07325a35e023a4f7d2a6fd87fc86bf06_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

07325a35e023a4f7d2a6fd87fc86bf06_JaffaCakes118
Size

229KB
MD5

07325a35e023a4f7d2a6fd87fc86bf06
SHA1

928171b205df7dea2516fab0a5efcb3904b01a50
SHA256

684b6c731b59eee8fb627c301f45d82dd22e8f7c30e0b3266d8b2531903e0b2a
SHA512

a0524af287354b426b5d7e55fd2a17ce5ba62717daf3b3590710374160203f449a69e66587abd240492abdc40692df6cd5aa1f73ef39799f5f0291788681529d
SSDEEP

3072:cDLglQaj0d3n7fUggEqqoJP9jR5HD/SExHlXlIXB:A0l0x78ggECP9jR5HD/LHlXlG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07325a35e023a4f7d2a6fd87fc86bf06_JaffaCakes118

Files

07325a35e023a4f7d2a6fd87fc86bf06_JaffaCakes118
.dll windows:5 windows x86 arch:x86

b3a4c187ea0d7fd8ba863747e4f39527

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

msvcrt

_except_handler3
free
_initterm
malloc
_adjust_fdiv
__dllonexit
_onexit
wcslen
_wtoi
_purecall
wcscpy
wcscat
wcschr
towupper
memmove
swprintf
_stricmp
wcstol

ntdll

NtQuerySystemInformation
RtlTimeToSecondsSince1980
NtQueryInformationToken
RtlFreeSid
RtlSetSaclSecurityDescriptor
NtOpenFile
NtSetInformationProcess
NtDuplicateToken
RtlCreateAcl
RtlLengthSid
RtlSetDaclSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAce
RtlCopySid
RtlAllocateAndInitializeSid
RtlAdjustPrivilege
DbgPrint
RtlDeleteCriticalSection
RtlInitializeCriticalSection
RtlEqualSid
NtCreateFile
NtFsControlFile
NtClose
RtlFreeUnicodeString
RtlGetAce
RtlGetDaclSecurityDescriptor
RtlConvertSidToUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlNtStatusToDosError
NtSetUuidSeed
RtlGetNtProductType

rpcrt4

NdrServerCall2
RpcRevertToSelf
UuidCreate
RpcAsyncInitializeHandle
RpcStringBindingComposeW
RpcAsyncCancelCall
RpcBindingFromStringBindingW
RpcRevertToSelfEx
RpcBindingReset
RpcBindingSetObject
RpcBindingCopy
I_RpcBindingInqWireIdForSnego
NdrSimpleStructBufferSize
NdrClientCall2
RpcImpersonateClient
I_RpcGetBuffer
NdrConformantVaryingArrayBufferSize
RpcServerRegisterAuthInfoW
RpcServerInqBindings
RpcBindingVectorFree
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcBindingSetAuthInfoExW
RpcBindingSetAuthInfoW
RpcBindingFree
RpcServerRegisterIf
NdrClientInitializeNew
I_RpcServerSetAddressChangeFn
I_RpcServerRegisterForwardFunction
I_RpcTransGetAddressList
NdrServerInitializeNew
NdrFullPointerXlatInit
NdrServerContextNewUnmarshall
NdrAllocate
NdrGetBuffer
NdrPointerBufferSize
NdrServerContextNewMarshall
RpcServerListen
RpcMgmtIsServerListening
I_RpcAllocate
I_RpcFree
RpcServerUseProtseqEpExW
NdrConformantVaryingArrayMarshall
NdrPointerFree
NdrFullPointerXlatFree
TowerExplode
I_RpcBindingInqTransportType
RpcRaiseException
NdrSimpleStructMarshall
NdrPointerMarshall
NdrSendReceive
NdrConvert
NdrSimpleStructUnmarshall
NdrPointerUnmarshall
NdrCorrelationPass
NdrCorrelationFree
NdrFreeBuffer
NdrMapCommAndFaultStatus
RpcBindingSetOption
RpcAsyncCompleteCall
RpcStringFreeW
NdrCorrelationInitialize
NdrMesTypeAlignSize2
MesDecodeBufferHandleCreate
NdrAsyncServerCall
NdrMesTypeEncode2
MesHandleFree
NdrAsyncClientCall
MesEncodeFixedBufferHandleCreate
NdrMesTypeDecode2

