073f4c7a94096bd8d97dce0c461c176f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

073f4c7a94096bd8d97dce0c461c176f_JaffaCakes118
Size

592KB
MD5

073f4c7a94096bd8d97dce0c461c176f
SHA1

a59b298d4b8cb2b364bdc4ff8def30eb7114a1bb
SHA256

b7563cd7edf3d9068deb670ab79f6f2645538fd9355f5f398e5bcb0a8955ab3e
SHA512

45a1d033a74a587feac382d41f5929e09fcf13a3c1d6883b25bcbef40f8ef1de1d25fe335dada323c241253e54140196619e71275cc9a62177eed6bb1af75de5
SSDEEP

12288:CqtXdchpGmJ5IXCw/ot20YI7zsXK5afgu:Xttcuw5h20z7zsXK50

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
073f4c7a94096bd8d97dce0c461c176f_JaffaCakes118

Files

073f4c7a94096bd8d97dce0c461c176f_JaffaCakes118
.dll windows:5 windows x86 arch:x86

6576759d818ac2e9c390f27697077a19

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

rasdlg.pdb

Imports

msvcrt

_ltoa
_wcsnicmp
_wtol
atol
_except_handler3
_local_unwind2
wcsncpy
wcslen
wcspbrk
_wcsicmp
wcstoul
wcsstr
??2@YAPAXI@Z
wcscpy
wcscmp
sprintf
vsprintf
wcscat
qsort
memmove
atoi
iswdigit
free
_initterm
_ftol
??3@YAXPAX@Z
wcsncmp
malloc
_adjust_fdiv

ntdll

DbgPrint
RtlGetNtProductType
RtlNtStatusToDosError

advapi32

FreeSid
AllocateAndInitializeSid
CheckTokenMembership
RegEnumKeyExA
RegOpenKeyExA
RegConnectRegistryW
RegEnumKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumValueW
RegQueryInfoKeyW
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetSidSubAuthority
ChangeServiceConfigW
ControlService
StartServiceW
QueryServiceStatus
OpenSCManagerW
OpenServiceW
CloseServiceHandle
OpenThreadToken
OpenProcessToken
GetSidLengthRequired
InitializeSid
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
SetSecurityDescriptorOwner

gdi32

GetTextExtentPoint32W
TranslateCharsetInfo
DeleteDC
LineTo
MoveToEx
ExtTextOutW
CreatePen
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
CreateFontIndirectW
GetObjectW
GetStockObject
GetDeviceCaps
DeleteObject
SetTextColor
SetBkColor
BitBlt
GetClipBox
PatBlt
GetCharWidthW
CreateSolidBrush
GetTextExtentPointW
GetTextMetricsW

kernel32

GetCurrentThreadId
GetCurrentProcessId
FreeLibrary
GetProcAddress
LoadLibraryW
lstrcpynW
lstrlenW
lstrcatW
ReleaseMutex
WaitForSingleObject
Sleep
lstrlenA
CreateProcessW
SetLastError
LoadLibraryA
lstrcmpiW
CloseHandle
FindClose
FindNextFileW
FindFirstFileW
IsBadWritePtr
CompareStringW
WideCharToMultiByte
lstrcpyW
GlobalDeleteAtom
CreateMutexW
GlobalAddAtomW
SetEvent
GetTickCount
CreateThread
CreateEventW
ExpandEnvironmentStringsW
LoadLibraryExW
GlobalReAlloc
DelayLoadFailureHook
InterlockedCompareExchange
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LockResource
LoadResource
FindResourceW
HeapCreate
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
GetProcessHeap
HeapFree
CreateProcessA
GetSystemDirectoryA
GetCurrentThread
GetLocaleInfoW
GetLocaleInfoA
GetNumberFormatW
GetModuleHandleW
GetWindowsDirectoryW
GetModuleFileNameW
CreateFileW
lstrcmpW
GetLastError
FormatMessageW
LocalFree
GlobalAlloc
GlobalFree
InterlockedIncrement
CreateDirectoryW
MultiByteToWideChar
LocalAlloc
GetSystemDirectoryW
GetVersionExW
lstrcmpiA
lstrcpyA
GetSystemWindowsDirectoryW
OpenMutexA
CreateMutexA
GetFullPathNameW
InterlockedDecrement
GetACP
MulDiv
GetThreadLocale
GlobalUnlock
GlobalLock
GetComputerNameW

mprapi

MprAdminPortDisconnect
MprAdminBufferFree
MprAdminPortEnum
MprAdminIsServiceRunning
MprAdminConnectionEnum
MprAdminConnectionGetInfo
MprAdminServerDisconnect
MprAdminServerConnect
MprAdminUserServerDisconnect
MprAdminUserWriteProfFlags
MprAdminUserServerConnect
MprAdminUserReadProfFlags
MprAdminUserOpen
MprAdminUserRead
MprAdminUserClose
MprAdminUserWrite
MprAdminInterfaceDelete

ole32

CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoInitializeEx
CoTaskMemFree
CLSIDFromString

