0773aba233f4cb937ecf129f444984f3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0773aba233f4cb937ecf129f444984f3_JaffaCakes118
Size

334KB
MD5

0773aba233f4cb937ecf129f444984f3
SHA1

9aaae6a9b7fb176c518a2c1ba5a1da3ccf1197ea
SHA256

6999b77940a14a1b7c562927e2aa1beb3d74796294f669fc917bd0e947b58938
SHA512

6fa32b1b12ec1d187fc326398b02edc67099a1a1b8da585836314728a43d8dd8337e2737b8df283d6ee00c5fe8c48b4ce5e1b870f9e9e444db8257af178a4f19
SSDEEP

6144:ntmPqSx+MJ1aeww8K+q4/fXnZrxIGPTOoSOy93jtDR1QNGdNlxWNK4ZHh1cGoE1N:ntmPqSwMraFw8AGMugxjtjQNWNlxIhZK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0773aba233f4cb937ecf129f444984f3_JaffaCakes118

Files

0773aba233f4cb937ecf129f444984f3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8c30e39b080ef481a37efce040c03777

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcBindingSetAuthInfoExW
RpcBindingToStringBindingW
RpcBindingFree
RpcRevertToSelf
UuidFromStringW
RpcBindingSetAuthInfoExA
UuidToStringW
I_RpcExceptionFilter
UuidCreate
RpcSsDestroyClientContext
I_RpcMapWin32Status
I_RpcBindingIsClientLocal
NdrClientCall2
RpcBindingSetAuthInfoW
NDRCContextBinding
RpcRaiseException
RpcStringBindingParseW
RpcStringBindingComposeW
RpcImpersonateClient
RpcEpResolveBinding
RpcStringFreeW
RpcBindingFromStringBindingW
RpcBindingSetAuthInfoA

