b97201ba414c538911cec5ae936c631c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b97201ba414c538911cec5ae936c631c_JaffaCakes118
Size

660KB
MD5

b97201ba414c538911cec5ae936c631c
SHA1

1c862f3ba9c6657bdecc2de5ac875839a3d4d5b6
SHA256

05d2d9a297a430f55c175e264c5cbdf7499075eef41b1d04cd626dee20058ab5
SHA512

c09e55d6fd87a1d25cbdd76f41c4efc59f9f95515a1a60e808129db8a02adcd18c1c9d6799a93606cd1b4a3f12aaa0ab51ac72ad644b89c377c306e65b2b9f32
SSDEEP

12288:95wtvR7TAwn9YX3fErY8Wtr04yfWS5cha9LT5dp:92tvR7TH9YX32okflCa9LT5dp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b97201ba414c538911cec5ae936c631c_JaffaCakes118

Files

b97201ba414c538911cec5ae936c631c_JaffaCakes118
.dll windows:5 windows x86 arch:x86

4df5d5b5553dd653d178361f70b01dc2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

apphelp.pdb

Imports

ntdll

RtlInitAnsiString
RtlGetVersion
LdrGetProcedureAddress
RtlInitString
NtCreateKey
NtQueryInformationProcess
NtQueryDirectoryFile
NtUnmapViewOfSection
RtlxAnsiStringToUnicodeSize
NtCreateFile
RtlNtStatusToDosError
strspn
RtlGetNativeSystemInformation
RtlUnicodeStringToInteger
NtSetValueKey
NtSetInformationKey
NtDeleteKey
RtlGetFullPathName_U
strpbrk
NtOpenFile
NtCreateSection
wcspbrk
LdrGetProcedureAddressEx
_wcsupr
RtlUpcaseUnicodeString
toupper
RtlUpcaseUnicodeChar
RtlUpcaseUnicodeToMultiByteN
RtlSecondsSince1970ToTime
RtlImageRvaToVa
RtlImageDirectoryEntryToData
swscanf_s
RtlGUIDFromString
strchr
isdigit
LdrResSearchResource
LdrResFindResource
SbSelectProcedure
NtDeleteValueKey
_strnicmp
RtlSubAuthorityCountSid
_vscwprintf
RtlCreateServiceSid
RtlEqualSid
RtlGetDaclSecurityDescriptor
RtlIdentifierAuthoritySid
wcsncmp
EtwEventWriteNoRegistration
NtQueryObject
_wcsupr_s
RtlAddVectoredExceptionHandler
strcpy_s
_strlwr
strstr
_wcslwr
RtlAllocateAndInitializeSid
RtlCheckTokenMembership
RtlFreeSid
_itoa_s
RtlCreateUnicodeStringFromAsciiz
wcsnlen
_strupr
RtlRandom
RtlCompareMemory
LdrEnumerateLoadedModules
RtlReAllocateHeap
RtlComputeCrc32
RtlInitUnicodeStringEx
LdrLoadDll
sprintf_s
sscanf_s
RtlLengthRequiredSid
NtQuerySecurityObject
RtlGetOwnerSecurityDescriptor
NtProtectVirtualMemory
NtFlushInstructionCache
RtlDowncaseUnicodeString
NtQuerySystemInformation
NtMapViewOfSection
NtQueryAttributesFile
NtQueryKey
NtEnumerateValueKey
NlsMbCodePageTag
RtlGetFileMUIPath
NtQueryInformationToken
NtOpenProcessToken
atol
NtQueryInformationFile
wcsstr
strncmp
wcschr
NtReadFile
qsort
NtWriteFile
WinSqmIsOptedIn
DbgPrintEx
wcscpy_s
wcscat_s
wcsspn
RtlSubAuthoritySid
RtlAppendUnicodeStringToString
ord7
ord4
ord3
NtResumeThread
RtlDoesFileExists_U
RtlCreateUnicodeString
_wcsnicmp
_vsnwprintf
LdrInitShimEngineDynamic
RtlAnsiStringToUnicodeString
RtlInitAnsiStringEx
RtlCaptureStackBackTrace
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlTimeToTimeFields
_vsnprintf
_stricmp
strrchr
_wtoi
RtlDeleteCriticalSection
RtlInitializeCriticalSection
LdrFindEntryForAddress
EtwEventUnregister
EtwEventRegister
swprintf_s
EtwEventWrite
LdrGetDllHandle
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlSetEnvironmentVariable
RtlQueryEnvironmentVariable_U
RtlDosPathNameToRelativeNtPathName_U
NtApphelpCacheControl
RtlDosPathNameToNtPathName_U
_wcsicmp
wcsrchr
RtlNtPathNameToDosPathName
RtlpEnsureBufferSize
NtClose
RtlExpandEnvironmentStrings_U
NtQueryValueKey
NtOpenKey
RtlFreeHeap
RtlFreeUnicodeString
RtlDuplicateUnicodeString
memmove
RtlStringFromGUID
RtlAppendUnicodeToString
RtlCopyUnicodeString
RtlAllocateHeap
RtlFormatCurrentUserKeyPath
DbgPrint
RtlInitUnicodeString
RtlDosPathNameToRelativeNtPathName_U_WithStatus
RtlReleaseRelativeName
RtlImageNtHeader
memcpy
memset
_alloca_probe
_chkstk
memcmp
RtlUnwind

