a5ca5e3d3b126898ec42bf583aa6495f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a5ca5e3d3b126898ec42bf583aa6495f_JaffaCakes118
Size

179KB
MD5

a5ca5e3d3b126898ec42bf583aa6495f
SHA1

f6ff5169d3bffc05e436998b407e904ecfe2b1b1
SHA256

47d41ff1e1d9f1007ba948d67f40586025339a204ef59e5b60076b42ea96c92a
SHA512

d6eb133c80537e1f7687e34a6fa6fb7a9a268bc8275bfcc82bade5cfa10c0ba59ca2fe08f1357b0c4c80b06917d219a4d241fa6d1a9e0138948c24f860630317
SSDEEP

3072:+TXs80V8Y0zo/Je/33eE05tfFD521iWFKjrh19p6aj7aQ:P80VJ7/gHeb5tfF2rKjtPp6a3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a5ca5e3d3b126898ec42bf583aa6495f_JaffaCakes118

Files

a5ca5e3d3b126898ec42bf583aa6495f_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

72f93c8267e992058418aa9198546671

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

w32time.pdb

Imports

advapi32

RegOpenKeyExW
RegisterServiceCtrlHandlerExW
SetServiceStatus
OpenThreadToken
PrivilegeCheck
GetTokenInformation
LookupAccountSidW
ConvertSidToStringSidW
I_ScSetServiceBitsW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
LsaNtStatusToWinError
RegDeleteKeyW
DeleteService
OpenSCManagerW
CreateServiceW
OpenServiceW
ChangeServiceConfig2W
ChangeServiceConfigW
CloseServiceHandle
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegQueryValueExW
RegCloseKey

iphlpapi

NotifyAddrChange
GetIpAddrTable

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
LocalFree
DeleteCriticalSection
LocalAlloc
GetLastError
CreateTimerQueueTimer
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CloseHandle
CreateEventW
WaitForSingleObject
WriteFile
GetCurrentThreadId
InterlockedIncrement
GetFileSizeEx
CreateFileW
InterlockedDecrement
GetSystemTimeAdjustment
GetModuleFileNameW
GetModuleHandleW
FormatMessageW
UnregisterWait
RegisterWaitForSingleObject
SetHandleInformation
UnregisterWaitEx
SetEvent
GetTickCount
QueueUserWorkItem
OpenEventW
SetTimeZoneInformation
GetTimeZoneInformation
GetCurrentProcess
WaitForMultipleObjects
FreeLibrary
SetSystemTimeAdjustment
SetSystemTime
GetSystemTime
SetThreadPriority
GetCurrentThread
CreateThread
ResetEvent
GetExitCodeThread
GetProcAddress
LoadLibraryW
QueryPerformanceFrequency
DisableThreadLibraryCalls
QueryPerformanceCounter

msvcp60

??1bad_alloc@std@@UAE@XZ

msvcrt

wcscmp
??3@YAXPAX@Z
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler3
ceil
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
?what@exception@@UBEPBDXZ
memmove
_ultow
qsort
_wcsnicmp
??1exception@@UAE@XZ
wcscat
_wcsicmp
__CxxFrameHandler
_ftol
wcsstr
??2@YAPAXI@Z
_vsnwprintf
swprintf
wcschr
wcsncpy
wcscspn
wcscpy
wcslen
wcstoul

netapi32

DsGetSiteNameW
NetLogonGetTimeServiceParentDomain
NetLogonSetServiceBits
I_NetlogonComputeClientDigest
DsGetDcNameW
NetApiBufferFree
I_NetlogonGetTrustRid
DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory
I_NetlogonComputeServerDigest

ntdll

NtSetSystemTime
NtQuerySystemTime
NtSetSystemInformation

rpcrt4

RpcMgmtWaitServerListen
RpcMgmtStopServerListening
RpcServerUnregisterIf
RpcRevertToSelf
RpcImpersonateClient
RpcBindingSetAuthInfoW
RpcMgmtInqServerPrincNameW
RpcBindingFree
RpcBindingFromStringBindingW
RpcStringBindingComposeW
NdrClientCall2
NdrServerCall2
RpcStringFreeW
RpcServerRegisterAuthInfoW
RpcServerListen
RpcServerUseProtseqEpW
RpcServerInqDefaultPrincNameW
RpcServerRegisterIf

secur32

LsaUnregisterPolicyChangeNotification
LsaRegisterPolicyChangeNotification

user32

wsprintfW

userenv

RegisterGPNotification
UnregisterGPNotification

ws2_32

WSAGetLastError
WSAEventSelect
bind
socket
htons
closesocket
WSAStartup
WSAAddressToStringW
sendto
recvfrom
WSACleanup
WSALookupServiceEnd
WSALookupServiceNextW
WSALookupServiceBeginW

Exports

Exports

DllInstall
DllRegisterServer
DllUnregisterServer
SvchostEntry_W32Time
SvchostPushServiceGlobals
TimeProvClose
TimeProvCommand
TimeProvOpen
W32TimeBufferFree
W32TimeDcPromo
W32TimeGetNetlogonServiceBits
W32TimeQueryConfig
W32TimeQueryHardwareProviderStatus
W32TimeQueryNTPProviderStatus
W32TimeSetConfig
W32TimeSyncNow
W32TimeVerifyJoinConfig
W32TimeVerifyUnjoinConfig
W32TmServiceMain
fnW32TmRegisterServiceCtrlHandlerEx
fnW32TmSetServiceStatus

Sections

.text
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

72f93c8267e992058418aa9198546671

Headers

File Characteristics

PDB Paths

Imports

advapi32

iphlpapi

kernel32

msvcp60

msvcrt

netapi32

ntdll

rpcrt4

secur32

user32

userenv

ws2_32

Exports

Exports

Sections

.text Size: 140KB - Virtual size: 140KB

.data Size: 3KB - Virtual size: 2KB

.rsrc Size: 27KB - Virtual size: 27KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 140KB - Virtual size: 140KB

.data
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 27KB - Virtual size: 27KB

.reloc
Size: 7KB - Virtual size: 7KB