ntdll

RtlValidSecurityDescriptor
RtlFreeSid
RtlUpcaseUnicodeChar
RtlNumberGenericTableElements
RtlCreateHeap
NtRestoreKey
RtlEqualPrefixSid
RtlUnicodeToMultiByteN
RtlLeaveCriticalSection
RtlCreateUnicodeStringFromAsciiz
RtlUnwind
mbstowcs
RtlOemStringToUnicodeString
RtlAddAce
RtlUnicodeStringToInteger
NtFlushBuffersFile
NtAdjustGroupsToken
RtlInitUnicodeStringEx
NtPrivilegeCheck
NtCreateSemaphore
RtlImageNtHeader
RtlInitAnsiString
_strnicmp
RtlInitializeCriticalSection
RtlAddAccessDeniedObjectAce
NtQueryVolumeInformationFile
NtTerminateProcess
wcstoul
RtlValidAcl
NtAccessCheckByTypeResultListAndAuditAlarm
RtlIsTextUnicode
RtlFreeHeap
RtlLengthRequiredSid
RtlInitUnicodeString
NtAllocateVirtualMemory
NtCloseObjectAuditAlarm
NtOpenProcess
RtlInitializeSid
strncpy
RtlFlushSecureMemoryCache
NtClearEvent
RtlCopySid
NtCreateEvent
NtTraceEvent
RtlSetDaclSecurityDescriptor
NtSetEvent
RtlDosPathNameToNtPathName_U
NtAccessCheck
NtDuplicateObject
RtlDeleteAce
RtlSetOwnerSecurityDescriptor
RtlExpandEnvironmentStrings_U
RtlUpcaseUnicodeStringToOemString
RtlUnicodeStringToAnsiString
NtDuplicateToken
wcscat
NtSaveMergedKeys
RtlLengthSecurityDescriptor
_snwprintf
NtWaitForSingleObject
NtSetInformationProcess
_stricmp
RtlQueryInformationAcl
NtQuerySystemInformation
NtSetValueKey
RtlConvertToAutoInheritSecurityObject
RtlIdentifierAuthoritySid
NtReplaceKey
RtlLengthSid
NtDeleteValueKey
RtlAddAccessDeniedAce
RtlFreeHandle
RtlAddAuditAccessObjectAce
iswctype
RtlQueryProcessDebugInformation
NtQueryMultipleValueKey
RtlEnterCriticalSection
RtlSetSecurityObject
RtlPrefixUnicodeString
_vsnwprintf
RtlEqualUnicodeString
NtPowerInformation
NtReadFile
NtNotifyChangeMultipleKeys
RtlEnumerateGenericTableWithoutSplaying
RtlNewSecurityObject
NtQueryVirtualMemory
strchr
NtClose
RtlQueryRegistryValues
RtlCompareUnicodeString
RtlInitString
RtlGetControlSecurityDescriptor
RtlFormatCurrentUserKeyPath
RtlLookupElementGenericTable
NtOpenObjectAuditAlarm
wcscpy
NtAccessCheckAndAuditAlarm
RtlFreeAnsiString
NtQueryInformationFile
wcsncmp
RtlNtStatusToDosError
RtlIsValidIndexHandle
NtImpersonateAnonymousToken
swprintf
RtlUnicodeToMultiByteSize
NtOpenProcessToken
NtQueryKey
RtlAllocateHeap
RtlMultiByteToUnicodeN
NtSaveKey
NtOpenKey
RtlValidRelativeSecurityDescriptor
RtlDestroyHeap
RtlCopyUnicodeString
NtQueryInformationThread
RtlGetGroupSecurityDescriptor
NtDeleteObjectAuditAlarm
RtlSetSecurityObjectEx
RtlSetSecurityDescriptorRMControl
RtlCompareMemory
RtlGetSecurityDescriptorRMControl
RtlCopyLuid
NtPrivilegedServiceAuditAlarm
RtlCreateUnicodeString
NtOpenSymbolicLinkObject
RtlAddAccessDeniedAceEx
NtFilterToken
wcstombs
_ftol
NtQuerySecurityObject
RtlValidSid
RtlSelfRelativeToAbsoluteSD
NtQueryInformationProcess
wcsstr
NtFreeVirtualMemory
NtAdjustPrivilegesToken
memmove
RtlGetOwnerSecurityDescriptor
_itow
RtlSetSaclSecurityDescriptor
NtAccessCheckByTypeAndAuditAlarm
RtlAddAuditAccessAce
wcschr
NtUnloadKey
NtSetInformationFile
RtlQuerySecurityObject
NtCreateKey
NtAllocateLocallyUniqueId
RtlConvertSidToUnicodeString
DbgPrint
NtSetInformationToken
NtQueryValueKey
wcsncpy
RtlDeleteCriticalSection
RtlFirstFreeAce
NtNotifyChangeKey
_alloca_probe
RtlRandom
NtSaveKeyEx
NtFlushKey
RtlGetDaclSecurityDescriptor
RtlxUnicodeStringToAnsiSize
RtlMapGenericMask
RtlGetFullPathName_U
RtlCreateAcl
RtlEqualSid
NtQueryInformationToken
RtlAddAuditAccessAceEx
RtlxAnsiStringToUnicodeSize
RtlSetInformationAcl
_wcslwr
RtlIsGenericTableEmpty
NtCreateDirectoryObject
RtlAllocateHandle
atol
RtlAreAllAccessesGranted
_wcsnicmp
NtReleaseSemaphore
RtlAppendUnicodeToString
RtlAreAnyAccessesGranted
RtlAdjustPrivilege
RtlGetNtProductType
RtlAnsiStringToUnicodeString
NtQuerySystemTime
_ultow
NtEnumerateValueKey
RtlGetSaclSecurityDescriptor
RtlSubAuthorityCountSid
sprintf
NtPrivilegeObjectAuditAlarm
RtlGetAce
RtlAppendUnicodeStringToString
NtSetSecurityObject
RtlReAllocateHeap
RtlOpenCurrentUser
RtlInsertElementGenericTable
RtlInitializeGenericTable
NtOpenFile
RtlNewSecurityObjectWithMultipleInheritance
RtlNewSecurityObjectEx
_wcsicmp
RtlDeleteElementGenericTable
NtAccessCheckByTypeResultListAndAuditAlarmByHandle
wcslen
NtSetInformationThread
NtSetInformationObject
RtlDuplicateUnicodeString
tolower
RtlGetVersion
NtLoadKey
RtlStringFromGUID
NtFsControlFile
RtlSelfRelativeToAbsoluteSD2
RtlImpersonateSelf
RtlAllocateAndInitializeSid
wcstol
RtlSetGroupSecurityDescriptor
RtlDetermineDosPathNameType_U
NtDeviceIoControlFile
RtlFreeUnicodeString
NtAccessCheckByTypeResultList
_chkstk
RtlInitializeHandleTable
RtlSetControlSecurityDescriptor
NlsMbCodePageTag
RtlTimeToSecondsSince1970
RtlCreateSecurityDescriptor
RtlMakeSelfRelativeSD
NtCreateFile
RtlIntegerToUnicodeString
strstr
RtlSubAuthoritySid
RtlDestroyQueryDebugBuffer
RtlAddAccessAllowedAce
NtCompareTokens
RtlAddAccessAllowedAceEx
RtlCreateQueryDebugBuffer
wcscmp
RtlGUIDFromString
NtWaitForMultipleObjects
NtOpenThreadToken
RtlDestroyHandleTable
NtWriteFile
NtQuerySymbolicLinkObject
NtEnumerateKey
RtlAddAccessAllowedObjectAce
NtDeleteKey
RtlAbsoluteToSelfRelativeSD
wcsrchr
NtAccessCheckByType
RtlDeleteSecurityObject
NtQueryPerformanceCounter

