8672ac101446a5e0eca571d0c8082957_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8672ac101446a5e0eca571d0c8082957_JaffaCakes118
Size

215KB
MD5

8672ac101446a5e0eca571d0c8082957
SHA1

f8b4d7d453f87e0dfc99759791fd78f914d5e6c6
SHA256

729b3d1f03657de93688e53942af4393c37ba1cab0afad79ee9259e8d8f89ed3
SHA512

c81a1cd486178891d7b011b6c3bb1369207d0d2ea8f16ebe34d193a390dfdafc958b55d46d207db3630600a5aa38c4b4af09c643e3f817efe2c89c336d92444d
SSDEEP

6144:4Hx+Ft3o/1FeMtdaQL9rnQC1Vur0VhdqeNe9wEPJZbhV:4Hx8utFbhLQC1sr0TdqeUXJZ1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8672ac101446a5e0eca571d0c8082957_JaffaCakes118

Files

8672ac101446a5e0eca571d0c8082957_JaffaCakes118
.dll windows:5 windows x86 arch:x86

943679b1ae04b2b6daeedf17d9e48f07

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

rtutils.pdb

Imports

advapi32

RegEnumKeyExW
RegisterEventSourceW
ReportEventW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExA
RegQueryValueExA
RegNotifyChangeKeyValue
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegQueryInfoKeyW

kernel32

EnterCriticalSection
LeaveCriticalSection
InterlockedExchangeAdd
DeleteCriticalSection
CancelWaitableTimer
InterlockedDecrement
HeapReAlloc
GetTickCount
CreateThread
HeapDestroy
ReleaseSemaphore
CreateIoCompletionPort
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ReadConsoleInputA
DisableThreadLibraryCalls
FreeLibraryAndExitThread
WaitForMultipleObjects
SetWaitableTimer
FreeConsole
SetEvent
lstrcpynA
GetCurrentThreadId
GetLocalTime
HeapFree
HeapAlloc
GetProcessHeap
lstrcatA
lstrcpynW
lstrcatW
TerminateProcess
GetCurrentProcess
TerminateThread
GetCurrentThread
InterlockedExchange
lstrlenA
lstrcpyA
lstrcmpA
SetConsoleScreenBufferSize
CreateConsoleScreenBuffer
GetLastError
GetStdHandle
AllocConsole
SetConsoleActiveScreenBuffer
CloseHandle
SetFilePointer
CreateFileA
CreateDirectoryA
MoveFileExA
WriteConsoleA
WriteFile
GetFileSize
lstrlenW
lstrcpyW
lstrcmpW
CreateFileW
CreateDirectoryW
MoveFileExW
WriteConsoleW
SetConsoleTitleA
CreateEventA
ExpandEnvironmentStringsA
CreateEventW
ExpandEnvironmentStringsW
MultiByteToWideChar
FormatMessageA
Sleep
LoadLibraryA
InterlockedCompareExchange
LocalFree
FormatMessageW
LoadLibraryW
GetModuleFileNameA
WaitForSingleObject
GlobalFree
GlobalAlloc
SetConsoleWindowInfo
GetConsoleScreenBufferInfo
FreeLibrary

msvcrt

mbstowcs
_except_handler3
_snwprintf
wcslen
memmove
printf
free
_initterm
malloc
_adjust_fdiv
wcstombs

ntdll

RtlAcquireResourceExclusive
RtlAcquireResourceShared
DbgBreakPoint
DbgPrompt
DbgPrint
RtlInitializeResource
RtlDeleteResource
RtlConvertExclusiveToShared
RtlConvertSharedToExclusive
RtlNtStatusToDosError
NtSetIoCompletion
NtQuerySystemTime
RtlReleaseResource

user32

wsprintfA
wvsprintfW
wsprintfW
wvsprintfA

Exports

Exports

CreateWaitEvent
CreateWaitEventBinding
CreateWaitTimer
DeRegisterWaitEventBinding
DeRegisterWaitEventBindingSelf
DeRegisterWaitEventsTimers
DeRegisterWaitEventsTimersSelf
DebugPrintWaitWorkerThreads
LogErrorA
LogErrorW
LogEventA
LogEventW
MprSetupProtocolEnum
MprSetupProtocolFree
QueueWorkItem
RegisterWaitEventBinding
RegisterWaitEventsTimers
RouterAssert
RouterGetErrorStringA
RouterGetErrorStringW
RouterLogDeregisterA
RouterLogDeregisterW
RouterLogEventA
RouterLogEventDataA
RouterLogEventDataW
RouterLogEventExA
RouterLogEventExW
RouterLogEventStringA
RouterLogEventStringW
RouterLogEventValistExA
RouterLogEventValistExW
RouterLogEventW
RouterLogRegisterA
RouterLogRegisterW
SetIoCompletionProc
TraceDeregisterA
TraceDeregisterExA
TraceDeregisterExW
TraceDeregisterW
TraceDumpExA
TraceDumpExW
TraceGetConsoleA
TraceGetConsoleW
TracePrintfA
TracePrintfExA
TracePrintfExW
TracePrintfW
TracePutsExA
TracePutsExW
TraceRegisterExA
TraceRegisterExW
TraceVprintfExA
TraceVprintfExW
UpdateWaitTimer
WTFreeEvent
WTFreeTimer

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

943679b1ae04b2b6daeedf17d9e48f07

Headers

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

ntdll

user32

Exports

Exports

Sections

.text Size: 38KB - Virtual size: 37KB

.data Size: 172KB - Virtual size: 172KB

.rsrc Size: 1024B - Virtual size: 992B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 38KB - Virtual size: 37KB

.data
Size: 172KB - Virtual size: 172KB

.rsrc
Size: 1024B - Virtual size: 992B

.reloc
Size: 2KB - Virtual size: 2KB