8685b96884a57737ead3c2eca8be9557_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8685b96884a57737ead3c2eca8be9557_JaffaCakes118
Size

3.1MB
MD5

8685b96884a57737ead3c2eca8be9557
SHA1

34e217af5ba11a9c570025a79a26a849e271a321
SHA256

841c5536835cc21646bba8870af186ad49e6e6f0779bf9831e222c40a91c5123
SHA512

1d251ad3e38ab84e4c51063a481db2f03571850749f6c4b048fcdeef2303d67eb6deddb4a5e5b7d2ca029cc16a4bf57a02ad67ea8ed67f2a7cf4e363e09ac255
SSDEEP

49152:odDBeagRjzQM2cZQSQbe8WyOcRWpCP7UVG9k2cfkrqlnHwwfK5iJuyV1K5cojcxa:sY0x5NMKSL1vKRkhhKEAzh9SJi+gF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8685b96884a57737ead3c2eca8be9557_JaffaCakes118

Files

8685b96884a57737ead3c2eca8be9557_JaffaCakes118
.exe windows:6 windows x86 arch:x86

522613916868e4512bdf9a470d3400f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

sppsvc.pdb

Imports

advapi32

TraceMessage
RegCloseKey
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
SetServiceStatus
RegOpenKeyExW
RegQueryValueExW
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
FreeSid
RegDeleteKeyW
RegCreateKeyExW
CheckTokenMembership
AllocateAndInitializeSid
ConvertStringSidToSidW
RegEnumKeyW
RegQueryInfoKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetKeySecurity
RegDeleteValueW
RegSetValueExW
CryptGenRandom
CryptAcquireContextW
CryptReleaseContext
DeregisterEventSource
ReportEventW
RegisterEventSourceW
EqualSid
OpenProcessToken
ConvertSidToStringSidW
LookupAccountNameW
RegEnumKeyExW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptDestroyKey
CryptEncrypt
CryptDecrypt
CryptImportKey
CryptSignHashA
CryptVerifySignatureA
CryptExportKey
CryptGenKey
RegisterTraceGuidsA
GetTokenInformation

kernel32

Sleep
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
GetCurrentThreadId
DeleteTimerQueueEx
ReleaseSemaphore
LoadLibraryW
SetThreadPriority
GetThreadPriority
DuplicateHandle
GetCurrentProcess
GetCurrentThread
OpenThread
GetTickCount
ReleaseMutex
CreateSemaphoreW
IsWow64Process
OpenMutexW
CreateMutexW
ExpandEnvironmentStringsW
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
SetFileAttributesW
GetFileAttributesW
ChangeTimerQueueTimer
CreateDirectoryW
WriteFile
CreateFileW
GetFileSizeEx
QueueUserWorkItem
ReadFile
GetFileSize
MultiByteToWideChar
OpenProcess
GetCurrentProcessId
GetSystemInfo
CompareFileTime
SystemTimeToFileTime
GetSystemTimeAsFileTime
DeleteTimerQueue
WaitForMultipleObjects
GetDevicePowerState
CreateSemaphoreA
InterlockedExchangeAdd
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetFullPathNameW
InitializeCriticalSection
SetLastError
VirtualProtect
VirtualFree
VirtualAlloc
GetLocalTime
MoveFileExW
CopyFileW
FlushFileBuffers
DeleteFileW
SetFilePointer
CreateFileMappingW
MapViewOfFile
GetModuleHandleW
UnmapViewOfFile
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetComputerNameW
DeviceIoControl
GetLocaleInfoW
GetSystemDirectoryW
LCMapStringW
WideCharToMultiByte
GetVersionExA
GetVersion
VirtualQuery
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedExchange
UnregisterWaitEx
SetEvent
GetModuleHandleExW
GetProcAddress
CreateTimerQueue
CreateTimerQueueTimer
CreateEventW
RegisterWaitForSingleObject
RaiseException
InterlockedDecrement
GetVersionExW
InterlockedIncrement
GetLastError
HeapSetInformation
DeleteTimerQueueTimer
LeaveCriticalSection
LocalFree
EnterCriticalSection
LocalAlloc
DeleteCriticalSection
FreeLibrary
CloseHandle
DecodePointer
EncodePointer
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
lstrlenW

msvcrt

rand
srand
time
memset
_vscwprintf
_beginthreadex
_vsnwprintf
_itow
_wtoi
_ui64tow
_wtof
free
malloc
_controlfp
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
wcsncmp
_wcsnicmp
wcschr
memmove
swscanf
_wcsicmp
_purecall
sscanf
memcpy

rpcrt4

NdrServerCall2
RpcServerRegisterIfEx
RpcServerUseProtseqEpW
RpcServerListen
RpcServerUnregisterIf
RpcMgmtStopServerListening
I_RpcBindingInqLocalClientPID
RpcServerInqCallAttributesW
RpcRaiseException
RpcStringFreeW
RpcRevertToSelfEx
RpcImpersonateClient
UuidCreate
UuidFromStringW
UuidToStringW
I_RpcMapWin32Status

ntdll

NtQueryInformationThread
NtSetInformationThread
RtlUnwind
RtlFreeHeap
RtlAllocateHeap
RtlInitUnicodeString
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlCopyUnicodeString
RtlCompareUnicodeString

ole32

CoInitializeSecurity
CoUninitialize
CoInitializeEx

Exports

Exports

?SPRevision@@3PADA
?SPVersion@@3PADA

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 258KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 115KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

redexan
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

522613916868e4512bdf9a470d3400f6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

rpcrt4

ntdll

ole32

Exports

Exports

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.data Size: 258KB - Virtual size: 257KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 115KB - Virtual size: 116KB

redexan Size: - Virtual size: 4KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.data
Size: 258KB - Virtual size: 257KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 115KB - Virtual size: 116KB

redexan
Size: - Virtual size: 4KB