17e2a17dcf075edffc5078be4d510524_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

17e2a17dcf075edffc5078be4d510524_JaffaCakes118
Size

244KB
MD5

17e2a17dcf075edffc5078be4d510524
SHA1

827edd62846ca8dc747b8f02fad6edd46b9ae6ee
SHA256

f7143390c9563b14f32565457909d5719a2a11339d106aa7c342e828f57e83f3
SHA512

551c64513a8abcf8901f8253287ed35af41d8cdbbab4e9d536a1c6e8a3b0da6cd34e2c0791cbb6ef4f87fa4fb43a1d3acd71945caf16bb83a743b5b445938d1c
SSDEEP

6144:5lnl+JRQOlShIQBw9yq0BUoADVXnFwy6B:rnC2QDAIXk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17e2a17dcf075edffc5078be4d510524_JaffaCakes118

Files

17e2a17dcf075edffc5078be4d510524_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

9f8e0969a00b5475489305a765e8f597

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

scecli.pdb

Imports

msvcrt

wcsstr
_vsnwprintf
_except_handler3
_wcsnicmp
wcscpy
_resetstkoflw
wcsncpy
wcslen
_wcsicmp
??3@YAXPAX@Z
swprintf
wcscat
wcschr
wcsncmp
_wcsupr
wcsncat
fclose
_wfopen
wcscmp
malloc
_adjust_fdiv
_initterm
free
??2@YAPAXI@Z
towlower
__CxxFrameHandler
_wtol
_itow
_wfindnext
_wfindfirst
_findclose
memmove

ntdll

RtlNtStatusToDosError
RtlGetControlSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlFreeSid
RtlAllocateAndInitializeSid
RtlMapGenericMask
RtlGetAce
NtAdjustPrivilegesToken
RtlTimeToTimeFields
RtlSystemTimeToLocalTime
NtQuerySystemTime
RtlCopySid
RtlLengthSid
RtlSubAuthoritySid
RtlSubAuthorityCountSid
RtlIdentifierAuthoritySid
NtQueryInformationToken
RtlGetNtProductType
RtlLengthRequiredSid
RtlFreeUnicodeString
RtlConvertSidToUnicodeString
RtlInitUnicodeString
RtlValidSid
RtlEqualSid
RtlRandomEx
RtlMakeSelfRelativeSD
RtlLengthSecurityDescriptor
NtQueryInformationProcess
RtlAllocateHeap
RtlFreeHeap
RtlImageNtHeader
NtQueryObject
RtlTimeToSecondsSince1980
DbgPrint

advapi32

RevertToSelf
LsaQueryDomainInformationPolicy
LsaSetDomainInformationPolicy
RegEnumKeyExW
ImpersonateLoggedOnUser
GetNamedSecurityInfoW
SetNamedSecurityInfoW
GetSecurityDescriptorDacl
AllocateAndInitializeSid
LsaRemoveAccountRights
RegDeleteKeyW
ConvertStringSidToSidW
LsaLookupSids
OpenSCManagerW
EnumServicesStatusW
LsaClose
FreeSid
LsaOpenPolicy
LsaQueryInformationPolicy
LsaLookupNames2
LsaFreeMemory
OpenServiceW
QueryServiceConfigW
QueryServiceObjectSecurity
CloseServiceHandle
RegOpenCurrentUser
ReportEventW
DeregisterEventSource
RegisterEventSourceW
OpenThreadToken
OpenProcessToken
DuplicateToken
CheckTokenMembership
EqualSid
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW

kernel32

GetEnvironmentStringsW
FreeEnvironmentStringsW
GetPrivateProfileStringW
Sleep
GetPrivateProfileSectionW
ReadFile
WideCharToMultiByte
WritePrivateProfileSectionW
WritePrivateProfileStringW
GetEnvironmentVariableW
GetTickCount
DeleteFileW
CopyFileW
GetFileAttributesW
FormatMessageW
lstrlenW
CompareStringW
CreateFileW
SetFilePointer
SetLastError
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetSystemWindowsDirectoryW
CreateDirectoryW
LoadLibraryW
GetProcAddress
FreeLibrary
FindResourceW
LoadResource
lstrcatW
lstrcpyW
GetModuleHandleW
GetVolumeInformationW
GetDriveTypeW
GetFileSize
SetFileAttributesW
ExitThread
FreeLibraryAndExitThread
CreateThread
LeaveCriticalSection
WaitForSingleObject
EnterCriticalSection
GetCurrentThreadId
QueueUserWorkItem
WaitForSingleObjectEx
OpenEventW
InitializeCriticalSection
DeleteCriticalSection
InterlockedCompareExchange
LoadLibraryA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LocalFree
GetLastError
CloseHandle
GetCurrentProcess
GetCurrentThread
WriteFile
DelayLoadFailureHook
GetComputerNameExW
LocalAlloc
GetComputerNameW
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
GetPrivateProfileIntW
LockResource

