72c82959026177f25c1f04a902d08b4c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

72c82959026177f25c1f04a902d08b4c_JaffaCakes118
Size

150KB
MD5

72c82959026177f25c1f04a902d08b4c
SHA1

c0e389fee31967b185c7c3340c4cabae33070d4c
SHA256

f308caae25f1d57254872f0e7d2daf8df335b9bfb8988f987fd8101a90b60daf
SHA512

0effbe3afeb1f726b5f1ac0a830e755c0c66eca161e5187a8e061535f870fb5b7c853e5b94ab932f1b360abcfcef678b40cb4dc3a744bfbd0c1ad353b435d405
SSDEEP

3072:x7G3fQTPRz7MZ+pj+nRyTXv1SlGdgHkW8Ge6erLzltCoiQ6ArhykiE:x7iQTPR25RyTaEW8/bXi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
72c82959026177f25c1f04a902d08b4c_JaffaCakes118

Files

72c82959026177f25c1f04a902d08b4c_JaffaCakes118
.dll windows:5 windows x86 arch:x86

3f61bd33d54042ce8a9a3ec87c2124d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

K:\windows_script2\usermode-rootkit\bin\usermode-rootkit.pdb

Imports

msvcrt

??1type_info@@UAE@XZ
_strdup
_strcmpi
strncpy
strstr
_strnicmp
sprintf
strchr
_stricmp
srand
_wcsdup
realloc
??3@YAXPAX@Z
rand
malloc
calloc
free
atoi
vsprintf
_wcsnicmp
_wtoi
_wcsicmp
wcsncpy
??2@YAPAXI@Z
memcpy
memset

ntdll

NtQueryInformationProcess
RtlInitUnicodeString
RtlAdjustPrivilege
RtlDosPathNameToNtPathName_U

psapi

GetModuleBaseNameW

shlwapi

SHEnumValueW
SHRegGetValueW
StrCmpIW
PathCombineW
SHSetValueW
StrCmpNIA
SHEnumKeyExW

urlmon

URLOpenBlockingStreamW
ObtainUserAgentString

wininet

InternetQueryOptionW
GetUrlCacheEntryInfoA
InternetOpenW
FtpGetFileW
FtpDeleteFileW
InternetFindNextFileW
FtpOpenFileW
FtpCommandW
InternetConnectW
InternetWriteFile
FtpCreateDirectoryW
FtpRemoveDirectoryW
FtpSetCurrentDirectoryW
FtpGetFileSize
InternetCrackUrlA
InternetReadFile
FtpRenameFileW
FtpFindFirstFileW
FtpPutFileW
InternetCloseHandle
InternetGetLastResponseInfoW
FtpGetCurrentDirectoryW

winhttp

WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpConnect
WinHttpWriteData
WinHttpSendRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetOption
WinHttpSetTimeouts
WinHttpOpen
WinHttpOpenRequest
WinHttpGetProxyForUrl
WinHttpCrackUrl
WinHttpReadData
WinHttpAddRequestHeaders
WinHttpReceiveResponse

kernel32

GetModuleHandleA
ExitProcess
GetTempFileNameW
GlobalDeleteAtom
lstrcmpA
FindFirstFileW
SetFilePointer
GetCurrentProcess
GetTickCount
GetSystemDirectoryW
GetVolumeInformationA
GetVersionExW
GetModuleFileNameW
ExitThread
GetTempPathW
Process32FirstW
DeviceIoControl
GlobalFindAtomW
Process32NextW
FindNextFileW
CreateToolhelp32Snapshot
GlobalAddAtomW
LocalFree
CreateThread
VirtualAlloc
LoadLibraryA
EnterCriticalSection
GetDiskFreeSpaceW
CompareStringA
SetEndOfFile
CreateFileA
LocalAlloc
VirtualProtectEx
lstrcmpiW
LoadLibraryW
FreeLibrary
SetFileAttributesW
DeleteFileW
VirtualProtect
OpenProcess
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
DuplicateHandle
GetProcessId
Thread32Next
VirtualFreeEx
Thread32First
SetThreadContext
GetThreadContext
GetFileInformationByHandle
CreateFileMappingW
FileTimeToSystemTime
WideCharToMultiByte
SystemTimeToFileTime
UnmapViewOfFile
MapViewOfFile
OpenMutexW
WaitForSingleObjectEx
InterlockedIncrement
InterlockedDecrement
GetLastError
GetCurrentThreadId
IsBadReadPtr
GetFileSize
WriteFile
ReadFile
CreateFileW
CompareStringW
CloseHandle
WaitForSingleObject
SetEvent
TerminateThread
Sleep
CreateEventW
SuspendThread
ResumeThread
MultiByteToWideChar
GlobalFree
SetLastError
OutputDebugStringA
SleepEx
GetLocalTime
GetCurrentProcessId
lstrlenA
GetModuleHandleW
GetPrivateProfileStringW
InitializeCriticalSection
LeaveCriticalSection
GetFileAttributesW
FlushFileBuffers
GetPrivateProfileIntW
GetProcAddress
CreateMutexW

user32

TranslateMessage
DrawIcon
GetIconInfo
GetCursorPos
MessageBoxW
wsprintfA
GetWindowThreadProcessId
GetWindowRect
wsprintfW
GetMessageW
DefWindowProcW
SetWindowTextW
EnableWindow
SendMessageW
CreateWindowExW
ShowWindow
GetDesktopWindow
SetWindowLongW
GetWindowLongW
LoadIconW
RegisterClassExW
GetForegroundWindow
DispatchMessageW
SetFocus
LoadCursorW
GetParent
PostMessageW
UnregisterClassW

gdi32

GetStockObject

advapi32

CreateServiceW
IsTextUnicode
OpenProcessToken
GetUserNameW
GetTokenInformation
RegQueryValueExW
RegOpenKeyW
IsValidSid
RegOpenKeyExW
ConvertSidToStringSidW
RegCloseKey
RegSetValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegisterServiceCtrlHandlerW
CloseServiceHandle
OpenSCManagerW
RegCreateKeyW
SetServiceStatus

shell32

SHGetFolderPathW

ole32

CoCreateGuid
CLSIDFromProgID
CoUninitialize
CoCreateInstance
CoInitialize
OleInitialize

oleaut32

SysStringByteLen
SysStringLen
VariantClear
VariantCopy
VariantChangeType
VariantInit
SysAllocString
SysFreeString

ws2_32

setsockopt
WSACloseEvent
connect
WSAStartup
htonl
WSAGetLastError
htons
send
WSAResetEvent
closesocket
WSACreateEvent
WSAGetOverlappedResult
socket
WSACleanup
sendto
WSARecvFrom

dnsapi

DnsQuery_W
DnsFree

crypt32

CryptBinaryToStringW
CryptStringToBinaryW

Exports

Exports

ServiceHandler
ServiceMain

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f61bd33d54042ce8a9a3ec87c2124d2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

psapi

shlwapi

urlmon

wininet

winhttp

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

dnsapi

crypt32

Exports

Exports

Sections

.text Size: 94KB - Virtual size: 94KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 29KB - Virtual size: 31KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 94KB - Virtual size: 94KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 29KB - Virtual size: 31KB

.reloc
Size: 7KB - Virtual size: 6KB