17203193e813ca88b5871450d1d39d26_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

17203193e813ca88b5871450d1d39d26_JaffaCakes118
Size

164KB
MD5

17203193e813ca88b5871450d1d39d26
SHA1

1152fabae3b2b5c0b06d987a5bcb58285cf36e1c
SHA256

725bcc7c97d12a5ba7a3dca1de5fddf26e0ce0cba680254c84c8345c10a65b19
SHA512

13c8c550d102e15044e36ebfc264f6e55336d5077f76ae4d9d26e60edba32f2450751f99133e7a35ca5669bb878a0cb7e970610d186a7d04cf926cd0477d3686
SSDEEP

3072:LI1PRTz1XA0MJaydglesfp6+hr0KGBH+T7Li3LmxsP/oa:ePRTzJdydglY+hr0vH+Goa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17203193e813ca88b5871450d1d39d26_JaffaCakes118

Files

17203193e813ca88b5871450d1d39d26_JaffaCakes118
.dll windows:5 windows x86 arch:x86

1ea5c54bdd6b41818e8f7ea19429c946

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

appmgmts.pdb

Imports

adsldpc

BuildADsParentPath
ADSIGetColumn
ADsEncodeBinaryData
ADSIGetFirstRow
ADSIFreeColumn
ADSIGetNextRow
ADSISetSearchPreference
ADSIExecuteSearch
ADSICloseSearchHandle
ADSISetObjectAttributes
ADSIGetObjectAttributes
ADSIOpenDSObject
BuildADsPathFromParent
ADSICloseDSObject
ADSIDeleteDSObject
ADSICreateDSObject
FreeADsMem

advapi32

DuplicateTokenEx
ImpersonateLoggedOnUser
RegOpenCurrentUser
RevertToSelf
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
OpenThreadToken
EqualSid
OpenProcessToken
GetTokenInformation
CopySid
OpenEventLogW
ReportEventW
CloseEventLog
ConvertStringSidToSidW
ConvertSidToStringSidW
CheckTokenMembership
GetUserNameW
DuplicateToken
RegEnumKeyW
AddAccessAllowedAce
GetAce
SetFileSecurityW
DeleteAce
RegisterServiceCtrlHandlerW
SetServiceStatus
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAceEx
InitializeSecurityDescriptor
RegDeleteValueW
FreeSid
SetSecurityDescriptorDacl
RegDeleteKeyW
RegCreateKeyExW

kernel32

GetLastError
lstrcpynW
lstrcmpiW
GetCurrentThread
WaitForSingleObject
CreateThread
CreateEventW
lstrcmpW
DeleteFileW
CopyFileW
lstrcatW
GetTempPathW
FileTimeToSystemTime
CompareFileTime
GetSystemTime
FindClose
FindFirstFileW
CloseHandle
ResetEvent
SetEvent
DisableThreadLibraryCalls
GetSystemDefaultLangID
WriteFile
SetEndOfFile
CreateFileW
InitializeCriticalSection
SetFileAttributesW
CreateDirectoryW
GetFileAttributesW
FindNextFileW
GetSystemDirectoryW
GetSystemInfo
GetComputerNameW
GetProcAddress
LoadLibraryW
FreeLibrary
MoveFileExW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
FreeLibraryAndExitThread
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
MoveFileW
GetFileAttributesExW
ExpandEnvironmentStringsW
SetFilePointer
OutputDebugStringW
GetLocalTime
FormatMessageW
lstrlenW
GetUserDefaultLCID
InterlockedDecrement
InterlockedIncrement
IsBadWritePtr
IsBadStringPtrW
IsBadReadPtr
SystemTimeToFileTime
GetFileSize
ReadFile
CompareStringW
lstrcpyW
LocalFree
LocalAlloc
DebugBreak
GetVersionExW

msvcrt

_purecall
wcsrchr
_vsnwprintf
swprintf
wcslen
wcsncmp
wcscpy
_onexit
wcscmp
wcstoul
_wcslwr
_wcsicmp
wcscat
wcsncpy
_wcsnicmp
swscanf
free
_initterm
malloc
_adjust_fdiv
__dllonexit
_except_handler3
wcschr

ntdll

RtlConvertSidToUnicodeString
RtlFreeUnicodeString
RtlInitUnicodeString
RtlUnicodeStringToInteger
RtlNtStatusToDosError
RtlEnterCriticalSection
RtlLeaveCriticalSection

oleaut32

SysAllocString
SysFreeString
SysStringLen
SysAllocStringLen
VariantInit
VariantClear
SafeArrayCreate
SafeArrayPutElement

rpcrt4

RpcRaiseException
I_RpcBindingInqTransportType
RpcImpersonateClient
RpcServerRegisterIfEx
RpcServerUseProtseqEpW
RpcServerUnregisterIf
UuidCreate
NdrServerCall2

userenv

GetAppliedGPOListW
ForceSyncFgPolicy
RsopSetPolicySettingStatus
RsopAccessCheckByType
EnterCriticalPolicySection
LeaveCriticalPolicySection
RsopResetPolicySettingStatus
FreeGPOListW

Exports

Exports

CsCreateClassStore
CsEnumApps
CsGetAppCategories
CsGetClassAccess
CsGetClassStore
CsGetClassStorePath
CsRegisterAppCategory
CsUnregisterAppCategory
GenerateGroupPolicy
IID_IClassAdmin
ProcessGroupPolicyObjectsEx
ReleaseAppCategoryInfoList
ReleasePackageDetail
ReleasePackageInfo
ServiceMain

Sections

.text
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ea5c54bdd6b41818e8f7ea19429c946

Headers

File Characteristics

PDB Paths

Imports

adsldpc

advapi32

kernel32

msvcrt

ntdll

oleaut32

rpcrt4

userenv

Exports

Exports

Sections

.text Size: 119KB - Virtual size: 119KB

.data Size: 1024B - Virtual size: 840B

.rsrc Size: 37KB - Virtual size: 37KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 119KB - Virtual size: 119KB

.data
Size: 1024B - Virtual size: 840B

.rsrc
Size: 37KB - Virtual size: 37KB

.reloc
Size: 5KB - Virtual size: 4KB