f0685d5a057949fe6606d18600c75dd4_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f0685d5a057949fe6606d18600c75dd4_JaffaCakes118
Size

213KB
MD5

f0685d5a057949fe6606d18600c75dd4
SHA1

cfb36b38f3cd729d8763f63532d36826b5987603
SHA256

01ea5a7e541563a66fb0b2f74b83bb19575cc1fbddce06116bd6bb583e440379
SHA512

703bade20c1d065eb9a97d2a5351898483d74b5d8468e35ebe5e623bb3cf535bb441c6e9f87704fdee4057e50112e7c5495087f6ea2bfe973c28531436c16a6c
SSDEEP

6144:UWjwuPsg/5jWUMACTyG7WjPQBA5Qc++EGaPGVVa6S:9njRjWUMND8Qc++ra

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0685d5a057949fe6606d18600c75dd4_JaffaCakes118

Files

f0685d5a057949fe6606d18600c75dd4_JaffaCakes118
.dll windows:5 windows x86 arch:x86

345e41fcac8c3d686590e5ddecef22e9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msv1_0.pdb

Imports

advapi32

QueryServiceConfigW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
ImpersonateAnonymousToken
RegisterTraceGuidsW
GetTraceLoggerHandle
SystemFunction036
IsTextUnicode
CredUnmarshalCredentialW
CredFree
AdjustTokenPrivileges
SetThreadToken
GetTokenInformation
RegNotifyChangeKeyValue
RegDeleteValueW
A_SHAInit
A_SHAUpdate
A_SHAFinal
OpenSCManagerW
OpenServiceW
RevertToSelf
QueryServiceStatus
CloseServiceHandle
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
TraceEvent
SystemFunction009
SystemFunction008
SystemFunction006
SystemFunction007
SystemFunction011
LsaOpenPolicy
LsaQueryInformationPolicy
LsaClose
LsaFreeMemory

cryptdll

MD5Init
MD5Final
MD5Update

iphlpapi

GetAdaptersAddresses

kernel32

InterlockedExchange
GetLocalTime
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
GetModuleHandleW
GetModuleFileNameW
lstrcpyW
lstrlenW
InterlockedExchangeAdd
LocalFree
LocalAlloc
InterlockedDecrement
InterlockedCompareExchange
SetLastError
GetVersionExW
CreateEventW
RegisterWaitForSingleObjectEx
ExpandEnvironmentStringsW
GetComputerNameExW
VirtualProtect
LoadLibraryA
GetComputerNameW
InterlockedIncrement
LoadLibraryW
GetProcAddress
FreeLibrary
VirtualAlloc
RaiseException
WriteFile
GetWindowsDirectoryW
GetLastError
CreateFileW
SetFilePointer
CloseHandle
GetCurrentThread

msvcrt

_resetstkoflw
wcslen
wcsncat
wcsncmp
_wcsicmp
wcsncpy
strncmp
wcsrchr
wcschr
strncpy
wcscpy
_except_handler3
sprintf
_vsnprintf
wcscat

ntdll

NtQueryValueKey
NtDeleteValueKey
RtlAppendUnicodeToString
RtlIntegerToUnicodeString
RtlAppendUnicodeStringToString
NtSetValueKey
NtCreateKey
RtlUpcaseUnicodeStringToOemString
RtlCopyUnicodeString
RtlPrefixUnicodeString
NtAllocateLocallyUniqueId
RtlEqualSid
RtlUpcaseUnicodeString
RtlCopySid
RtlAcquireResourceExclusive
NtCreateEvent
RtlConvertSharedToExclusive
RtlIntegerToChar
RtlFreeOemString
NtOpenEvent
NtWaitForSingleObject
RtlGetNtProductType
RtlInitializeResource
NtOpenKey
RtlDowncaseUnicodeString
RtlFreeUnicodeString
RtlLengthSid
RtlSubAuthorityCountSid
RtlSubAuthoritySid
RtlLengthRequiredSid
RtlIdentifierAuthoritySid
RtlUpperChar
NtQuerySystemTime
RtlEraseUnicodeString
RtlRunDecodeUnicodeString
RtlCompareMemory
RtlEqualDomainName
RtlEqualUnicodeString
RtlAcquireResourceShared
RtlReleaseResource
RtlImpersonateSelf
NtOpenThreadToken
RtlAllocateAndInitializeSid
NtFilterToken
NtSetInformationThread
RtlFreeSid
NtClose
RtlInitString
RtlInitUnicodeString
NtQueryInformationToken
NtOpenProcessToken
RtlInitializeCriticalSection
RtlOemStringToUnicodeString
RtlNtStatusToDosError
NtSetSecurityObject
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
NtDuplicateObject
NtDuplicateToken
RtlDeleteElementGenericTable
RtlGetElementGenericTable
RtlNumberGenericTableElements
RtlInitializeGenericTable
RtlInsertElementGenericTable
RtlLookupElementGenericTable
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlAllocateHeap
RtlFreeHeap
RtlImageNtHeader
RtlEqualString
RtlExtendedMagicDivide
RtlInitializeSid
RtlSystemTimeToLocalTime

secur32

FreeContextBuffer
CredMarshalTargetInfo
CredUnmarshalTargetInfo

ws2_32

WSAStartup
htonl
freeaddrinfo
getaddrinfo

Exports

Exports

ServiceMain
LsaApCallPackagePassthrough
LsaApCallPackageUntrusted
LsaApInitializePackage
LsaApLogonTerminated
LsaApLogonUserEx2
Msv1_0ExportSubAuthenticationRoutine
Msv1_0SubAuthenticationPresent
MsvGetLogonAttemptCount
MsvIsLocalhostAliases
MsvSamLogoff
MsvSamValidate
MsvValidateTarget
SpInitialize
SpInstanceInit
SpLsaModeInitialize
SpUserModeInitialize
SupportsChannelBinding

Sections

.text
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

345e41fcac8c3d686590e5ddecef22e9

Headers

File Characteristics

PDB Paths

Imports

advapi32

cryptdll

iphlpapi

kernel32

msvcrt

ntdll

secur32

ws2_32

Exports

Exports

Sections

.text Size: 118KB - Virtual size: 117KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 84KB - Virtual size: 84KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 118KB - Virtual size: 117KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 84KB - Virtual size: 84KB

.reloc
Size: 5KB - Virtual size: 4KB