294627caeae875fbea0f5c11886a4fa5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

294627caeae875fbea0f5c11886a4fa5_JaffaCakes118
Size

127KB
MD5

294627caeae875fbea0f5c11886a4fa5
SHA1

4113a5f29da51f5d7fc104a8956c611ced03b747
SHA256

e8ed65bcb4fdc512ce13cab632bf18e781efe018b4b4b76963653dd64119c611
SHA512

f2de635fd099d99700db30eeef2a854ae1c117cace61bef37342617cec4877789074140cc0e4fdc8ced1c42c32706caf766b4af232aa10d4ea737c14d132e5e3
SSDEEP

3072:KtGIiISMvv5VbkADW2e8NwAMvJHKsAijHFg6ils6Hy:GGIldv5VbkiwnAwW6ils

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
294627caeae875fbea0f5c11886a4fa5_JaffaCakes118

Files

294627caeae875fbea0f5c11886a4fa5_JaffaCakes118
.dll windows:5 windows x86 arch:x86

f6a8404ee9eb1b3d1ece0c99deb95c17

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

eventlog.pdb

Imports

msvcrt

_vsnwprintf
wcslen
memmove
_ltow
wcscmp
wcsncpy
_except_handler3
_wtoi
_local_unwind2
_wcsnicmp
swscanf
mbstowcs
wcstombs
free
_initterm
_adjust_fdiv
malloc
_wcsicmp

ntdll

NtOpenProcess
NtDuplicateObject
RtlFreeUnicodeString
NtQueryInformationFile
NtCreateFile
NtReadFile
NtWriteFile
NtCreateEvent
RtlQueueWorkItem
RtlDeleteSecurityObject
NtNotifyChangeKey
RtlNtStatusToDosError
NtOpenKey
RtlExpandEnvironmentStrings_U
RtlDosPathNameToNtPathName_U
RtlAreAllAccessesGranted
RtlCopyUnicodeString
RtlDeleteResource
RtlDeregisterWait
RtlRegisterWait
NtEnumerateKey
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
RtlEnterCriticalSection
RtlAcquireResourceExclusive
RtlReleaseResource
RtlLeaveCriticalSection
RtlInitUnicodeString
NtQueryValueKey
NtSetValueKey
NtOpenThreadToken
NtClose
RtlAnsiStringToUnicodeString
RtlAcquireResourceShared
RtlLengthSid
RtlTimeToSecondsSince1970
NtQuerySystemTime
NtCreatePort
RtlRaiseStatus
NtCompleteConnectPort
NtAcceptConnectPort
NtReplyWaitReceivePort
RtlCopySecurityDescriptor
NtSetInformationThread
NtAdjustPrivilegesToken
NtDuplicateToken
NtOpenProcessToken
NtPrivilegeObjectAuditAlarm
NtPrivilegeCheck
NtCloseObjectAuditAlarm
NtOpenObjectAuditAlarm
NtAccessCheck
RtlInitializeCriticalSection
RtlInitializeResource
RtlTimeToSecondsSince1980
NtQuerySystemInformation
NtPulseEvent
NtFlushVirtualMemory
NtSetInformationFile
NtUnmapViewOfSection
RtlCompareMemory
NtMapViewOfSection
NtCreateSection
NtQueryAttributesFile
RtlCreateHeap
RtlAllocateHeap
NtExtendSection
RtlDeleteCriticalSection
NtRequestPort
NtQueryInformationToken
RtlConvertSidToUnicodeString
NtOpenFile
RtlSecondsSince1970ToTime
NlsMbCodePageTag
RtlFreeHeap
RtlxUnicodeStringToAnsiSize

kernel32

FormatMessageW
GetSystemInfo
DisableThreadLibraryCalls
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
LoadLibraryA
DelayLoadFailureHook
GetCurrentProcess
FileTimeToSystemTime
SetFileAttributesW
GetLocalTime
AddAtomA
OpenProcess
GetWindowsDirectoryW
lstrcmpiW
InterlockedIncrement
InterlockedDecrement
LocalFree
CreateThread
ExitThread
lstrlenW
CreateTimerQueueTimer
lstrcmpW
DeleteTimerQueueTimer
LoadLibraryW
WaitForSingleObject
GetCurrentThread
CreateTimerQueue
DeleteTimerQueueEx
WaitForMultipleObjects
TerminateThread
CloseHandle
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTickCount
Sleep
GetModuleHandleW
GetProcAddress
GetLastError
CreateEventW
InitAtomTable
DeleteAtom
GlobalAlloc
GetVersionExW
GetSystemDefaultLangID
InterlockedCompareExchange
InterlockedExchange
GetSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
FindAtomA
LoadLibraryExW
GetComputerNameExW
FreeLibrary
SetEvent
GetComputerNameW
GlobalMemoryStatusEx

advapi32

OpenThreadToken
GetTokenInformation
OpenProcessToken
LookupAccountSidW
GetLengthSid
CopySid
RegEnumKeyW
RegOpenKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW
IsValidSecurityDescriptor
IsValidSid
IsWellKnownSid
CheckTokenMembership
SetServiceStatus
RegisterServiceCtrlHandlerW
RegCreateKeyExW
RegDeleteValueW
RegFlushKey
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

user32

MessageBoxW
GetSystemMetrics

rpcrt4

I_RpcBindingIsClientLocal
RpcBindingToStringBindingW
I_RpcMapWin32Status
RpcRevertToSelf
RpcImpersonateClient
RpcStringFreeW
RpcBindingServerFromClient
RpcBindingFree
NdrServerCall2
I_RpcBindingInqLocalClientPID
RpcServerRegisterIfEx
RpcServerUseProtseqEpW
RpcStringBindingParseW

ws2_32

gethostbyaddr
WSAStartup
inet_addr
WSACleanup

psapi

GetModuleFileNameExW

Exports

Exports

SvcEntry_Eventlog

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f6a8404ee9eb1b3d1ece0c99deb95c17

Headers

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

advapi32

user32

rpcrt4

ws2_32

psapi

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 59KB

.data Size: 61KB - Virtual size: 61KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 60KB - Virtual size: 59KB

.data
Size: 61KB - Virtual size: 61KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB