b59dacc163e3e17a5d9626681db68b13_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b59dacc163e3e17a5d9626681db68b13_JaffaCakes118
Size

185KB
MD5

b59dacc163e3e17a5d9626681db68b13
SHA1

9ac407818a822b6615942889774a4ed62c56dfec
SHA256

274378ce0b3e2c7c5248f8f2ffa80589d97eed236a2bcce33ecc1c04bea8b932
SHA512

00fa2eca151bc63755a3da9e8237158f46f7863b478cbbe2dfd9111874963cc3b3f7a4faaac44bd230e63e87bf53d16cd19c19b14dddcd9bcf0c43ffbf2362c3
SSDEEP

3072:wTe4UJz8KJaQk6H7wAymw2vcr4X7lk1FYZ/2BsEDIXM1Av9IHCtNrzZ5kG:wT9U3d8AymzvIk78ERKId

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b59dacc163e3e17a5d9626681db68b13_JaffaCakes118

Files

b59dacc163e3e17a5d9626681db68b13_JaffaCakes118
.dll windows:5 windows x86 arch:x86

a02c380887057ac8ba3c8c0c3175e57c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

rasauto.pdb

Imports

msvcrt

_stricmp
tolower
wcsrchr
_initterm
wcscmp
_wcsnicmp
wcschr
sprintf
wcscpy
wcslen
_wcslwr
_strupr
time
_wcsicmp
wcsstr
wcscat
free
atol
_except_handler3
malloc
_adjust_fdiv
_strlwr

ntdll

NtWaitForSingleObject
NtClose
NtCreateFile
RtlInitUnicodeString
NtCancelIoFile
NtSetInformationThread
RtlOpenCurrentUser
RtlUnicodeStringToAnsiString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
NtOpenFile
NtQuerySystemInformation
NtDeviceIoControlFile

advapi32

InitializeSecurityDescriptor
RegisterServiceCtrlHandlerExW
SetServiceStatus
RegNotifyChangeKeyValue
CreateProcessAsUserW
RegOpenKeyExW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
RegQueryValueExW
SetThreadToken
RegOpenKeyW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
OpenProcessToken
DuplicateToken
RegCreateKeyExW
RegSetValueExW
RegCloseKey

kernel32

SetEvent
LoadLibraryA
UnhandledExceptionFilter
GetCurrentProcess
GetComputerNameW
QueueUserWorkItem
OpenProcess
lstrlenW
CreateEventA
GlobalFree
GlobalAlloc
lstrcpyW
lstrcpynW
GetSystemDirectoryW
VirtualFree
VirtualAlloc
GetExitCodeProcess
ResetEvent
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateThread
LocalFree
LocalAlloc
GetLastError
WaitForMultipleObjects
CloseHandle
CreateEventW
WaitForSingleObject
FreeLibrary
GetProcAddress
LoadLibraryW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrcmpiW
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GetTickCount
Sleep
TerminateProcess

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

rasman

RasRpcGetInstalledProtocols
RasRpcGetInstalledProtocolsEx
RasRpcGetSystemDirectory
RasRpcGetUserPreferences
RasRpcSetUserPreferences
RasGetInfo

tapi32

lineShutdown
lineGetTranslateCapsW
lineGetMessage
lineInitializeExW

user32

wsprintfW
CharNextW
CharPrevW

ws2_32

inet_addr
inet_ntoa
WSAStartup
gethostbyname
ntohl

rtutils

RouterLogDeregisterW
RouterLogEventW
RouterLogRegisterW

wmi

WmiNotificationRegistrationW

rpcrt4

I_RpcExceptionFilter

Exports

Exports

ServiceMain
SetAddressDisabledEx

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a02c380887057ac8ba3c8c0c3175e57c

Headers

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

advapi32

kernel32

userenv

rasman

tapi32

user32

ws2_32

rtutils

wmi

rpcrt4

Exports

Exports

Sections

.text Size: 76KB - Virtual size: 76KB

.data Size: 512B - Virtual size: 11KB

.rsrc Size: 99KB - Virtual size: 99KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 76KB - Virtual size: 76KB

.data
Size: 512B - Virtual size: 11KB

.rsrc
Size: 99KB - Virtual size: 99KB

.reloc
Size: 7KB - Virtual size: 7KB