advapi32

GetSidSubAuthorityCount
QueryServiceStatus
GetFileSecurityW
BuildTrusteeWithSidW
SetEntriesInAclW
SetFileSecurityW
GetSiteNameFromSid
RegSetValueExW
LsaOpenPolicy
LsaRetrievePrivateData
RegQueryInfoKeyW
StartServiceW
GetSiteDirectoryW
CreateProcessAsUserW
LookupAccountSidW
IsValidSid
GetSidIdentifierAuthority
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
AllocateLocallyUniqueId
SetServiceStatus
RegisterServiceCtrlHandlerExW
FreeSid
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
RegQueryValueA
OpenThreadToken
EqualSid
GetTokenInformation
SetThreadToken
RegQueryValueExA
IsTokenRestricted
GetMangledSiteSid
GetSiteSidFromToken
RegOpenKeyExA
RegOpenKeyW
SetSecurityDescriptorOwner
RegQueryValueW
OpenProcessToken
DuplicateToken
SetSecurityDescriptorGroup
RevertToSelf
CommandLineFromMsiDescriptor
RegOpenUserClassesRoot
GetAce
GetSecurityDescriptorDacl
ControlService
RegNotifyChangeKeyValue
GetSidSubAuthority
DeregisterEventSource
ReportEventW
RegisterEventSourceW
LogonUserW
LsaClose
RegEnumValueW
CopySid
RegCreateKeyExW
AccessCheck
DuplicateTokenEx
ImpersonateLoggedOnUser

kernel32

ReleaseMutex
CreateMutexW
ResumeThread
CreateProcessW
AssignProcessToJobObject
FindClose
FindFirstFileW
IsBadReadPtr
ReadFile
WriteFile
WaitForMultipleObjects
OpenProcess
WaitNamedPipeW
GetExitCodeProcess
lstrcmpiA
WideCharToMultiByte
DisableThreadLibraryCalls
MapViewOfFileEx
CreateFileMappingW
GetDriveTypeW
OpenEventW
LoadLibraryW
GetSystemDirectoryW
lstrcmpiW
ExpandEnvironmentStringsW
GetSystemWindowsDirectoryA
lstrcpyA
GetFileAttributesA
LoadLibraryA
GetProcAddress
FreeLibrary
TlsGetValue
TlsSetValue
ResetEvent
DebugBreak
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
CreateJobObjectW
SetInformationJobObject
TerminateJobObject
DeleteCriticalSection
GetCurrentThread
IsBadWritePtr
lstrcatW
GetCurrentProcessId
lstrlenA
CreateEventA
TlsAlloc
WaitForSingleObject
LocalAlloc
GetComputerNameA
LocalFree
Sleep
GetDiskFreeSpaceA
QueryPerformanceCounter
GlobalMemoryStatus
GetProcessHeap
GetComputerNameW
GetLastError
HeapFree
HeapAlloc
InitializeCriticalSection
LeaveCriticalSection
InterlockedExchange
EnterCriticalSection
MultiByteToWideChar
lstrcmpW
lstrcpynW
UnmapViewOfFile
GetCurrentThreadId
SetEvent
CreateEventW
GetTickCount
InterlockedIncrement
CreateThread
InterlockedDecrement
SleepEx
CreateFileW
DeviceIoControl
CloseHandle
SetLastError
lstrcpyW
GetSystemTimeAsFileTime
lstrlenW
InterlockedExchangeAdd
HeapCreate

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

ws2_32

getsockname
bind
socket
WSASetServiceW
htons
inet_ntoa
gethostbyname
gethostname
closesocket

ole32

CoGetMarshalSizeMax
CoReleaseMarshalData
CoUnmarshalInterface
CoMarshalInterface
CoInitializeEx

user32

wsprintfW
GetUserObjectInformationW
GetProcessWindowStation
GetThreadDesktop
CharUpperW

secur32

EnumerateSecurityPackagesW

Exports

Exports

ServiceMain

Sections

.text
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b3a4c187ea0d7fd8ba863747e4f39527

Headers

File Characteristics

Imports

msvcrt

ntdll

rpcrt4

advapi32

kernel32

userenv

ws2_32

ole32

user32

secur32

Exports

Exports

Sections

.text Size: 168KB - Virtual size: 167KB

.data Size: 50KB - Virtual size: 49KB

.rsrc Size: 1024B - Virtual size: 976B

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 168KB - Virtual size: 167KB

.data
Size: 50KB - Virtual size: 49KB

.rsrc
Size: 1024B - Virtual size: 976B

.reloc
Size: 9KB - Virtual size: 8KB