kernel32

FormatMessageW
lstrcpynW
SearchPathW
MapViewOfFile
ResetEvent
OpenFile
SetUnhandledExceptionFilter
FindFirstFileW
GetFullPathNameW
GetProfileIntA
GetLongPathNameW
OpenEventW
GetFileSize
FindClose
CreateFileMappingW
GetCurrentProcess
ReadFile
UnhandledExceptionFilter
DeleteCriticalSection
GetDiskFreeSpaceExW
FindFirstFileExW
ReleaseMutex
SetNamedPipeHandleState
SetErrorMode
LoadLibraryExW
lstrcpyA
EnterCriticalSection
GetOverlappedResult
SleepEx
InterlockedExchange
GetFileSizeEx
MultiByteToWideChar
ExpandEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
VirtualAlloc
CreateEventA
lstrcatW
HeapAlloc
ResumeThread
LoadLibraryW
GetModuleHandleW
FindResourceA
WaitNamedPipeW
GetProcAddress
GetLastError
UnmapViewOfFile
CreateEventW
CancelIo
lstrcpyW
GetPrivateProfileIntW
InterlockedDecrement
CreateProcessInternalA
GetSystemWindowsDirectoryW
GetSystemInfo
Sleep
CreateFileA
SetThreadPriority
SizeofResource
GetVolumeInformationW
LoadResource
SetLastError
GetModuleFileNameW
WideCharToMultiByte
GetFileAttributesW
OpenProcess
LocalReAlloc
lstrcmpiW
GetCommandLineW
RaiseException
GetCurrentThread
GetFileAttributesExW
GetLogicalDriveStringsW
CloseHandle
GetComputerNameExW
GetCurrentThreadId
GetSystemTime
LocalFree
GetPriorityClass
GetDriveTypeW
GetDiskFreeSpaceW
GetFullPathNameA
WriteFile
SetEvent
GetCurrentProcessId
DeviceIoControl
LoadLibraryA
CreateThread
OpenMutexW
GetComputerNameA
InterlockedExchangeAdd
ExitThread
GetProcessHeap
GetPrivateProfileStringW
GetModuleHandleExW
CopyFileW
FindNextFileW
LeaveCriticalSection
InterlockedCompareExchange
GetSystemDirectoryW
GetLocalTime
DelayLoadFailureHook
GetFileTime
DuplicateHandle
GetTimeZoneInformation
VirtualFree
ReadProcessMemory
InitializeCriticalSection
GetUserDefaultUILanguage
GetModuleHandleA
FindResourceExW
OutputDebugStringW
FreeLibrary
InterlockedIncrement
SetFilePointer
_lclose
WritePrivateProfileStringW
GetVersionExA
GlobalMemoryStatus
IsBadWritePtr
GetWindowsDirectoryW
CreateFileW
lstrlenW
CreateProcessInternalW
MoveFileW
WaitForMultipleObjectsEx
AreFileApisANSI
GetComputerNameW
EnumUILanguagesW
LocalAlloc
TerminateProcess
DeleteFileW
CompareFileTime
lstrcmpW
CreateFileMappingA
HeapFree
WaitForSingleObject
GetTickCount
ExpandEnvironmentStringsA
lstrlenA
CreateMutexW
GetProfileStringA

Sections

.text
Size: 261KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8c30e39b080ef481a37efce040c03777

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

ntdll

kernel32

Sections

.text Size: 261KB - Virtual size: 261KB

.rsrc Size: 15KB - Virtual size: 14KB

.data Size: 3KB - Virtual size: 7.1MB

.rdata Size: 52KB - Virtual size: 52KB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 261KB - Virtual size: 261KB

.rsrc
Size: 15KB - Virtual size: 14KB

.data
Size: 3KB - Virtual size: 7.1MB

.rdata
Size: 52KB - Virtual size: 52KB

.tls
Size: 512B - Virtual size: 4KB