api-ms-win-core-appcompat-l1-1-0

BaseCheckAppcompatCacheEx
BaseUpdateAppcompatCache
BaseFlushAppcompatCache
BaseDumpAppcompatCache
BaseIsAppcompatInfrastructureDisabled

kernel32

SwitchToThread
InterlockedCompareExchange
GetModuleHandleExA
SizeofResource
CompareFileTime
ProcessIdToSessionId
GetTickCount64
GetFinalPathNameByHandleW
InterlockedIncrement
CreateThread
CreateWaitableTimerW
GetModuleHandleExW
SetWaitableTimer
CreateToolhelp32Snapshot
EnterCriticalSection
GetModuleFileNameW
Thread32Next
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
Thread32First
SetEnvironmentVariableW
LocalFree
CompareStringA
LocalAlloc
SetLastError
GetFileSizeEx
CompareStringW
LoadLibraryExW
lstrlenA
GetCurrentDirectoryW
IsDBCSLeadByte
GetFileAttributesW
GetSystemDirectoryW
WriteFile
VerLanguageNameW
VirtualProtect
VirtualAlloc
ReadProcessMemory
VirtualFree
OutputDebugStringW
VirtualQuery
GetUserDefaultUILanguage
LockResource
IsWow64Process
Wow64RevertWow64FsRedirection
GetExitCodeProcess
Wow64DisableWow64FsRedirection
LoadLibraryW
WaitForSingleObject
GetSystemWindowsDirectoryW
CreateProcessW
LoadResource
FreeLibrary
FindResourceW
FindNextFileW
FindClose
ReadFile
DisableThreadLibraryCalls
CreateFileW
GetLastError
CloseHandle
OpenProcess
GetDriveTypeW
GetLongPathNameW
GetCurrentProcessId
GetProcessTimes
GetCurrentProcess
GetPackageFullName
PackageIdFromFullName
AppXGetOSMaxVersionTested
GetEnvironmentVariableW
ExpandEnvironmentStringsW
GetModuleHandleW
OutputDebugStringA
OpenMutexW
GetProcAddress
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
SetFilePointerEx
SetErrorMode
SetFilePointer
FindFirstFileW
DeleteFileW
GetTempPathW
GetTempFileNameW
WriteProcessMemory

api-ms-win-security-base-l1-2-0

EqualSid
GetAce
GetAclInformation
GetSecurityDescriptorDacl
AllocateAndInitializeSid

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegGetKeySecurity
RegOpenKeyExW
RegOpenKeyExA