rasapi32

RasScriptGetIpAddress
RasGetEapUserDataW
RasfileFindNextKeyLine
RasScriptTerm
RasScriptReceive
RasScriptSend
RasSetAutodialAddressW
RasfileGetKeyValueFields
RasGetAutodialAddressW
RasfileClose
RasfileDeleteLine
RasfileGetLineMark
RasfileFindFirstLine
RasfilePutLineMark
RasfileFindLastLine
RasfilePutKeyValueFields
RasfileFindNextLine
RasfileInsertLine
RasScriptInit
RasfileFindPrevLine
RasfileGetLine
RasfilePutSectionName
RasfileFindSectionLine
RasfileWrite
RasfileGetSectionName
RasfileLoad

rasman

RasGetDeviceConfigInfo
RasSetDeviceConfigInfo
RasGetCustomScriptDll
RasSetCommSettings
RasIsTrustedCustomDll
RasSendNotification
RasGetDeviceNameW
RasGetUnicodeDeviceName
RasRpcSetUserPreferences
RasRpcGetUserPreferences
RasRpcGetSystemDirectory
RasRpcGetInstalledProtocolsEx
RasRpcGetInstalledProtocols
RasRpcGetVersion
RasGetInfo

tapi32

lineTranslateDialogW
lineSetCurrentLocation
LOpenDialAsst
lineGetCountryW
lineGetTranslateCapsW
lineConfigDialogW
lineTranslateAddressW

user32

SendMessageA
CreateIconIndirect
GetIconInfo
LoadIconW
MessageBoxW
SendDlgItemMessageW
DialogBoxParamW
ShowCursor
SetCursor
LoadCursorW
ExitWindowsEx
LoadStringW
GetDlgItemTextW
SetCaretPos
GetCaretPos
CreateWindowExW
RegisterClassW
GetClassInfoW
GetKeyState
SetWindowsHookExW
PeekMessageW
UnhookWindowsHookEx
PostMessageW
GetClientRect
GetDC
GetSysColorBrush
ReleaseDC
WinHelpW
SetDlgItemTextW
SetForegroundWindow
GetWindowTextW
wsprintfW
SetDlgItemInt
GetDlgItemInt
SetWindowPos
ShowWindow
SetTimer
IsDlgButtonChecked
KillTimer
CheckDlgButton
LoadImageW
EndDialog
SetWindowLongW
GetDlgItem
SetWindowTextW
GetParent
EnableWindow
GetFocus
IsWindowEnabled
SetFocus
GetWindowLongW
SendMessageW
GetWindowRect
RemovePropW
GetActiveWindow
InvalidateRect
UpdateWindow
LoadBitmapW
GetWindowTextLengthW
EnumChildWindows
EnumWindows
SetPropW
GetPropW
CallWindowProcW
DestroyIcon
CharNextW
CharPrevW
GetDlgCtrlID
MapWindowPoints
ScreenToClient
IsWindowVisible
GetSystemMetrics
InflateRect
GetSysColor
EnumThreadWindows
GetCursorPos
DestroyWindow
MessageBeep
DefWindowProcW
EndPaint
SetRect
FillRect
BeginPaint
DrawFocusRect
DrawTextW

ws2_32

ntohs
htonl
htons

rpcrt4

I_RpcExceptionFilter
RpcBindingFree
UuidCreate

Exports

Exports

DwTerminalDlg
GetRasDialOutProtocols
RasAutodialDisableDlgA
RasAutodialDisableDlgW
RasAutodialQueryDlgA
RasAutodialQueryDlgW
RasDialDlgA
RasDialDlgW
RasEntryDlgA
RasEntryDlgW
RasMonitorDlgA
RasMonitorDlgW
RasPhonebookDlgA
RasPhonebookDlgW
RasSrvAddPropPages
RasSrvAddWizPages
RasSrvAllowConnectionsConfig
RasSrvCleanupService
RasSrvEnumConnections
RasSrvHangupConnection
RasSrvInitializeService
RasSrvIsConnectionConnected
RasSrvIsServiceRunning
RasSrvQueryShowIcon
RasUserEnableManualDial
RasUserGetManualDial
RasUserPrefsDlg
RasWizCreateNewEntry
RasWizGetNCCFlags
RasWizGetSuggestedEntryName
RasWizGetUserInputConnectionName
RasWizIsEntryRenamable
RasWizQueryMaxPageCount
RasWizSetEntryName
RouterEntryDlgA
RouterEntryDlgW

Sections

.text
Size: 318KB - Virtual size: 317KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6576759d818ac2e9c390f27697077a19

Headers

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

advapi32

gdi32

kernel32

mprapi

ole32

rasapi32

rasman

tapi32

user32

ws2_32

rpcrt4

Exports

Exports

Sections

.text Size: 318KB - Virtual size: 317KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 241KB - Virtual size: 241KB

.reloc Size: 21KB - Virtual size: 21KB

.text
Size: 318KB - Virtual size: 317KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 241KB - Virtual size: 241KB

.reloc
Size: 21KB - Virtual size: 21KB