a0c1d248d5ba805ab884ba49e16be4c0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a0c1d248d5ba805ab884ba49e16be4c0_JaffaCakes118
Size

182KB
MD5

a0c1d248d5ba805ab884ba49e16be4c0
SHA1

70f1a30bf497b9ac65b11c592a61de3c1d1a584e
SHA256

4e6d8ec52addab1796ecbe8762eef56a92c7d4d8c112838d349d6ea1ee51bb68
SHA512

d504afb3b9b82783c41e2ded0c613caa3da082602be9c51a37699aec5b0033df2c8ab778739d0b219b459f2950bbe1e78739c33edd42fc9ef28ef640b3feb353
SSDEEP

3072:nCHIKuYnmH6FIqds2OEMjwIvnlkgpMQ8uEOdElM4uuW4NKjVkwQMW:CoKuYmH2XFgcalzEOqBuQNK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a0c1d248d5ba805ab884ba49e16be4c0_JaffaCakes118

Files

a0c1d248d5ba805ab884ba49e16be4c0_JaffaCakes118
.dll windows:5 windows x86 arch:x86

1bc65171e7f8e49d5ab1f880fcbda9b0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_snwprintf
towupper
_wcsnicmp
wcsncmp
wcscmp
fclose
_wfopen
wcsncpy
_wcsicmp
_except_handler3
wcsstr
qsort
free
_initterm
malloc
_adjust_fdiv
wcscat
_onexit
wcstoul
wcsspn
wcspbrk
rand
_wtol
wcschr
_ultow
_wcsrev
wcsrchr
sscanf
_purecall
_vsnwprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
swprintf
wcslen
wcscpy
__dllonexit
memmove
fgetws
_wcsupr
_itow

ntdll

RtlNtStatusToDosError
NtSetSystemInformation
NtOpenProcessToken
RtlNewSecurityObject
RtlCreateAcl
RtlAddAce
RtlGetVersion
NtCreateFile
NtQueryInformationFile
NtQueryAttributesFile
RtlInitUnicodeString
RtlDosPathNameToNtPathName_U
NtOpenFile
NtQueryDirectoryFile
RtlFreeHeap
NtClose
NtQuerySystemInformation
RtlEqualUnicodeString
RtlInitString
NtSetInformationThread
NtDuplicateToken
NtDuplicateObject
RtlEqualSid
NtAccessCheck
NtOpenThreadToken
NtPowerInformation
RtlInitializeSid
RtlLengthRequiredSid
RtlSubAuthoritySid
RtlCopySid
RtlSubAuthorityCountSid
RtlDeleteSecurityObject
RtlLengthSid
RtlSetSaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlCreateSecurityDescriptor

advapi32

LsaEnumerateAccountRights
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
WmiOpenBlock
WmiCloseBlock
WmiQueryAllDataW
AccessCheck
AddAce
OpenProcessToken
GetSecurityDescriptorDacl
GetSecurityInfo
SetEntriesInAclW
SetSecurityInfo
RegOpenKeyExA
GetUserNameW
LookupAccountSidW
LsaStorePrivateData
LsaRetrievePrivateData
CreateProcessAsUserW
ImpersonateLoggedOnUser
GetKernelObjectSecurity
RegisterEventSourceW
GetFileSecurityW
GetSecurityDescriptorOwner
DeregisterEventSource
RegConnectRegistryW
IsTokenRestricted
EqualSid
LogonUserW
LsaQueryInformationPolicy
CopySid
LookupAccountNameW
GetTokenInformation
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
CryptGenKey
CryptDestroyKey
RegCloseKey
RegQueryValueExW
RegOpenKeyW
RegSetValueExW
RegCreateKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
FreeSid
SetKernelObjectSecurity
SetFileSecurityW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
SetNamedSecurityInfoW
AllocateAndInitializeSid
RevertToSelf
OpenThreadToken
ImpersonateSelf
UnregisterIdleTask
CloseServiceHandle
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
RegisterIdleTask
EnumServicesStatusExW
CheckTokenMembership
SetServiceStatus
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegisterServiceCtrlHandlerExW
RegOpenKeyExW
RegDeleteValueW
ReportEventW
LsaClose
LsaFreeMemory
CryptCreateHash
LsaOpenPolicy
LsaAddAccountRights
LsaNtStatusToWinError
LsaRemoveAccountRights
CryptDestroyHash
CryptSignHashW
CryptHashData
IsValidSid

ole32

CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitializeEx
CoGetCallContext
CoTaskMemFree

netapi32

NetApiBufferFree
DsGetDcNameW
DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation
NetUserGetInfo

secur32

LsaFreeReturnBuffer
LsaDeregisterLogonProcess
LsaCallAuthenticationPackage
LsaLookupAuthenticationPackage
LsaConnectUntrusted
GetUserNameExW

