a5010fbca8705e8c81707050b4299f4a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a5010fbca8705e8c81707050b4299f4a_JaffaCakes118
Size

376KB
MD5

a5010fbca8705e8c81707050b4299f4a
SHA1

48974e5b1f82d26bbaa20e8c4bd69d36acaa8269
SHA256

a346f2c0e4445dd247e66b90e8a85468734d1950d5c421bf8c5f54756b723ae8
SHA512

b7dd6a5ab841b74c68dc98a3a6f75fa19df6d2f5c244894437cb224e23479a2ffc4b7f2182c15ac0a5acd61d1d060faf7a0a76f29aa0b8ddfbc0976bbbab1523
SSDEEP

6144:KgGqm5OTpApsMbTwhI4k8e343V77Svklfk43324iRAih4O0mCxyAwDCxUshWK4M:zdm4TpkXcI4L0Y7RlH3niRAih4XmEyA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a5010fbca8705e8c81707050b4299f4a_JaffaCakes118

Files

a5010fbca8705e8c81707050b4299f4a_JaffaCakes118
.dll windows:5 windows x86 arch:x86

4ef43d9a4a7560e15df0c7c1b2809b85

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

sbe.pdb

Imports

msvcrt

_vsnwprintf
_snwprintf
_ftol
wcsrchr
_except_handler3
wcscpy
wcslen
_wcsicmp
malloc
memmove
_initterm
??3@YAXPAX@Z
wcsncpy
wcscat
??2@YAPAXI@Z
free
_adjust_fdiv

kernel32

lstrlenW
MultiByteToWideChar
lstrlenA
GetLastError
GetModuleFileNameA
GetVersionExW
DisableThreadLibraryCalls
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrcpynW
CloseHandle
CreateEventW
SetEvent
ResetEvent
WaitForSingleObject
ReleaseSemaphore
GetSystemInfo
VirtualFree
lstrcmpW
DuplicateHandle
CreateSemaphoreW
VirtualAlloc
lstrcpyW
lstrcmpiW
InterlockedExchange
SetThreadPriority
GetFileAttributesW
DeleteFileW
QueueUserWorkItem
QueryPerformanceFrequency
LocalFree
CreateDirectoryW
GetTempPathW
SetFileAttributesW
LocalAlloc
SetLastError
lstrcmpiA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
SetFilePointerEx
SetEndOfFile
ReadFile
WriteFile
GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc
IsBadReadPtr
TryEnterCriticalSection
Sleep
GetFullPathNameW
CreateHardLinkW
FindClose
FindFirstFileW
OpenEventW
GetFileInformationByHandle
ReleaseMutex
RaiseException
CreateMutexW
IsBadWritePtr
OpenFileMappingW
FlushViewOfFile
GetTempFileNameW
OpenMutexW
UnregisterWaitEx
RegisterWaitForSingleObject
VirtualProtect
GetQueuedCompletionStatus
InterlockedDecrement
FreeLibrary
InterlockedIncrement
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
LoadLibraryA
CreateThread
RemoveDirectoryW

user32

wsprintfW

advapi32

RegSetValueW
RegOpenKeyExW
AllocateAndInitializeSid
FreeSid
AddAccessAllowedAceEx
EqualSid
GetAclInformation
InitializeAcl
GetAce
AddAce
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumKeyExW
RegCloseKey
RegDeleteKeyW
RegCreateKeyW
RegQueryValueExW
CopySid
GetLengthSid
IsValidSid
SetNamedSecurityInfoW
GetNamedSecurityInfoW
RegCreateKeyExW
RegSetValueExW

ole32

CoUninitialize
CoFreeUnusedLibraries
CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
StringFromGUID2

rpcrt4

NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrStubCall2
UuidCreate
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
NdrStubForwardingFunction
NdrCStdStubBuffer2_Release

winmm

timeBeginPeriod
timeGetTime
timeGetDevCaps

Exports

Exports

DllCanUnloadNol
DllGetClassObject
DllRegisterServem
DllUnregisterServed
GetProxyDllInfo

Sections

.text
Size: 242KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 227B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ef43d9a4a7560e15df0c7c1b2809b85

Headers

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

advapi32

ole32

rpcrt4

winmm

Exports

Exports

Sections

.text Size: 242KB - Virtual size: 242KB

.orpc Size: 512B - Virtual size: 227B

.data Size: 5KB - Virtual size: 6KB

.rsrc Size: 113KB - Virtual size: 112KB

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 242KB - Virtual size: 242KB

.orpc
Size: 512B - Virtual size: 227B

.data
Size: 5KB - Virtual size: 6KB

.rsrc
Size: 113KB - Virtual size: 112KB

.reloc
Size: 14KB - Virtual size: 14KB