Exports

Exports

AllowPermLayer
ApphelpCheckExe
ApphelpCheckIME
ApphelpCheckInstallShieldPackage
ApphelpCheckModule
ApphelpCheckMsiPackage
ApphelpCheckRunApp
ApphelpCheckRunAppEx
ApphelpCheckShellObject
ApphelpCreateAppcompatData
ApphelpDebugPrintf
ApphelpFixMsiPackage
ApphelpFixMsiPackageExe
ApphelpFreeFileAttributes
ApphelpGetFileAttributes
ApphelpGetMsiProperties
ApphelpGetNTVDMInfo
ApphelpGetShimDebugLevel
ApphelpParseModuleData
ApphelpQueryModuleData
ApphelpQueryModuleDataEx
ApphelpShowDialog
ApphelpUpdateCacheEntry
DWM8And16Bit_ChangeDisplaySettingsExW_CallOut
DWM8And16Bit_DirectDrawCreateEx_CallOut
DWM8And16Bit_DirectDrawCreate_CallOut
DWM8And16Bit_EnumDisplaySettingsExW_CallOut
DWM8And16Bit_IsShimApplied_CallOut
DWM8And16Bit_RestoreDisplayMode_CallOut
DlEnumChannels
DlGetStateEx
DlSetFlagsEx
DlSetLevelEx
DlSetStateEx
DlSnapshot
GetPermLayers
SE_AddHookset
SE_CALLBACK_AddHook
SE_CALLBACK_Lookup
SE_COM_AddHook
SE_COM_AddServer
SE_COM_HookInterface
SE_COM_HookObject
SE_COM_Lookup
SE_DllLoaded
SE_DllUnloaded
SE_DynamicShim
SE_GetHookAPIs
SE_GetMaxShimCount
SE_GetProcAddressForCaller
SE_GetProcAddressIgnoreIncExc
SE_GetProcAddressLoad
SE_GetShimCount
SE_GetShimId
SE_InitializeEngine
SE_InstallAfterInit
SE_InstallBeforeInit
SE_IsShimDll
SE_LdrEntryRemoved
SE_LdrResolveDllName
SE_LookupAddress
SE_LookupCaller
SE_ProcessDying
SE_ShimDPF
SE_ShimDllLoaded
SE_WINRT_AddHook
SE_WINRT_HookObject
SdbAddLayerTagRefToQuery
SdbApphelpNotify
SdbApphelpNotifyEx
SdbApphelpNotifyEx2
SdbBeginWriteListTag
SdbBuildCompatEnvVariables
SdbCloseApphelpInformation
SdbCloseDatabase
SdbCloseDatabaseWrite
SdbCloseLocalDatabase
SdbCommitIndexes
SdbCreateDatabase
SdbCreateHelpCenterURL
SdbCreateMsiTransformFile
SdbDeclareIndex
SdbDeletePermLayerKeys
SdbDumpSearchPathPartCaches
SdbEndWriteListTag
SdbEnumMsiTransforms
SdbEscapeApphelpURL
SdbFindCustomActionForPackage
SdbFindFirstDWORDIndexedTag
SdbFindFirstGUIDIndexedTag
SdbFindFirstMsiPackage
SdbFindFirstMsiPackage_Str
SdbFindFirstNamedTag
SdbFindFirstStringIndexedTag
SdbFindFirstTag
SdbFindFirstTagRef
SdbFindMsiPackageByID
SdbFindNextDWORDIndexedTag
SdbFindNextGUIDIndexedTag
SdbFindNextMsiPackage
SdbFindNextStringIndexedTag
SdbFindNextTag
SdbFindNextTagRef
SdbFormatAttribute
SdbFreeDatabaseInformation
SdbFreeFileAttributes
SdbFreeFileInfo
SdbFreeFlagInfo
SdbGUIDFromString
SdbGUIDToString
SdbGetAppCompatDataSize
SdbGetAppPatchDir
SdbGetBinaryTagData
SdbGetDatabaseGUID
SdbGetDatabaseID
SdbGetDatabaseInformation
SdbGetDatabaseInformationByName
SdbGetDatabaseMatch
SdbGetDatabaseVersion
SdbGetDllPath
SdbGetEntryFlags
SdbGetFileAttributes
SdbGetFileImageType
SdbGetFileImageTypeEx
SdbGetFileInfo
SdbGetFirstChild
SdbGetImageType
