139b1bd6c9be5ea5b8295ead6b1ced99_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

139b1bd6c9be5ea5b8295ead6b1ced99_JaffaCakes118
Size

318KB
MD5

139b1bd6c9be5ea5b8295ead6b1ced99
SHA1

d199b1b33bc3faaf277cfe89f15121def4ec17d3
SHA256

a79b81960ddcc14cd3d89a3b15e498225d2c857ce2415174ae7685484877da33
SHA512

015aa9565fa592cf352aa5b7da8ab48894a553a290f636d1cbe25587ea39bdf1498d8ce15384243d56f1032507d9fef3c01f015b5d6f622fb9555f420996125b
SSDEEP

6144:IFdX6+LwcKaSqKVtOLe5WaH0LH9wfJIOm0b8KIJqz0i0YRT9b:AZNMcJSf/OLe5WaH0LH9wfJI3KBht

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
139b1bd6c9be5ea5b8295ead6b1ced99_JaffaCakes118

Files

139b1bd6c9be5ea5b8295ead6b1ced99_JaffaCakes118
.dll windows:6 windows x86 arch:x86

35737a95e99e8c326e6ece795fc0550a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

WwanSvc.pdb

Imports

msvcrt

wcsncmp
_wcsicmp
iswdigit
qsort_s
wcschr
??2@YAPAXI@Z
strncmp
_except_handler4_common
_wcsnicmp
memmove
wcscpy_s
bsearch_s
memcpy_s
wcsstr
wcsrchr
memset
memcpy
??3@YAXPAX@Z
_amsg_exit
_initterm
free
malloc
_XcptFilter
_ftol2
_vsnwprintf
iswalnum

ntdll

WinSqmIncrementDWORD
WinSqmAddToStream
RtlInitUnicodeString
NtOpenFile
RtlNtStatusToDosError
EtwTraceMessage

kernel32

InterlockedIncrement
CloseHandle
UnregisterWait
CreateEventW
WaitForSingleObject
WaitForMultipleObjects
GetTickCount64
SetLastError
FreeLibrary
GetProcAddress
LoadLibraryW
VirtualAlloc
GetTickCount
InterlockedExchange
GetProcessHeap
QueryPerformanceCounter
SetEvent
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
CreateThreadpoolCleanupGroup
CreateThreadpoolWork
HeapFree
EncodePointer
DecodePointer
InitializeCriticalSection
GlobalFree
InterlockedDecrement
EnterCriticalSection
GetSystemWindowsDirectoryW
LeaveCriticalSection
GetLastError
Sleep
GetVersionExW
DisableThreadLibraryCalls
InitializeCriticalSectionAndSpinCount
VirtualProtect
GetCurrentThreadId
HeapAlloc
GlobalAlloc
SubmitThreadpoolWork
CallbackMayRunLong
GetCurrentThread
CreateDirectoryW
GetFileAttributesW
SetFileAttributesW
ReadFile
WriteFile
MoveFileW
ReplaceFileW
DeleteFileW
CreateTimerQueue
DeleteTimerQueueEx
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
RaiseException
lstrcmpW
InterlockedCompareExchange
LocalFree
DeviceIoControl
CreateFileW

ole32

CoUninitialize
StringFromGUID2
CoInitializeEx
CoSetProxyBlanket
CoCreateInstance

advapi32

EventRegister
RegDeleteKeyW
CreateWellKnownSid
OpenThreadToken
GetTokenInformation
EqualSid
CheckTokenMembership
EventEnabled
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
RegEnumKeyExW
RegQueryValueExW
RegisterServiceCtrlHandlerExW
EventWrite
EventUnregister
SetServiceStatus
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
TraceMessage
RegSetValueExW

user32

ReleaseDC
GetDC
GetActiveWindow
GetIconInfo
LoadStringW
LoadImageW
UnregisterDeviceNotification
RegisterDeviceNotificationW

rpcrt4

RpcEpUnregister
UuidFromStringW
RpcServerUnregisterIfEx
RpcServerListen
RpcStringFreeW
RpcServerInqDefaultPrincNameW
RpcServerRegisterAuthInfoW
RpcServerRegisterIfEx
RpcEpRegisterW
RpcServerInqBindings
RpcBindingVectorFree
RpcAsyncCompleteCall
RpcRevertToSelfEx
RpcServerUnsubscribeForNotification
RpcServerSubscribeForNotification
UuidToStringW
I_RpcExceptionFilter
NdrClientCall2
RpcBindingFree
RpcBindingSetAuthInfoW
RpcMgmtInqServerPrincNameW
RpcBindingSetOption
RpcBindingFromStringBindingW
NdrServerCall2
NdrAsyncServerCall
RpcImpersonateClient
RpcRevertToSelf
RpcStringBindingComposeW
RpcServerUseProtseqW
UuidCreate

wmi

WmiNotificationRegistrationW

oleaut32

VariantInit
SysStringLen
SysFreeString
SysAllocString
VariantClear

shell32

SHGetFolderPathW

setupapi

SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiOpenDevRegKey

crypt32

CryptUnprotectData
CryptProtectData

gdi32

GetBitmapBits
DeleteObject
GetDIBits
GetObjectW

Exports

Exports

ServiceMain
WwanSvcMain

Sections

.text
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

35737a95e99e8c326e6ece795fc0550a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

ole32

advapi32

user32

rpcrt4

wmi

oleaut32

shell32

setupapi

crypt32

gdi32

Exports

Exports

Sections

.text Size: 148KB - Virtual size: 148KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 157KB - Virtual size: 157KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 148KB - Virtual size: 148KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 157KB - Virtual size: 157KB

.reloc
Size: 9KB - Virtual size: 9KB