b387123ac9d9a04f2b515761c99cf439_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b387123ac9d9a04f2b515761c99cf439_JaffaCakes118
Size

38KB
MD5

b387123ac9d9a04f2b515761c99cf439
SHA1

64be8b4d31e3cb065a3a249e2e2a7c855f1027a1
SHA256

c82cec60efc75d6715c767d9d4d618f43e42badfe9f2da8ee2e7b29de27ce7b8
SHA512

7511cff26acce03eaea4c25db2f4afd21bced41c96c0d8a0b6120e1f19d786eca8d6b6f99dfb1ead1eba912f78fc893f7f5d705c2931c816dbcc5ae1bfdb3a60
SSDEEP

768:G6Ji9UdW+in34XdoGzMPLwFZLYAMlL0ATyOKutisKl4q9:GAi9Ug+HAwAAMaAeOKutisKld9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b387123ac9d9a04f2b515761c99cf439_JaffaCakes118

Files

b387123ac9d9a04f2b515761c99cf439_JaffaCakes118
.exe windows:5 windows x64 arch:x64

ca8c3948096d9616b9c54122dbd647c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\build\HARP_REL_5_30_21\win_external_wl\src\wl\cpl\wltrysvc\ReleaseUv\x64\dell\wltrysvc.pdb

Imports

kernel32

RtlLookupFunctionEntry
RtlCaptureContext
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
ProcessIdToSessionId
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
lstrlenW
CreateEventW
WaitForMultipleObjects
OutputDebugStringW
WaitForSingleObject
OpenProcess
GetCurrentThread
GetCurrentProcess
CloseHandle
TerminateProcess
SetErrorMode
CreateProcessW
SetEvent
lstrcpyW
GlobalAlloc
GlobalFree
SetConsoleCtrlHandler
GetModuleHandleW
GetLastError
GetProcAddress
Sleep
GetModuleFileNameW
AllocConsole
GetStdHandle
FormatMessageW
LocalFree
GetVersionExW
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime

user32

BroadcastSystemMessageW
RegisterClassW
CreateWindowExW
DefWindowProcW
DestroyWindow
RegisterWindowMessageW

advapi32

LsaClose
RegCreateKeyExW
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
LsaStorePrivateData
LsaOpenPolicy
LsaAddAccountRights
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
StartServiceW
RegDeleteValueW
OpenServiceW
ControlService
QueryServiceStatus
DeleteService
RegCreateKeyW
RegSetValueExW
RegCloseKey
OpenSCManagerW
CreateServiceW
ChangeServiceConfig2W
CloseServiceHandle
RegisterEventSourceW
ReportEventW
DeregisterEventSource
SetServiceStatus
GetUserNameW
IsValidSid
GetLengthSid
CopySid
LookupAccountNameW

msvcr90

memset
_purecall
??_V@YAXPEAX@Z
fwprintf
__iob_func
setvbuf
_fdopen
_open_osfhandle
wcscpy_s
wcscat_s
wcsrchr
wcsstr
__CxxFrameHandler3
_wcsdup
_wcsicmp
vswprintf_s
_wcslwr_s
??3@YAXPEAX@Z
wcsncat
_amsg_exit
__wgetmainargs
__C_specific_handler
_XcptFilter
_exit
_cexit
exit
__winitenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
_encode_pointer
__set_app_type
__crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
malloc
free
??_U@YAPEAX_K@Z

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

��
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca8c3948096d9616b9c54122dbd647c7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

msvcr90

Sections

.text Size: 18KB - Virtual size: 17KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

�� Size: 1024B - Virtual size: 876B

.text
Size: 18KB - Virtual size: 17KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

��
Size: 1024B - Virtual size: 876B