539953c29be105734512c79174eb9f35_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

539953c29be105734512c79174eb9f35_JaffaCakes118
Size

335KB
MD5

539953c29be105734512c79174eb9f35
SHA1

d40d86c6d221add1a42399b13db7ad598fa1ec4a
SHA256

4b2e53d531dc5b71b16c74ee9cf3ad174a460bc5621438d33d1a99c50fa0ab6e
SHA512

d0c331dee930529548e63674574b6f8b4fe69f628eef8b66760ddc418980649562a36c7f63fde9c80a611dd9793f1451e212283ed8f088b9f8da5edcec25f070
SSDEEP

6144:+SlUg2b3tGAW5qFMpiw7TrBSnEGP87qoM0+:HlUg2b3tAqFMpi6lSnEGcW0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
539953c29be105734512c79174eb9f35_JaffaCakes118

Files

539953c29be105734512c79174eb9f35_JaffaCakes118
.dll windows:5 windows x86 arch:x86

812faf13064e3bfc6517e9f85a85745a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

termsrv.pdb

Imports

msvcrt

_stricmp
sprintf
memmove
_snwprintf
_purecall
qsort
strncpy
setlocale
_mbslen
mbstowcs
time
gmtime
mktime
??3@YAXPAX@Z
??2@YAPAXI@Z
free
_initterm
_adjust_fdiv
malloc
wcschr
swprintf
wcsncpy
wcslen
wcscat
_wcsnicmp
_except_handler3
wcscmp
_vsnwprintf
_wcsicmp
wcscpy
wcspbrk

ntdll

RtlEqualSid
RtlAdjustPrivilege
RtlInitializeCriticalSection
NtTerminateProcess
NtQueryMutant
NtReleaseMutant
NtWaitForSingleObject
NtCreateMutant
NtQueryInformationProcess
NtDuplicateToken
NtSetInformationThread
RtlpNtEnumerateSubKey
NtRequestPort
NtConnectPort
NtSetEvent
RtlEnterCriticalSection
RtlAllocateHeap
RtlFreeHeap
RtlLeaveCriticalSection
RtlAcquireResourceExclusive
RtlReleaseResource
RtlInitUnicodeString
NtOpenKey
NtQueryValueKey
NtClose
VerSetConditionMask
RtlCreateEnvironment
NtQuerySystemTime
NtCreateEvent
RtlInitializeResource
RtlDeleteElementGenericTable
RtlInsertElementGenericTable
RtlCompareMemory
RtlLookupElementGenericTable
RtlEnumerateGenericTable
RtlDeleteCriticalSection
RtlInitializeGenericTable
NtWaitForMultipleObjects
DbgPrint
NtQuerySystemInformation
NtResetEvent
NtOpenProcess
RtlPrefixUnicodeString
DbgBreakPoint
NtDelayExecution
RtlAcquireResourceShared
NtFreeVirtualMemory
NtAllocateVirtualMemory
RtlCopySid
RtlLengthSid
NtQueryInformationToken
NtOpenProcessToken
NtDeviceIoControlFile
NtOpenThreadToken
RtlLengthRequiredSid
NtCompleteConnectPort
NtAcceptConnectPort
NtCreateSection
NtReplyPort
NtReplyWaitReceivePort
NtRequestWaitReplyPort
RtlFreeUnicodeString
NtCreatePort
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlQueryRegistryValues
RtlExtendedLargeIntegerDivide
NtSetTimer
NtCreateTimer
RtlCopySecurityDescriptor
RtlNtStatusToDosError
RtlDeleteAce
RtlGetAce
RtlQueryInformationAcl
RtlGetDaclSecurityDescriptor
RtlMapGenericMask
RtlCreateUserSecurityObject
RtlSetDaclSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
RtlCreateSecurityDescriptor
RtlWriteRegistryValue
RtlCreateRegistryKey
RtlLengthSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
NtSetSecurityObject
NtQuerySecurityObject
NtOpenSymbolicLinkObject
NtQueryDirectoryObject
NtCreateDirectoryObject
RtlFreeSid
RtlAllocateAndInitializeSid
RtlIntegerToUnicodeString
RtlAppendUnicodeToString
NtQueryObject
NtDuplicateObject

