25224148516a110da32c8ae81e7cdfa5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

25224148516a110da32c8ae81e7cdfa5_JaffaCakes118
Size

123KB
MD5

25224148516a110da32c8ae81e7cdfa5
SHA1

ec80f26621678d1b83a260b9328295610145f724
SHA256

615d8d49f053528f3f191be8b31027094b817878cebf265daab55cb0bf03d60b
SHA512

7152d20434858ced585306b1336ea4e8f1863212413f0c25f202aa8d468bdb37a728025ece36c8061011afbb217b93349cb668091d918357bda729c782b196f3
SSDEEP

3072:nHnkeuuN7FejvAjBd/D/o2jEjLecuUa0sE8+pd:HnDNFeCBNDVc40nvpd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25224148516a110da32c8ae81e7cdfa5_JaffaCakes118

Files

25224148516a110da32c8ae81e7cdfa5_JaffaCakes118
.dll windows:6 windows x86 arch:x86

b1c3bccc3487b1852fecc5251ffc206a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

aclui.pdb

Imports

msvcrt

memcpy
memset
_vsnwprintf
_itow_s
iswspace
wcsrchr
_XcptFilter
malloc
free
_initterm
_amsg_exit
_except_handler4_common
wcsncmp

ntdll

NtOpenProcessToken
NtOpenThreadToken
WinSqmAddToStream
WinSqmIncrementDWORD
RtlCreateUnicodeString
RtlFreeUnicodeString
WinSqmSetDWORD
WinSqmSetString
WinSqmStartSession
WinSqmIsOptedIn
WinSqmEndSession
RtlLengthSid
RtlNtStatusToDosError
RtlEqualUnicodeString
RtlInitUnicodeString
NtQueryInformationToken
RtlGetNtProductType
NtClose

kernel32

FreeLibraryAndExitThread
GetModuleHandleW
FreeLibrary
CreateThread
LoadLibraryW
GlobalUnlock
GlobalLock
CheckElevationEnabled
WaitForSingleObject
lstrlenW
SetLastError
InterlockedIncrement
lstrcmpiW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetTickCount
InterlockedDecrement
InitializeCriticalSection
DelayLoadFailureHook
GetProcAddress
InterlockedCompareExchange
LoadLibraryExA
InterlockedExchange
Sleep
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LockResource
LoadResource
FindResourceW
FormatMessageW
GetCurrentThread
GetCurrentProcess
CloseHandle
CompareStringW
GetLastError
DisableThreadLibraryCalls
LocalFree
LocalAlloc
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
RegCloseKey
ExpandEnvironmentStringsA
RegQueryValueExA
RegOpenKeyExA
LoadLibraryA
GetModuleFileNameW

user32

ShowScrollBar
ReleaseDC
DrawFocusRect
GetSysColor
FrameRect
GetSysColorBrush
GetDC
InflateRect
SetScrollInfo
CallWindowProcW
OffsetRect
LoadImageW
RegisterClassW
LoadBitmapW
GetWindow
DrawTextW
GetWindowTextW
SystemParametersInfoW
UnregisterClassW
GetDlgItemTextW
SendDlgItemMessageW
DestroyWindow
GetDesktopWindow
LoadCursorW
SetCursor
MoveWindow
GetScrollInfo
SetScrollPos
ScrollWindow
GetClientRect
GetSystemMetrics
CheckDlgButton
GetWindowLongW
IsWindowEnabled
IsDlgButtonChecked
SetWindowLongW
MessageBoxW
GetWindowRect
MapWindowPoints
SetWindowPos
SetWindowTextW
IsWindowVisible
ShowWindow
GetParent
PostMessageW
GetFocus
SetFocus
EnableWindow
DialogBoxParamW
EndDialog
LoadIconW
GetDlgItem
SendMessageW
LoadStringW
RegisterWindowMessageW
RegisterClipboardFormatW
GetDlgCtrlID
DestroyIcon
MapDialogRect
CreateWindowExW
SetDlgItemTextW
DefWindowProcW

gdi32

CreateFontIndirectW
GetObjectW
DeleteObject
SetBkMode
SetTextColor
SelectObject
SetBkColor

shlwapi

PathAppendW
StrRChrW
StrChrW

advapi32

GetSecurityDescriptorControl
GetSidSubAuthority
IsValidSecurityDescriptor
IsValidAcl
OpenThreadToken
DuplicateTokenEx
AdjustTokenPrivileges
SetThreadToken
InitializeAcl
LsaClose
LsaFreeMemory
LsaQueryInformationPolicy
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorSacl
IsValidSid
GetSecurityDescriptorOwner
GetTokenInformation
OpenProcessToken
SetSecurityDescriptorOwner
LsaOpenPolicy
GetSidSubAuthorityCount
IsWellKnownSid
DeleteAce
LookupAccountNameW
GetSecurityDescriptorSacl
GetLengthSid
ConvertSidToStringSidW
CopySid
LsaLookupSids
GetWindowsAccountDomainSid
LookupAccountSidW
EqualSid
EqualPrefixSid

ole32

CoCreateInstance
ReleaseStgMedium
CoInitialize
CoCreateGuid
CoUninitialize

oleaut32

SafeArrayAccessData
SysReAllocStringLen
SafeArrayUnaccessData
SysAllocString
SysAllocStringLen
SysFreeString

shell32

ord6
ord258
ord259

ntdsapi

DsCrackNamesW
DsBindWithSpnExW
DsUnBindW
DsMakeSpnW
DsFreeNameResultW

Exports

Exports

CreateSecurityPage
EditSecurity
EditSecurityAdvanced
IID_ISecurityInformation

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b1c3bccc3487b1852fecc5251ffc206a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

user32

gdi32

shlwapi

advapi32

ole32

oleaut32

shell32

ntdsapi

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 96KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 18KB - Virtual size: 17KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 96KB - Virtual size: 96KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 18KB - Virtual size: 17KB

.reloc
Size: 6KB - Virtual size: 5KB