180f37b1ff8268ac2b95beee6989aba2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

180f37b1ff8268ac2b95beee6989aba2_JaffaCakes118
Size

140KB
MD5

180f37b1ff8268ac2b95beee6989aba2
SHA1

b28b5cc10561162a7a4c082933b25c17a64635b8
SHA256

26304a782bea5264a4846e99027fe7a31a1367e93ca176ba79d46c607d04e599
SHA512

3b1ab132a96caf643b5b0ed20c56fa9d3392103c005b80a56cb763357bc40e0f6b51161a64c9fc00aff6cfd444b6eabb09a2d48a25007a9a9c49f8f4f6a3ea2a
SSDEEP

1536:hNE5cLUr1IZB7E81qjlTtAnu7dsA7EUmCpyC530d4riMJXkuG5CratSuebqA:7E5yUrmelTKnu+Imo1ApM7FratS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
180f37b1ff8268ac2b95beee6989aba2_JaffaCakes118

Files

180f37b1ff8268ac2b95beee6989aba2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

178070020dd2eeae0d65e8855098041a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\You\Each\Software\Licensed\Server.pdb

Imports

kernel32

InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetSystemDirectoryW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
SearchPathW
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DeleteCriticalSection
ResetEvent
CreateTimerQueueTimer
CreateTimerQueue
CreateThread
GetCurrentThread
lstrcmpiW
QueueUserAPC
WaitForSingleObjectEx
DeleteTimerQueueEx
SleepEx
DeleteTimerQueueTimer
CreateEventW
SetEvent
InterlockedIncrement
Sleep
GetLastError
CreateProcessW
OutputDebugStringA
TerminateProcess
WaitForSingleObject
CloseHandle
InterlockedDecrement
ExpandEnvironmentStringsW
LocalFree

user32

RegisterDeviceNotificationW
UnregisterDeviceNotification

advapi32

GetTokenInformation
RegCreateKeyExW
RegSetValueExW
RegOpenKeyW
LookupAccountSidW
OpenThreadToken
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW

msvcrt

memset
tolower

setupapi

SetupDiDestroyDeviceInfoList
SetupDiOpenDeviceInterfaceW
SetupDiGetClassDevsExW
SetupDiEnumDeviceInterfaces
SetupDiOpenDevRegKey
SetupDiCreateDeviceInfoList
SetupDiGetDeviceInterfaceDetailW

rpcrt4

RpcStringFreeW
RpcAsyncInitializeHandle
RpcStringBindingComposeW
RpcAsyncCompleteCall
UuidFromStringW
RpcStringBindingParseW
RpcBindingToStringBindingW
RpcMgmtWaitServerListen
RpcMgmtStopServerListening
RpcServerUnregisterIf
RpcRevertToSelf
RpcImpersonateClient
RpcBindingFree
RpcServerListen
UuidCreate
UuidToStringW
NdrAsyncClientCall
NdrClientCall2
NdrServerCall2
RpcBindingFromStringBindingW
RpcBindingSetAuthInfoExW
RpcServerUseProtseqEpW
RpcServerRegisterIfEx

Exports

Exports

AppropriateIs
DirectlyOrInstancesNeedConsidered
ForThatBeing
ServerIndividuallyTheNot
ToThe
UsersCALsOfYou

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

178070020dd2eeae0d65e8855098041a

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

msvcrt

setupapi

rpcrt4

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 29KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 40KB - Virtual size: 101KB

.rsrc Size: 28KB - Virtual size: 25KB

.reloc Size: 4KB - Virtual size: 688B

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 40KB - Virtual size: 101KB

.rsrc
Size: 28KB - Virtual size: 25KB

.reloc
Size: 4KB - Virtual size: 688B