771945a2e27b3b9f3c41cbe3830a305c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

771945a2e27b3b9f3c41cbe3830a305c_JaffaCakes118
Size

467KB
MD5

771945a2e27b3b9f3c41cbe3830a305c
SHA1

e43ec0d7059490094d2ad5e337e2254ec7c6a888
SHA256

68fcb60c604d339539950bcfad292901f57c7f37fc8dc9d5f1af43fe64a2a9ee
SHA512

da9e75c5370599f6f5b2fad1474e5330d78957a30d2e2ace5400648c53e7f1ff4a60300ed04245b3fa439144a59a94909da45256e658f0d2305d0abddb07c634
SSDEEP

12288:nxDuHsqDOKia9CgNyyt5ZoP5tKAaNtGWaexncd8MJ4:nxC1sUnNx/WtKA7N8U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
771945a2e27b3b9f3c41cbe3830a305c_JaffaCakes118

Files

771945a2e27b3b9f3c41cbe3830a305c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2cd331b55b6689afbad3430797252198

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

I_RpcMapWin32Status
UuidCreate
RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
RpcBindingToStringBindingW
I_RpcExceptionFilter
I_RpcBindingIsClientLocal
RpcBindingSetAuthInfoExA
UuidToStringW
RpcSsDestroyClientContext
RpcStringBindingParseW
RpcStringBindingComposeW
RpcBindingFree
RpcRevertToSelf
RpcImpersonateClient
RpcBindingSetAuthInfoA
NDRCContextBinding
RpcRaiseException
RpcBindingSetAuthInfoW
RpcEpResolveBinding
RpcStringFreeW
NdrClientCall2
UuidFromStringW

