28502614453873c3778d6c65f2decdaf_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

28502614453873c3778d6c65f2decdaf_JaffaCakes118
Size

2.8MB
MD5

28502614453873c3778d6c65f2decdaf
SHA1

50c41acd37bc3709ccfe1d23cf816b220eb5c17d
SHA256

210e5253c61ecf12ff9e8ba186db8b3381cb15d42e8afe493e7ea7781371854e
SHA512

2412700a9ab1c5525b65249d5624591da25189ebda91ce9667954e7411e66f868b22ce8fefe18faea9a54dadd054c2f3a17d266322a27d7639b16f6aae5f0947
SSDEEP

49152:8HAaxKbq9sa0DYZ+/Sq0Osehf28ZZZZZdNEcwRZZFZMZJZd2Z8Z9KZSKZLZZF03B:lC6XqOkm1duihF9WU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28502614453873c3778d6c65f2decdaf_JaffaCakes118

Files

28502614453873c3778d6c65f2decdaf_JaffaCakes118
.exe windows:6 windows x86 arch:x86

b1cf9da3c229ede72b625108005108cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\VSProjects\BlueTeam\NacGuard\Debug\w1nhttps.pdb

Imports

advapi32

RegQueryInfoKeyW
RegOpenKeyW
RegCreateKeyW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW
ControlServiceExW
StartServiceW
QueryServiceStatusEx
QueryServiceConfigW
EnumServicesStatusExW
DeleteService
CreateProcessAsUserW
OpenProcessToken
AdjustTokenPrivileges
DuplicateTokenEx
GetLengthSid
SetTokenInformation
LookupPrivilegeValueW
ConvertStringSidToSidW
GetTokenInformation
LookupAccountSidW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegFlushKey
CloseServiceHandle
OpenSCManagerW
OpenServiceW
QueryServiceStatus
SetEntriesInAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
RegCreateKeyA
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyValueW
ChangeServiceConfigW
CreateServiceW

setupapi

CM_Get_Parent
CM_Get_Device_ID_Size
CM_Get_Device_IDW
SetupDiGetClassDevsW
SetupDiGetDeviceInstanceIdA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

dbghelp

MiniDumpWriteDump

crypt32

CertFreeCertificateContext

ws2_32

inet_ntoa
gethostname
WSACleanup
WSAStartup
htonl
ntohl
gethostbyname
inet_pton
inet_ntop

shlwapi

PathFileExistsW
PathFileExistsA

winhttp

WinHttpWriteData
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpCloseHandle
WinHttpOpen
WinHttpCrackUrl
WinHttpQueryOption
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpConnect
WinHttpQueryHeaders

iphlpapi

SendARP
GetAdaptersAddresses

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

user32

UnregisterDeviceNotification
wsprintfW
GetSystemMetrics
OpenInputDesktop
CloseDesktop
UnregisterClassW

ole32

CoCreateGuid
CoTaskMemFree

shell32

SHGetKnownFolderPath
ShellExecuteW

wtsapi32

WTSFreeMemory
WTSFreeMemoryExW
WTSQuerySessionInformationW
WTSEnumerateSessionsExW
WTSQueryUserToken
WTSEnumerateProcessesW

kernel32

HeapDestroy
GetFullPathNameA
FormatMessageW
FindResourceExW
SetEndOfFile
SetEnvironmentVariableA
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFullPathNameW
GetFileInformationByHandle
FileTimeToLocalFileTime
SetStdHandle
FlushFileBuffers
CreateProcessA
DosDateTimeToFileTime
GetStringTypeW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
VirtualQuery
HeapAlloc
GetModuleFileNameA
HeapQueryInformation
HeapSize
HeapReAlloc
HeapFree
SetFilePointerEx
FileTimeToDosDateTime
GetExitCodeProcess
LocalFileTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FindFirstFileExW
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetProcessHeap
OutputDebugStringA
WaitForSingleObjectEx
OutputDebugStringW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
SetConsoleCtrlHandler
GetCurrentThread
HeapValidate
GetSystemTimeAsFileTime
ExitThread
WaitForSingleObject
CreateFileW
CloseHandle
SetUnhandledExceptionFilter
SetErrorMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
ReadFile
GetLastError
CreatePipe
PeekNamedPipe
SetEvent
CreateEventW
TerminateProcess
CreateProcessW
GetStartupInfoW
ProcessIdToSessionId
GetTickCount
WaitForMultipleObjects
FileTimeToSystemTime
CreateFileA
GetDiskFreeSpaceExA
GetLogicalDrives
DeviceIoControl
QueryDosDeviceA
DeleteFileW
GetFileTime
SetFileTime
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
TerminateThread
GetExitCodeThread
SuspendThread
ResumeThread
MultiByteToWideChar
WideCharToMultiByte
LockFile
SetFilePointer
UnlockFile
WriteFile
LocalFree
FormatMessageA
GetSystemTime
GetLocalTime
GetTempPathW
GetFileSizeEx
InitializeCriticalSection
OpenProcess
IsWow64Process
GetModuleHandleA
GetProcAddress
QueryFullProcessImageNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
K32GetModuleBaseNameW
VerSetConditionMask
DefineDosDeviceW
VirtualAlloc
VirtualFree
VerifyVersionInfoW
GetSystemInfo
GetVersionExW
FreeLibrary
GetModuleHandleW
LoadLibraryW
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
LoadLibraryExW
LoadResource
LockResource
SizeofResource
FindResourceW
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
GlobalAlloc
GlobalFree
lstrcmpiW
GetSystemDirectoryW
GetWindowsDirectoryW
GetSystemWow64DirectoryW
CreateDirectoryW
FindClose
FindFirstFileW
FindNextFileW
RemoveDirectoryW
CopyFileW
MoveFileExW
CreateDirectoryA
GetFileAttributesW
GetFileAttributesExW
SetLastError
DeleteFileA
MoveFileExA
Sleep
RtlUnwind
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
AreFileApisANSI
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
GetStdHandle
GetFileType
WriteConsoleW
GetCommandLineW
FatalAppExitA
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateSemaphoreW
CreateThread

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock
ExpandEnvironmentStringsForUserA

Sections

.textbss
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 303KB - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 330KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b1cf9da3c229ede72b625108005108cb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

setupapi

dbghelp

crypt32

ws2_32

shlwapi

winhttp

iphlpapi

version

user32

ole32

shell32

wtsapi32

kernel32

userenv

Sections

.textbss Size: - Virtual size: 1.0MB

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 303KB - Virtual size: 303KB

.data Size: 15KB - Virtual size: 36KB

.idata Size: 11KB - Virtual size: 10KB

.rsrc Size: 330KB - Virtual size: 329KB

.reloc Size: 77KB - Virtual size: 76KB

.textbss
Size: - Virtual size: 1.0MB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 303KB - Virtual size: 303KB

.data
Size: 15KB - Virtual size: 36KB

.idata
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 330KB - Virtual size: 329KB

.reloc
Size: 77KB - Virtual size: 76KB