rpcrt4

I_RpcExceptionFilter
RpcBindingSetAuthInfoW
NdrClientCall2
NdrServerCall2
RpcStringFreeW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcBindingFree

setupapi

SetupFindNextLine
SetupGetFieldCount
SetupGetStringFieldW
SetupFindFirstLineW
SetupGetLineCountW
SetupOpenInfFileW
SetupCloseInfFile
SetupGetIntField
SetupGetMultiSzFieldW

user32

LoadStringW
wsprintfW

netapi32

NetLocalGroupAddMembers

userenv

ProcessGroupPolicyCompletedEx
GetProfilesDirectoryW

Exports

Exports

DeltaNotify
DllRegisterServer
DllUnregisterServer
InitializeChangeNotify
SceAddToNameList
SceAddToNameStatusList
SceAddToObjectList
SceAnalyzeSystem
SceAppendSecurityProfileInfo
SceBrowseDatabaseTable
SceCloseProfile
SceCommitTransaction
SceCompareNameList
SceCompareSecurityDescriptors
SceConfigureConvertedFileSecurity
SceConfigureSystem
SceCopyBaseProfile
SceCreateDirectory
SceDcPromoCreateGPOsInSysvol
SceDcPromoCreateGPOsInSysvolEx
SceDcPromoteSecurity
SceDcPromoteSecurityEx
SceEnforceSecurityPolicyPropagation
SceEnumerateServices
SceFreeMemory
SceFreeProfileMemory
SceGenerateGroupPolicy
SceGenerateRollback
SceGetAnalysisAreaSummary
SceGetAreas
SceGetDatabaseSetting
SceGetDbTime
SceGetObjectChildren
SceGetObjectSecurity
SceGetScpProfileDescription
SceGetSecurityProfileInfo
SceGetServerProductType
SceGetTimeStamp
SceIsSystemDatabase
SceLookupPrivRightName
SceNotifyPolicyDelta
SceOpenPolicy
SceOpenProfile
SceProcessEFSRecoveryGPO
SceProcessSecurityPolicyGPO
SceProcessSecurityPolicyGPOEx
SceRegisterRegValues
SceRollbackTransaction
SceSetDatabaseSetting
SceSetupBackupSecurity
SceSetupConfigureServices
SceSetupGenerateTemplate
SceSetupMoveSecurityFile
SceSetupRootSecurity
SceSetupSystemByInfName
SceSetupUnwindSecurityFile
SceSetupUpdateSecurityFile
SceSetupUpdateSecurityKey
SceSetupUpdateSecurityService
SceStartTransaction
SceSvcConvertSDToText
SceSvcConvertTextToSD
SceSvcFree
SceSvcGetInformationTemplate
SceSvcQueryInfo
SceSvcSetInfo
SceSvcSetInformationTemplate
SceSvcUpdateInfo
SceSysPrep
SceUpdateObjectInfo
SceUpdateSecurityProfile
SceWriteSecurityProfileInfo

Sections

.text
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f8e0969a00b5475489305a765e8f597

Headers

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

advapi32

kernel32

rpcrt4

setupapi

user32

netapi32

userenv

Exports

Exports

Sections

.text Size: 149KB - Virtual size: 149KB

.data Size: 62KB - Virtual size: 65KB

.rsrc Size: 24KB - Virtual size: 23KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 149KB - Virtual size: 149KB

.data
Size: 62KB - Virtual size: 65KB

.rsrc
Size: 24KB - Virtual size: 23KB

.reloc
Size: 7KB - Virtual size: 7KB