ntdll

NtOpenKey
RtlAddAccessDeniedAce
NtOpenObjectAuditAlarm
RtlUnwind
_itow
RtlImageNtHeader
RtlAllocateHandle
NtQueryInformationThread
NtAccessCheckAndAuditAlarm
RtlQueryRegistryValues
NtImpersonateAnonymousToken
RtlGetDaclSecurityDescriptor
NtFlushKey
RtlValidAcl
RtlFreeHeap
RtlTimeToSecondsSince1970
RtlFreeSid
wcsstr
RtlSelfRelativeToAbsoluteSD
NtQueryValueKey
RtlEqualUnicodeString
RtlOemStringToUnicodeString
NtDuplicateToken
RtlLengthRequiredSid
RtlGetFullPathName_U
NtAccessCheckByTypeResultListAndAuditAlarm
RtlAddAuditAccessObjectAce
_chkstk
_strnicmp
NtQueryInformationToken
NtReleaseSemaphore
NtAccessCheck
NtQuerySystemTime
_alloca_probe
RtlDestroyQueryDebugBuffer
_ultow
NtOpenProcessToken
RtlAreAnyAccessesGranted
RtlValidSecurityDescriptor
RtlFreeUnicodeString
wcslen
RtlGetSaclSecurityDescriptor
RtlCreateSecurityDescriptor
NtAdjustGroupsToken
NtReadFile
RtlIsGenericTableEmpty
NtSaveKeyEx
RtlCreateAcl
DbgPrint
NtNotifyChangeKey
NtSaveKey
RtlSubAuthoritySid
wcscat
RtlGetGroupSecurityDescriptor
RtlLeaveCriticalSection
RtlAbsoluteToSelfRelativeSD
NtQueryVirtualMemory
RtlNewSecurityObject
RtlDosPathNameToNtPathName_U
RtlUnicodeToMultiByteSize
NtSaveMergedKeys
RtlDetermineDosPathNameType_U
RtlAddAuditAccessAceEx
RtlQueryInformationAcl
RtlDuplicateUnicodeString
RtlSetSaclSecurityDescriptor
NtRestoreKey
RtlQuerySecurityObject
NtCloseObjectAuditAlarm
NtWaitForSingleObject
NtQueryMultipleValueKey
RtlSetSecurityDescriptorRMControl
RtlValidSid
NtQueryPerformanceCounter
_ftol
RtlUpcaseUnicodeChar
RtlNtStatusToDosError
_wcsicmp
RtlAnsiStringToUnicodeString
NtAdjustPrivilegesToken
RtlGetSecurityDescriptorRMControl
RtlAddAce
RtlGUIDFromString
RtlOpenCurrentUser
sprintf
NtPrivilegedServiceAuditAlarm
RtlAddAccessAllowedAce
RtlUnicodeStringToInteger
NtTraceEvent
NtClearEvent
RtlInitUnicodeStringEx
RtlIsTextUnicode
RtlSetSecurityObjectEx
RtlAppendUnicodeToString
RtlSetSecurityObject
NtQueryKey
NtOpenFile
NtPrivilegeCheck
wcscmp
RtlAppendUnicodeStringToString
RtlMultiByteToUnicodeN
NtQuerySymbolicLinkObject
RtlMapGenericMask
NtSetInformationToken
NtWriteFile
NtWaitForMultipleObjects
RtlInitializeHandleTable
RtlFormatCurrentUserKeyPath
RtlAllocateHeap
RtlCopySid
RtlInitializeGenericTable
NtAccessCheckByTypeResultListAndAuditAlarmByHandle
RtlAdjustPrivilege
NtOpenSymbolicLinkObject
NtQuerySecurityObject
_stricmp
RtlAddAccessAllowedAceEx
RtlEnumerateGenericTableWithoutSplaying
RtlSubAuthorityCountSid
NtSetInformationFile
NtCreateKey
NtSetEvent
RtlCompareMemory
RtlMakeSelfRelativeSD
NtQuerySystemInformation
RtlIntegerToUnicodeString
_vsnwprintf
RtlDeleteElementGenericTable
RtlFlushSecureMemoryCache
RtlLengthSecurityDescriptor
NtOpenProcess
RtlGetAce
RtlCopyUnicodeString
NtUnloadKey
RtlInitString
strncpy
RtlIsValidIndexHandle
RtlLookupElementGenericTable
NtTerminateProcess
RtlCreateHeap
RtlDestroyHandleTable
NtAllocateVirtualMemory
RtlUpcaseUnicodeStringToOemString
NtCreateEvent
RtlSetGroupSecurityDescriptor
RtlAreAllAccessesGranted
RtlGetVersion
RtlReAllocateHeap
RtlDestroyHeap
NtAllocateLocallyUniqueId
NtClose
RtlSelfRelativeToAbsoluteSD2
NlsMbCodePageTag
RtlSetOwnerSecurityDescriptor
NtPowerInformation
NtDuplicateObject
RtlAddAccessDeniedAceEx
RtlUnicodeToMultiByteN
iswctype
RtlStringFromGUID
_snwprintf
NtSetInformationProcess
RtlFreeHandle
NtQueryVolumeInformationFile
NtDeleteValueKey
RtlUnicodeStringToAnsiString
NtPrivilegeObjectAuditAlarm
RtlInitUnicodeString
NtFilterToken
RtlCreateQueryDebugBuffer
RtlInsertElementGenericTable
NtAccessCheckByTypeAndAuditAlarm
NtCreateSemaphore
NtSetValueKey
NtDeleteKey
RtlCompareUnicodeString
NtDeleteObjectAuditAlarm
RtlAddAuditAccessAce
RtlInitAnsiString
RtlNewSecurityObjectEx
RtlLengthSid
RtlCopyLuid
NtLoadKey
RtlSetControlSecurityDescriptor
NtEnumerateValueKey
memmove
NtSetInformationThread
NtSetInformationObject
NtDeviceIoControlFile
NtCreateFile
NtFsControlFile
wcsncpy
NtOpenThreadToken
RtlxAnsiStringToUnicodeSize
RtlInitializeCriticalSection
atol
RtlAddAccessDeniedObjectAce
NtAccessCheckByType
wcscpy
RtlSetInformationAcl
RtlExpandEnvironmentStrings_U
_wcsnicmp
RtlFirstFreeAce
NtReplaceKey
RtlInitializeSid
NtFreeVirtualMemory
RtlDeleteAce
RtlDeleteSecurityObject
NtSetSecurityObject
RtlCreateUnicodeStringFromAsciiz
NtQueryInformationProcess
RtlIdentifierAuthoritySid
NtFlushBuffersFile
RtlNumberGenericTableElements
NtQueryInformationFile
RtlCreateUnicodeString
wcsncmp
RtlQueryProcessDebugInformation
RtlEqualPrefixSid
RtlConvertSidToUnicodeString
RtlImpersonateSelf
RtlAllocateAndInitializeSid
wcstombs
RtlSetDaclSecurityDescriptor
wcschr
NtEnumerateKey
tolower
RtlValidRelativeSecurityDescriptor
mbstowcs
RtlGetOwnerSecurityDescriptor
wcstol
RtlxUnicodeStringToAnsiSize
RtlNewSecurityObjectWithMultipleInheritance
RtlAddAccessAllowedObjectAce
RtlConvertToAutoInheritSecurityObject
RtlRandom
NtCompareTokens
wcstoul
RtlDeleteCriticalSection
wcsrchr
NtNotifyChangeMultipleKeys
strchr
RtlFreeAnsiString
swprintf
strstr
RtlPrefixUnicodeString
RtlEnterCriticalSection
RtlGetNtProductType
_wcslwr
NtAccessCheckByTypeResultList
RtlEqualSid
RtlGetControlSecurityDescriptor

