de3887dc05ec99f98ac67ccf91d98f95_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

de3887dc05ec99f98ac67ccf91d98f95_JaffaCakes118
Size

468KB
MD5

de3887dc05ec99f98ac67ccf91d98f95
SHA1

dd766453f4731d0354affc6bc336e67c7eab6652
SHA256

3af259a408a9125799299da641bf453571e1c8e1c07948fb222cd8987514211a
SHA512

b04e9d52b86aeac5c4a0b2425c8e7b3f072c4afb87e6d4515d32f0ef89505df30f344ece03392bcb13eec98abe5bb445d664d701ad454e6d975d2849b0addd64
SSDEEP

12288:KsAcUOa2iLPZwq8GUZOpGrclON+N/yBdNldy3:YcUOELhS2Yg08qldy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de3887dc05ec99f98ac67ccf91d98f95_JaffaCakes118

Files

de3887dc05ec99f98ac67ccf91d98f95_JaffaCakes118
.exe windows:4 windows x86 arch:x86

227b19234d290a0d05d53b8a7f0a4326

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtSetInformationProcess
RtlAddAccessAllowedAce
RtlIdentifierAuthoritySid
sprintf
NtPrivilegeCheck
NtQueryPerformanceCounter
RtlOemStringToUnicodeString
RtlInitializeGenericTable
wcsstr
NtFlushBuffersFile
RtlEnterCriticalSection
RtlDestroyHandleTable
RtlAreAnyAccessesGranted
tolower
NtSetSecurityObject
wcsncpy
NtEnumerateKey
RtlIsGenericTableEmpty
NtCreateFile
RtlFreeSid
RtlEnumerateGenericTableWithoutSplaying
NtOpenProcess
RtlInitializeHandleTable
RtlGetAce
RtlSetSecurityDescriptorRMControl
NtCreateSemaphore
NtCompareTokens
RtlLookupElementGenericTable
RtlGetGroupSecurityDescriptor
RtlFreeAnsiString
RtlSetInformationAcl
RtlInitString
wcsrchr
RtlAddAccessAllowedObjectAce
RtlInitUnicodeStringEx
RtlCreateHeap
NtAdjustGroupsToken
RtlDeleteCriticalSection
RtlSetDaclSecurityDescriptor
NtQueryKey
RtlAddAccessAllowedAceEx
NtSetEvent
RtlCompareUnicodeString
NtAccessCheckByTypeResultListAndAuditAlarm
wcslen
NtNotifyChangeKey
wcstombs
NtUnloadKey
RtlGetDaclSecurityDescriptor
NtFreeVirtualMemory
NtPrivilegedServiceAuditAlarm
RtlValidSecurityDescriptor
RtlConvertToAutoInheritSecurityObject
NtReplaceKey
RtlCopyUnicodeString
NtAdjustPrivilegesToken
RtlDeleteSecurityObject
memmove
NtQueryVirtualMemory
RtlNewSecurityObjectWithMultipleInheritance
RtlFreeUnicodeString
_snwprintf
RtlNtStatusToDosError
NtQuerySystemInformation
NtDeleteValueKey
NtFsControlFile
RtlGetOwnerSecurityDescriptor
RtlQueryProcessDebugInformation
RtlAllocateAndInitializeSid
RtlFormatCurrentUserKeyPath
NtWaitForMultipleObjects
NtWaitForSingleObject
RtlCreateUnicodeString
RtlAppendUnicodeToString
RtlAdjustPrivilege
RtlGUIDFromString
wcscmp
NtDuplicateObject
RtlCompareMemory
RtlAddAuditAccessAceEx
RtlCreateUnicodeStringFromAsciiz
RtlImpersonateSelf
RtlSetSecurityObject
RtlSubAuthorityCountSid
NtCreateEvent
RtlxAnsiStringToUnicodeSize
NtCloseObjectAuditAlarm
NtLoadKey
RtlUpcaseUnicodeStringToOemString
NtAccessCheckByTypeResultList
wcsncmp
NtWriteFile
RtlDosPathNameToNtPathName_U
RtlGetSecurityDescriptorRMControl
NtQueryInformationProcess
NtAccessCheckAndAuditAlarm
RtlSelfRelativeToAbsoluteSD
RtlEqualUnicodeString
RtlFreeHandle
RtlQuerySecurityObject