SdbGetIndex
SdbGetItemFromItemRef
SdbGetLayerName
SdbGetLayerTagRef
SdbGetLocalPDB
SdbGetMatchingExe
SdbGetMsiPackageInformation
SdbGetNamedLayer
SdbGetNextChild
SdbGetNthUserSdb
SdbGetPDBFromGUID
SdbGetPermLayerKeys
SdbGetShowDebugInfoOption
SdbGetShowDebugInfoOptionValue
SdbGetStandardDatabaseGUID
SdbGetStringTagPtr
SdbGetTagDataSize
SdbGetTagFromTagID
SdbGrabMatchingInfo
SdbGrabMatchingInfoEx
SdbInitDatabase
SdbInitDatabaseEx
SdbIsNullGUID
SdbIsStandardDatabase
SdbIsTagrefFromLocalDB
SdbIsTagrefFromMainDB
SdbLoadString
SdbMakeIndexKeyFromString
SdbOpenApphelpDetailsDatabase
SdbOpenApphelpDetailsDatabaseSP
SdbOpenApphelpInformation
SdbOpenApphelpInformationByID
SdbOpenApphelpResourceFile
SdbOpenDatabase
SdbOpenDbFromGuid
SdbOpenLocalDatabase
SdbPackAppCompatData
SdbQueryApphelpInformation
SdbQueryBlockUpgrade
SdbQueryContext
SdbQueryData
SdbQueryDataEx
SdbQueryDataExTagID
SdbQueryFlagInfo
SdbQueryFlagMask
SdbQueryName
SdbQueryReinstallUpgrade
SdbReadApphelpData
SdbReadApphelpDetailsData
SdbReadBYTETag
SdbReadBYTETagRef
SdbReadBinaryTag
SdbReadDWORDTag
SdbReadDWORDTagRef
SdbReadEntryInformation
SdbReadMsiTransformInfo
SdbReadPatchBits
SdbReadQWORDTag
SdbReadQWORDTagRef
SdbReadStringTag
SdbReadStringTagRef
SdbReadWORDTag
SdbReadWORDTagRef
SdbRegisterDatabase
SdbRegisterDatabaseEx
SdbReleaseDatabase
SdbReleaseMatchingExe
SdbResolveDatabase
SdbSetApphelpDebugParameters
SdbSetEntryFlags
SdbSetImageType
SdbSetPermLayerKeys
SdbShowApphelpDialog
SdbShowApphelpFromQuery
SdbStartIndexing
SdbStopIndexing
SdbStringDuplicate
SdbStringReplace
SdbStringReplaceArray
SdbTagIDToTagRef
SdbTagRefToTagID
SdbTagToString
SdbUnpackAppCompatData
SdbUnregisterDatabase
SdbWriteBYTETag
SdbWriteBinaryTag
SdbWriteBinaryTagFromFile
SdbWriteDWORDTag
SdbWriteNULLTag
SdbWriteQWORDTag
SdbWriteStringRefTag
SdbWriteStringTag
SdbWriteStringTagDirect
SdbWriteWORDTag
SetPermLayerState
SetPermLayerStateEx
SetPermLayers
ShimDbgPrint
ShimDumpCache
ShimFlushCache

Sections

.text
Size: 524KB - Virtual size: 523KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4df5d5b5553dd653d178361f70b01dc2

Headers

File Characteristics

PDB Paths

Imports

ntdll

api-ms-win-core-appcompat-l1-1-0

kernel32

api-ms-win-security-base-l1-2-0

api-ms-win-core-registry-l1-1-0

Exports

Exports

Sections

.text Size: 524KB - Virtual size: 523KB

.data Size: 15KB - Virtual size: 15KB

.idata Size: 8KB - Virtual size: 7KB

.rsrc Size: 83KB - Virtual size: 82KB

.reloc Size: 29KB - Virtual size: 28KB

.text
Size: 524KB - Virtual size: 523KB

.data
Size: 15KB - Virtual size: 15KB

.idata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 83KB - Virtual size: 82KB

.reloc
Size: 29KB - Virtual size: 28KB