95faf0150df135c7acaeb13b93f90067_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

95faf0150df135c7acaeb13b93f90067_JaffaCakes118
Size

198KB
MD5

95faf0150df135c7acaeb13b93f90067
SHA1

d968a3d94934f1cd050b2d18f728f07c4bbfd1e3
SHA256

aa2f6ff1f4d9f5de031570b1f32cb715851e3cb6a2d5823bd73a2d989e18800e
SHA512

4909a5a3ebb8672dc6ef66aa85305ba3e568fbb0f203538bce7c6111233fa0f0328a7805564142dbf7cb763ea90cd41f047282efcffb511269c6b5296dfe69a0
SSDEEP

6144:raKluURaw0v7dsve0PpMDoLrAKLtkqKZJ6Dbhf:raKlCBbJDoPAQtkqKZJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
95faf0150df135c7acaeb13b93f90067_JaffaCakes118

Files

95faf0150df135c7acaeb13b93f90067_JaffaCakes118
.dll windows:5 windows x86 arch:x86

c82f95d8e9f082cb4b4387c7a9861473

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

browser.pdb

Imports

advapi32

RegisterEventSourceW
CloseServiceHandle
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
RegisterServiceCtrlHandlerW
RegCloseKey
RegQueryInfoKeyW
OpenThreadToken
AccessCheck
RegConnectRegistryW
LsaOpenPolicy
LsaQueryInformationPolicy
LsaFreeMemory
LsaClose
SetServiceStatus
ReportEventW
DeregisterEventSource
RegOpenKeyExW
RegQueryValueExW
QueryServiceStatus
RegNotifyChangeKeyValue
RegOpenKeyExA
RegQueryValueExA

kernel32

ExpandEnvironmentStringsW
MultiByteToWideChar
VirtualProtect
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
GetComputerNameExW
WaitForMultipleObjectsEx
DeleteCriticalSection
GetLastError
SetEvent
VirtualAlloc
lstrcmpW
FreeLibrary
Sleep
GetProcAddress
LoadLibraryW
InitializeCriticalSection
CloseHandle
CreateEventW
SetThreadPriority
GetCurrentThread
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObjectEx
lstrcpyA
LocalFree
LocalAlloc
GetSystemDirectoryW
SetFilePointer
CreateFileW
MoveFileW
DeleteFileW
WriteFile
GetLocalTime
DeviceIoControl
LoadLibraryA
lstrcpynA
lstrcmpA
lstrlenA
CreateSemaphoreW
ReleaseSemaphore

msvcrt

wcschr
wcslen
wcsncpy
wcscpy
_wcsicmp
_except_handler3
_ultoa
wcstoul
qsort
wcsspn
mbstowcs
wcscat
vsprintf
sprintf
_local_unwind2
_wcsnicmp
_abnormal_termination
swprintf
_beginthreadex
memmove
wcscmp

netapi32

NetApiBufferFree
NetUseDel
RxNetServerEnum
I_NetNameCanonicalize
NetShareGetInfo
DsGetDcNameW
I_BrowserQueryOtherDomains
Netbios
NetAlertRaiseEx
NetApiBufferAllocate
NetpIsRemote
I_NetServerSetServiceBitsEx

ntdll

RtlReleaseResource
RtlAcquireResourceExclusive
NtClose
NtOpenFile
RtlInitUnicodeString
NtCancelIoFile
NtQueryPerformanceCounter
RtlAppendUnicodeToString
RtlCopyUnicodeString
NtDeviceIoControlFile
RtlCompareMemory
RtlUpcaseUnicodeToOemN
RtlTimeToSecondsSince1980
NtQuerySystemTime
NtQuerySystemInformation
DbgBreakPoint
RtlGetNtProductType
RtlEqualUnicodeString
RtlDeleteResource
RtlInitializeResource
RtlNtStatusToDosError
RtlUpcaseUnicodeStringToOemString
RtlInitializeSid
RtlLengthRequiredSid
RtlSubAuthoritySid
RtlCopySid
RtlSubAuthorityCountSid
RtlDeleteSecurityObject
RtlLengthSid
RtlSetSaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAce
RtlCreateAcl
RtlNewSecurityObject
NtOpenProcessToken
RtlCompareMemoryUlong
RtlSetEnvironmentVariable
RtlExpandEnvironmentStrings_U
RtlCreateEnvironment
RtlDestroyEnvironment
RtlInitAnsiString
RtlOemStringToUnicodeString
RtlInitString
NtCreateTimer
NtCancelTimer
NtSetTimer
RtlAcquireResourceShared

rpcrt4

RpcRevertToSelf
NdrServerCall2
RpcServerUseProtseqEpW
RpcServerRegisterIfEx
RpcServerUnregisterIf
RpcBindingServerFromClient
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcBindingFree
RpcStringFreeW
RpcImpersonateClient

Exports

Exports

I_BrowserServerEnumForXactsrv
ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c82f95d8e9f082cb4b4387c7a9861473

Headers

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

netapi32

ntdll

rpcrt4

Exports

Exports

Sections

.text Size: 69KB - Virtual size: 68KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 123KB - Virtual size: 122KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 69KB - Virtual size: 68KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 123KB - Virtual size: 122KB

.reloc
Size: 3KB - Virtual size: 3KB