RtlSetGroupSecurityDescriptor
NtQuerySystemTime
_alloca_probe
RtlMapGenericMask
RtlAreAllAccessesGranted
RtlAddAccessDeniedAce
RtlAddAccessDeniedAceEx
RtlAppendUnicodeStringToString
NtDuplicateToken
NtOpenSymbolicLinkObject
RtlInitializeCriticalSection
NtSetValueKey
NtQueryMultipleValueKey
RtlGetControlSecurityDescriptor
NtReleaseSemaphore
RtlAnsiStringToUnicodeString
RtlDeleteAce
RtlSetSaclSecurityDescriptor
RtlAddAccessDeniedObjectAce
wcschr
_ftol
RtlUnicodeStringToInteger
RtlFlushSecureMemoryCache
RtlUnicodeStringToAnsiString
NtSaveMergedKeys
NtDeviceIoControlFile
RtlStringFromGUID
NtClose
RtlInitAnsiString
RtlSubAuthoritySid
RtlValidAcl
RtlAbsoluteToSelfRelativeSD
RtlFreeHeap
RtlSetSecurityObjectEx
RtlCopySid
RtlAddAuditAccessAce
RtlLengthSecurityDescriptor
_chkstk
RtlCreateQueryDebugBuffer
_ultow
RtlDestroyQueryDebugBuffer
RtlSetOwnerSecurityDescriptor
RtlGetNtProductType
NtEnumerateValueKey
iswctype
RtlIsValidIndexHandle
NtQueryValueKey
wcscat
RtlInitializeSid
swprintf
RtlInitUnicodeString
RtlOpenCurrentUser
NtFlushKey
NtOpenProcessToken
strstr
NtClearEvent
NtQueryInformationFile
NtSetInformationObject
NtQueryVolumeInformationFile
RtlLengthRequiredSid
RtlQueryRegistryValues
NtOpenObjectAuditAlarm
RtlConvertSidToUnicodeString
NtOpenKey
RtlGetFullPathName_U
NtOpenThreadToken
RtlEqualSid
RtlNumberGenericTableElements
RtlUnicodeToMultiByteN
RtlValidRelativeSecurityDescriptor
RtlLeaveCriticalSection
RtlIntegerToUnicodeString
NtDeleteObjectAuditAlarm
NtSaveKey
wcstoul
RtlGetSaclSecurityDescriptor
_itow
RtlEqualPrefixSid
RtlFirstFreeAce
NtRestoreKey
RtlMakeSelfRelativeSD
RtlDestroyHeap
RtlUpcaseUnicodeChar
_vsnwprintf
NtSetInformationFile
NtReadFile
NtQuerySecurityObject
RtlMultiByteToUnicodeN
RtlDetermineDosPathNameType_U
NtSetInformationToken
strncpy
NtTerminateProcess
RtlUnicodeToMultiByteSize
_strnicmp
NtNotifyChangeMultipleKeys
RtlxUnicodeStringToAnsiSize
RtlNewSecurityObjectEx
RtlValidSid
_stricmp
NtPrivilegeObjectAuditAlarm
RtlSelfRelativeToAbsoluteSD2
strchr
mbstowcs
NtDeleteKey
NtSaveKeyEx
atol
NtAllocateVirtualMemory
RtlExpandEnvironmentStrings_U
RtlRandom
RtlGetVersion
RtlSetControlSecurityDescriptor
_wcsnicmp
_wcslwr
NtTraceEvent
RtlDeleteElementGenericTable
RtlAllocateHeap
RtlCreateAcl
NtQuerySymbolicLinkObject
RtlAddAce
RtlQueryInformationAcl
RtlDuplicateUnicodeString
NtAccessCheck
RtlImageNtHeader
NtFilterToken
RtlInsertElementGenericTable
NtAccessCheckByTypeAndAuditAlarm
RtlAllocateHandle
RtlPrefixUnicodeString
NtImpersonateAnonymousToken
NtPowerInformation
NtAccessCheckByType
RtlLengthSid
NtQueryInformationThread
_wcsicmp
RtlIsTextUnicode
DbgPrint
NtCreateKey
RtlAddAuditAccessObjectAce
NtOpenFile
NtAllocateLocallyUniqueId
NlsMbCodePageTag
RtlTimeToSecondsSince1970
RtlUnwind
NtAccessCheckByTypeResultListAndAuditAlarmByHandle
RtlNewSecurityObject
RtlCreateSecurityDescriptor
NtSetInformationThread
wcscpy
RtlCopyLuid
RtlReAllocateHeap
wcstol
NtQueryInformationToken

