755473b958621d36c550bbb3ea6dbc3d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

755473b958621d36c550bbb3ea6dbc3d_JaffaCakes118
Size

96KB
MD5

755473b958621d36c550bbb3ea6dbc3d
SHA1

1c98ae76f58253197ee465f74307c3e06d9562eb
SHA256

92565d4cd61a7df46f0314eb20c08370285eab9b2db66b8dac94e6b4d4080e72
SHA512

58e5904c81446851c997aa90d779487d15792ce46678aca4857b4dba3feca865e81c017a00bbd6746d3dfd47e192e04a718af74ebf0035a9b71a420ead86722f
SSDEEP

1536:zV8YzSned7R9LkuqyloDDdObPJiLcklem7sh1:zCguwF9Lk5O2cgem7sh1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
755473b958621d36c550bbb3ea6dbc3d_JaffaCakes118

Files

755473b958621d36c550bbb3ea6dbc3d_JaffaCakes118
.dll windows:5 windows x86 arch:x86

35dadf7d200a976a0bdcf96e265283ab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

srvsvc.pdb

Imports

advapi32

GetAce
SetFileSecurityW
GetFileSecurityW
IsValidSecurityDescriptor
LsaOpenPolicy
LsaQueryInformationPolicy
LsaFreeMemory
LsaClose
ImpersonateSelf
RegCloseKey
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegSetValueExW
CloseServiceHandle
StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
RegNotifyChangeKeyValue
EqualSid
GetAclInformation
AddAccessAllowedAceEx
GetLengthSid
GetSecurityDescriptorDacl
SetServiceStatus
I_ScSetServiceBitsW
RegisterServiceCtrlHandlerExW
CryptHashData
CryptReleaseContext
CryptDestroyHash
CryptDestroyKey
CryptVerifySignatureW
CryptImportKey
CryptCreateHash
RevertToSelf
CryptAcquireContextW
RegisterEventSourceW
ReportEventW
DeregisterEventSource

imagehlp

ImageEnumerateCertificates
ImageGetCertificateHeader
ImageGetCertificateData
ImageGetDigestStream

kernel32

GetTickCount
DeviceIoControl
WaitForMultipleObjects
Sleep
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
CloseHandle
InterlockedIncrement
lstrcmpW
GetVersionExW
LoadLibraryW
FreeLibrary
FormatMessageW
LocalFree
DeleteCriticalSection
CreateEventW
CreateThread
SetEvent
RaiseException
VerifyVersionInfoW
WaitForSingleObject
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
DisableThreadLibraryCalls
LocalAlloc
GetCurrentThread
SetThreadPriority
ExitThread
GetSystemTime
GetDriveTypeW
GetSystemDirectoryW
SetLastError
CreateFileW
InitializeCriticalSection
GetLastError
GetProcAddress

msvcrt

wcscmp
wcstok
wcsncpy
memmove
towupper
_except_handler3
srand
rand
_wcsicmp
wcschr
_wcsnicmp
wcslen
wcscat
wcscpy

netapi32

NetpwPathCanonicalize
NetpwPathCompare
NetpwNameValidate
NetpwNameCanonicalize
NetpwNameCompare
NetApiBufferFree
DsGetSiteNameW
NetpNtStatusToApiStatus
NetpAccessCheckAndAudit
NetpDeleteSecurityObject
NetpCreateSecurityObject
I_NetPathType
NetpGetComputerName
NetpReleasePrivilege
NetpGetPrivilege
NetUnregisterDomainNameChangeNotification
NetRegisterDomainNameChangeNotification
NetpLocalTimeZoneOffset
NetApiBufferAllocate
NetMessageBufferSend
NetpwPathType

ntdll

NtQuerySymbolicLinkObject
RtlSetDaclSecurityDescriptor
RtlMakeSelfRelativeSD
NtOpenKey
NtQueryValueKey
NtCreateEvent
RtlAcquireResourceShared
NlsMbOemCodePageTag
RtlxUnicodeStringToOemSize
RtlUnicodeStringToOemString
RtlCopyUnicodeString
NtOpenFile
RtlUpcaseUnicodeStringToOemString
RtlCreateEnvironment
RtlSetEnvironmentVariable
RtlIntegerToUnicodeString
RtlDestroyEnvironment
RtlGetNtProductType
NtQuerySystemInformation
RtlLengthSecurityDescriptor
RtlQueryEnvironmentVariable_U
RtlValidSecurityDescriptor
RtlQueryRegistryValues
NtOpenSymbolicLinkObject
RtlCheckRegistryKey
RtlNtStatusToDosError
RtlCreateRegistryKey
RtlWriteRegistryValue
VerSetConditionMask
RtlAcquireResourceExclusive
RtlReleaseResource
RtlDosPathNameToNtPathName_U
RtlFreeUnicodeString
NtCreateFile
NtFsControlFile
RtlInitUnicodeString
RtlUnicodeStringToInteger
RtlValidRelativeSecurityDescriptor
RtlCopySecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlSetGroupSecurityDescriptor
NtOpenThreadToken
RtlSetSecurityObject
NtClose
RtlNewSecurityObject
NtQueryInformationFile
NtQueryVolumeInformationFile
DbgPrint
NtWaitForSingleObject
NtOpenEvent
RtlUpcaseUnicodeString
NtUnloadDriver
NtLoadDriver
RtlDeleteCriticalSection
RtlDeleteResource
RtlInitializeCriticalSection
RtlInitializeResource
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlDeleteSecurityObject
RtlTimeToSecondsSince1970
NtQuerySystemTime
NtCompleteConnectPort
NtAcceptConnectPort
RtlCompareMemoryUlong
NtListenPort
NtCreatePort
RtlInitAnsiString
NtRequestPort
NtReplyPort
RtlFreeHeap
NtSetInformationThread
NtImpersonateClientOfPort
NtReplyWaitReceivePortEx
RtlDeleteRegistryValue

rpcrt4

RpcRevertToSelf
RpcImpersonateClient
UuidCreate
RpcStringFreeW
RpcBindingFree
RpcStringBindingParseW
RpcBindingToStringBindingW
RpcBindingServerFromClient
RpcServerUnregisterIf
RpcServerRegisterIfEx
RpcServerUseProtseqEpW
NdrServerCall2

user32

GetSystemMetrics

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

35dadf7d200a976a0bdcf96e265283ab

Headers

File Characteristics

PDB Paths

Imports

advapi32

imagehlp

kernel32

msvcrt

netapi32

ntdll

rpcrt4

user32

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 71KB

.data Size: 16KB - Virtual size: 15KB

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 72KB - Virtual size: 71KB

.data
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 4KB - Virtual size: 4KB