ntdsapi

DsUnBindW
DsFreeNameResultW
DsBindW
DsCrackNamesW

imagehlp

ImageDirectoryEntryToData
ImageNtHeader
ImageRvaToVa

shlwapi

PathFindExtensionW

kernel32

FormatMessageW
TlsFree
TlsAlloc
FindNextChangeNotification
GetComputerNameW
LoadLibraryW
WTSGetActiveConsoleSessionId
InterlockedIncrement
InterlockedDecrement
SetThreadPriority
SetEnvironmentVariableW
GetEnvironmentVariableW
SetLastError
GetStartupInfoW
SearchPathW
SetCurrentDirectoryW
LocalReAlloc
GetFileInformationByHandle
GetFileType
lstrcpynW
GetVolumeInformationW
LoadLibraryExA
LoadLibraryExW
GetLocaleInfoW
GetUserDefaultUILanguage
GetUserDefaultLCID
IsBadWritePtr
TlsSetValue
TlsGetValue
GetComputerNameExW
ChangeTimerQueueTimer
DeleteTimerQueueTimer
OpenProcess
CreateTimerQueueTimer
DuplicateHandle
SetEndOfFile
DelayLoadFailureHook
GetDateFormatW
GetTimeFormatW
SetFilePointer
ReadFile
InitializeCriticalSectionAndSpinCount
ExitProcess
GetModuleFileNameW
lstrcmpiW
FindFirstChangeNotificationW
lstrlenW
CreateWaitableTimerW
GetCurrentDirectoryW
LocalFileTimeToFileTime
GetVersionExW
FindCloseChangeNotification
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetWaitableTimer
CancelWaitableTimer
InitializeCriticalSection
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForMultipleObjects
GetCurrentProcess
TerminateProcess
CloseHandle
VirtualFree
GetProcessHeap
HeapFree
GetLastError
GetWindowsDirectoryW
HeapAlloc
ReleaseMutex
WaitForSingleObject
FindClose
FindFirstFileW
FindNextFileW
MapViewOfFile
CreateFileMappingW
GetFileSize
CreateFileW
WriteFile
GetFileTime
MultiByteToWideChar
CompareFileTime
SystemTimeToFileTime
GetSystemTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCurrentThread
GetFileAttributesW
GetSystemDirectoryW
GetFullPathNameW
ExpandEnvironmentStringsW
UnregisterWaitEx
SetEvent
InterlockedCompareExchange
ResetEvent
Sleep
RegisterWaitForSingleObject
GetTickCount
LocalFree
LocalAlloc
OpenEventW
GetCurrentThreadId
VirtualAlloc
CreateMutexW
CreateEventW
SetFileAttributesW
CreateDirectoryW
FlushFileBuffers
GetExitCodeProcess
CreateProcessW
GetCurrentProcessId
GetLocalTime
FindVolumeClose
FindNextVolumeW
QueryDosDeviceW
GetVolumePathNamesForVolumeNameW
FindFirstVolumeW
DeleteFileW
UnmapViewOfFile
GetDriveTypeW
GetSystemTimeAsFileTime
CreateThread
QueueUserWorkItem
DisableThreadLibraryCalls
GetSystemPowerStatus
InterlockedExchange
DeleteAtom
GetModuleHandleW
GetProcAddress
FreeLibrary
LoadLibraryA
QueryPerformanceCounter

user32

TranslateMessage
DispatchMessageW
UpdateWindow
GetMessageW
SystemParametersInfoW
GetProcessWindowStation
SetProcessWindowStation
SetUserObjectSecurity
CreateDesktopW
CreateWindowStationW
CloseDesktop
CloseWindowStation
LoadStringW
EnumWindows
EnumThreadWindows
IsWindow
GetWindowThreadProcessId
LoadStringA
MessageBoxA
UnregisterClassW
PostMessageW
SendMessageW
RegisterWindowMessageW
RegisterClassW
CreateWindowExW
ShowWindow
DestroyWindow
DefWindowProcW
PostQuitMessage

rpcrt4

RpcServerUseProtseqW
RpcEpUnregister
RpcServerUnregisterIf
RpcServerRegisterIfEx
RpcServerUseProtseqEpW
RpcServerRegisterAuthInfoW
RpcBindingVectorFree
RpcImpersonateClient
RpcServerInqBindings
RpcEpRegisterW
RpcRevertToSelf
NdrServerCall2
UuidCreate
RpcServerUnregisterIfEx
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcStringFreeW

userenv

LoadUserProfileW
UnloadUserProfile
DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSQueryUserToken
WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSFreeMemory

Exports

Exports

CloseProc
SPUninstall
SPUninstallCallback
SchedServiceMain
SysPrepBackup
SysPrepCallback
SysPrepRestore

Sections

.text
Size: 164KB - Virtual size: 164KB

�� `
Size: 8KB - Virtual size: 1558.3MB

��@��@
Size: 1KB - Virtual size: 1862.1MB

��@��
Size: 22KB - Virtual size: 1831.2MB

Sharing

General

Malware Config

Signatures

Files

1bc65171e7f8e49d5ab1f880fcbda9b0

Headers

File Characteristics

Imports

msvcrt

ntdll

advapi32

ole32

netapi32

secur32

ntdsapi

imagehlp

shlwapi

kernel32

user32

rpcrt4

userenv

wtsapi32

Exports

Exports

Sections

.text Size: 164KB - Virtual size: 164KB

���� ��` Size: 8KB - Virtual size: 1558.3MB

����@��@ Size: 1KB - Virtual size: 1862.1MB

����@��� Size: 22KB - Virtual size: 1831.2MB

.text
Size: 164KB - Virtual size: 164KB

�� `
Size: 8KB - Virtual size: 1558.3MB

��@��@
Size: 1KB - Virtual size: 1862.1MB

��@��
Size: 22KB - Virtual size: 1831.2MB