kernel32

GetProcessHeap
HeapAlloc
DeleteFileW
GetFileSizeEx
EnterCriticalSection
GetLocalTime
CreateFileMappingA
lstrcmpW
GetPriorityClass
OpenFile
SetUnhandledExceptionFilter
ResumeThread
GetSystemInfo
CompareFileTime
GetFileAttributesExW
WaitForSingleObject
ReadFile
GetCurrentThreadId
GlobalMemoryStatus
CreateFileW
lstrlenA
lstrlenW
lstrcpyA
VirtualFree
GetVolumeInformationW
UnmapViewOfFile
IsBadWritePtr
LoadLibraryExW
GetDriveTypeW
GetCurrentProcess
GetVersionExA
SetFilePointer
OpenEventW
lstrcmpiW
GetFullPathNameA
GetDiskFreeSpaceExW
GetSystemTime
CreateFileA
GetModuleHandleW
GetModuleHandleA
GetProfileIntA
GetProcAddress
GetUserDefaultUILanguage
GetLastError
OpenProcess
ExpandEnvironmentStringsW
InitializeCriticalSection
lstrcpyW
GetComputerNameExW
DelayLoadFailureHook
GetConsoleOutputCP
SizeofResource
GetLogicalDriveStringsW
GetProfileStringA
GetPrivateProfileStringW
SetThreadPriority
GetDiskFreeSpaceW
UnhandledExceptionFilter
GetCommandLineW
FormatMessageW
GetFileSize
HeapFree
CreateEventW
FindFirstFileExW
SleepEx
SetEvent
AreFileApisANSI
RaiseException
GetTimeZoneInformation
GetCurrentThread
GetOverlappedResult
MoveFileW
EnumUILanguagesW
ReleaseMutex
FindResourceA
LoadResource
CreateFileMappingW
SetLastError
FindResourceExW
InterlockedExchangeAdd
GetModuleFileNameW
SearchPathW
LocalFree
LocalAlloc
LoadLibraryW
DuplicateHandle
OpenMutexW
Sleep
GetPrivateProfileIntW
InterlockedCompareExchange
GetLongPathNameW
GetConsoleCP
CreateProcessInternalA
DeleteCriticalSection
lstrcpynW
FreeLibrary
ExpandEnvironmentStringsA
MultiByteToWideChar
CloseHandle
GetSystemTimeAsFileTime
ResetEvent
GetFileTime
CreateProcessInternalW
CreateEventA
ReadProcessMemory
GetWindowsDirectoryW
GetCurrentProcessId
TerminateProcess
LocalReAlloc
WaitForMultipleObjectsEx
FindFirstFileW
GetModuleHandleExW
GetSystemDirectoryW
WriteFile
MapViewOfFile
CreateMutexW
SetErrorMode
GetSystemWindowsDirectoryW
DeviceIoControl
InterlockedExchange
WritePrivateProfileStringW
GetComputerNameA
GetComputerNameW
CancelIo
VirtualAlloc
GetFileAttributesW
ExitThread
GetTickCount
SetNamedPipeHandleState
InterlockedDecrement
Beep
LeaveCriticalSection
WaitNamedPipeW
FindClose
QueryPerformanceCounter
LoadLibraryA
InterlockedIncrement
GetFullPathNameW
CreateThread
OutputDebugStringW
_lclose
FindNextFileW
lstrcatW
WideCharToMultiByte
CopyFileW

rpcrt4

RpcBindingSetAuthInfoW
RpcStringFreeW
RpcSsDestroyClientContext
RpcBindingSetAuthInfoExW
RpcStringBindingParseW
RpcBindingSetAuthInfoExA
NDRCContextBinding
I_RpcMapWin32Status
RpcRevertToSelf
I_RpcExceptionFilter
RpcBindingToStringBindingW
NdrClientCall2
RpcImpersonateClient
UuidToStringW
I_RpcBindingIsClientLocal
RpcStringBindingComposeW
RpcBindingFromStringBindingW
UuidCreate
RpcEpResolveBinding
RpcRaiseException
RpcBindingSetAuthInfoA
UuidFromStringW
RpcBindingFree

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 242KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 202KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 952KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

227b19234d290a0d05d53b8a7f0a4326

Headers

File Characteristics

Imports

ntdll

kernel32

rpcrt4

Sections

.text Size: 17KB - Virtual size: 17KB

.rsrc Size: 242KB - Virtual size: 242KB

.reloc Size: 512B - Virtual size: 28B

.rdata Size: 202KB - Virtual size: 201KB

.data Size: 4KB - Virtual size: 952KB

.text
Size: 17KB - Virtual size: 17KB

.rsrc
Size: 242KB - Virtual size: 242KB

.reloc
Size: 512B - Virtual size: 28B

.rdata
Size: 202KB - Virtual size: 201KB

.data
Size: 4KB - Virtual size: 952KB