtseqEpW
NdrServerCall2
RpcServerUnregisterIfEx

secur32

LsaUnregisterPolicyChangeNotification
LsaRegisterPolicyChangeNotification

kernel32

InitializeCriticalSection
GetCurrentProcessId
LeaveCriticalSection
GetCurrentThreadId
EnterCriticalSection
InterlockedDecrement
MultiByteToWideChar
LocalAlloc
WaitForMultipleObjects
CreateWaitableTimerW
DisableThreadLibraryCalls
InterlockedIncrement
QueryPerformanceCounter
HeapFree
CancelWaitableTimer
ReleaseSemaphore
GetCurrentProcess
GetLastError
PulseEvent
CloseHandle
SetEvent
ResetEvent
OpenEventA
GetComputerNameExW
LoadLibraryA
LocalFree
LoadLibraryW
DeleteCriticalSection
TerminateProcess
CreateSemaphoreW
GetVersionExW
UnhandledExceptionFilter
GetSystemTimeAsFileTime
IsBadWritePtr
FreeLibrary
GetCurrentThread
Sleep
FormatMessageW
CreateEventA
GetSystemTime
SetUnhandledExceptionFilter
SetWaitableTimer
WaitForSingleObject
TerminateThread
OpenEventW
GetProcessHeap
GetTickCount
DeviceIoControl
SystemTimeToFileTime
CreateEventW
SetLastError
GetProcAddress
CreateThread
CreateFileW

ws2_32

WSACloseEvent
WSASetEvent
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
WSACreateEvent
WSAIoctl
WSAEnumNetworkEvents

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

498852db595535929c48e83b0ad9168e

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

iphlpapi

ntdll

advapi32

user32

dnsapi

rpcrt4

secur32

kernel32

ws2_32

Sections

.text Size: 33KB - Virtual size: 32KB

.rsrc Size: 14KB - Virtual size: 14KB

.reloc Size: 512B - Virtual size: 20B

.data Size: 30KB - Virtual size: 352KB

.rdata Size: 75KB - Virtual size: 75KB

.text
Size: 33KB - Virtual size: 32KB

.rsrc
Size: 14KB - Virtual size: 14KB

.reloc
Size: 512B - Virtual size: 20B

.data
Size: 30KB - Virtual size: 352KB

.rdata
Size: 75KB - Virtual size: 75KB