kernel32

SetNamedPipeHandleState
GetProcAddress
LeaveCriticalSection
UnmapViewOfFile
GetDriveTypeW
GetPrivateProfileIntW
GlobalMemoryStatus
CreateFileMappingA
CreateProcessInternalW
SetErrorMode
InterlockedIncrement
GetTickCount
GetModuleHandleExW
GetFileSizeEx
lstrlenA
GetSystemDirectoryW
FormatMessageW
CreateFileMappingW
DeleteFileW
OpenMutexW
GetCurrentProcess
InitializeCriticalSection
LocalAlloc
DuplicateHandle
GetConsoleCP
GetSystemInfo
ResetEvent
ExpandEnvironmentStringsA
GetProcessHeap
FindFirstFileW
SetFilePointer
GetWindowsDirectoryW
CompareFileTime
MoveFileW
WritePrivateProfileStringW
ExitThread
EnterCriticalSection
InterlockedExchangeAdd
GetConsoleOutputCP
InterlockedCompareExchange
CreateMutexW
HeapFree
HeapAlloc
GetPrivateProfileStringW
InterlockedExchange
LoadLibraryExW
GetLongPathNameW
VirtualFree
GetModuleHandleA
DeleteCriticalSection
CopyFileW
FindResourceA
CreateEventW
GetComputerNameA
FindResourceExW
WriteFile
EnumUILanguagesW
CreateFileA
GetVolumeInformationW
GetFullPathNameW
GetSystemTime
CreateEventA
VirtualAlloc
GetPriorityClass
lstrlenW
LoadLibraryW
FindClose
WaitNamedPipeW
GetSystemWindowsDirectoryW
IsBadWritePtr
MultiByteToWideChar
lstrcatW
LocalReAlloc
GetCurrentProcessId
GetFileAttributesExW
TerminateProcess
GetCurrentThread
SetLastError
SizeofResource
lstrcpyW
FreeLibrary
GetLastError
GetOverlappedResult
GetModuleFileNameW
LoadLibraryA
LoadResource
GetFileTime
CloseHandle
UnhandledExceptionFilter
GetComputerNameExW
WaitForSingleObject
GetUserDefaultUILanguage
OpenProcess
GetDiskFreeSpaceW
CreateFileW
lstrcpynW
SetThreadPriority
GetFileSize
GetFullPathNameA
GetDiskFreeSpaceExW
QueryPerformanceCounter
CancelIo
ResumeThread
FindNextFileW
Sleep
ReadFile
lstrcpyA
SearchPathW
GetCommandLineW
SetUnhandledExceptionFilter
RaiseException
LocalFree
InterlockedDecrement
GetLogicalDriveStringsW
ReadProcessMemory
SetEvent
GetProfileIntA
OpenEventW
OpenFile
lstrcmpiW
GetTimeZoneInformation
Beep
GetLocalTime
GetModuleHandleW
CreateProcessInternalA
GetFileAttributesW
MapViewOfFile
SleepEx
WideCharToMultiByte
DelayLoadFailureHook
CreateThread
ExpandEnvironmentStringsW
ReleaseMutex
AreFileApisANSI
OutputDebugStringW
FindFirstFileExW
lstrcmpW
GetComputerNameW
DeviceIoControl
GetProfileStringA
GetSystemTimeAsFileTime
WaitForMultipleObjectsEx
GetCurrentThreadId
GetVersionExA
_lclose

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 242KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 952KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2cd331b55b6689afbad3430797252198

Headers

File Characteristics

Imports

rpcrt4

ntdll

kernel32

Sections

.text Size: 17KB - Virtual size: 17KB

.rsrc Size: 242KB - Virtual size: 242KB

.reloc Size: 512B - Virtual size: 28B

.rdata Size: 201KB - Virtual size: 201KB

.data Size: 4KB - Virtual size: 952KB

.text
Size: 17KB - Virtual size: 17KB

.rsrc
Size: 242KB - Virtual size: 242KB

.reloc
Size: 512B - Virtual size: 28B

.rdata
Size: 201KB - Virtual size: 201KB

.data
Size: 4KB - Virtual size: 952KB