icaapi

IcaStackCallback
IcaStackQueryLocalAddress
IcaStackConnectionWait
IcaStackConnectionRequest
IcaStackConnectionAccept
_IcaStackIoControl
IcaStackUnlock
IcaStackReconnect
IcaStackTerminate
IcaStackIoControl
IcaChannelClose
IcaPushConsoleStack
IcaChannelOpen
IcaChannelIoControl
IcaStackConnectionClose
IcaStackClose
IcaStackDisconnect
IcaStackOpen
IcaOpen
IcaIoControl
IcaClose

rpcrt4

RpcStringBindingParseW
RpcStringFreeW
RpcServerInqCallAttributesW
RpcBindingToStringBindingW
I_RpcBindingIsClientLocal
RpcRevertToSelf
RpcImpersonateClient
RpcServerRegisterIfEx
RpcServerRegisterAuthInfoW
RpcServerInqDefaultPrincNameW
RpcServerListen
RpcServerUseProtseqEpW
RpcSsContextLockExclusive
NdrServerCall2
RpcRaiseException

kernel32

FileTimeToSystemTime
SystemTimeToFileTime
CompareFileTime
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCurrentThreadId
QueryPerformanceCounter
LoadLibraryA
InterlockedCompareExchange
DelayLoadFailureHook
GetACP
GetVersion
InitializeCriticalSection
LoadLibraryExW
GetSystemDefaultLCID
GetVersionExA
FormatMessageW
ReleaseMutex
CreateMutexW
HeapAlloc
GetLocalTime
GlobalMemoryStatus
GetDiskFreeSpaceA
GetEnvironmentStringsW
GetEnvironmentStrings
lstrlenA
FreeEnvironmentStringsW
FreeEnvironmentStringsA
HeapFree
DeviceIoControl
GetModuleHandleW
GetDateFormatW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetComputerNameA
GetComputerNameExW
InterlockedExchange
PulseEvent
MultiByteToWideChar
LocalSize
GetCurrentThread
SetThreadPriority
GetTickCount
GetWindowsDirectoryW
WideCharToMultiByte
GetProfileIntW
GetProfileStringW
LoadLibraryW
SetLastError
GetLastError
lstrlenW
LocalFree
LocalAlloc
GetProcessHeap
DisableThreadLibraryCalls
DebugBreak
Sleep
CloseHandle
CreateProcessW
GetCurrentProcessId
IsDebuggerPresent
GetVersionExW
ResetEvent
SetEvent
VerifyVersionInfoW
OpenEventW
InterlockedIncrement
InterlockedDecrement
CreateThread
CreateFileW
GetSystemDirectoryW
GetSystemTime
GetSystemTimeAsFileTime
lstrcpynW
lstrcatW
CreateEventW
WaitForSingleObject
lstrcpyW
ExitThread
IsBadReadPtr
IsBadWritePtr
OpenProcess
CreateTimerQueueTimer
DeleteTimerQueueTimer
CreateTimerQueue
QueueUserWorkItem
DuplicateHandle
GetCurrentProcess
lstrcmpiW
GetComputerNameW
FreeLibrary
GetProcAddress

user32

MessageBeep
wsprintfW
ExitWindowsEx
LoadStringW
GetLastInputInfo

secur32

GetUserNameExW

ws2_32

inet_ntoa
WSAGetLastError
getaddrinfo
inet_addr
freeaddrinfo
gethostbyname
WSAStartup

advapi32

MD4Init
MD4Update
MD4Final
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
SetServiceStatus
GetUserNameW
RegOpenKeyW
SetServiceBits
ReportEventW
RegisterEventSourceW
RegisterServiceCtrlHandlerW
CryptHashData
CryptReleaseContext
CryptDestroyHash
CryptDestroyKey
CryptVerifySignatureW
CryptImportKey
CryptCreateHash
CryptAcquireContextW
DeregisterEventSource
RegEnumKeyW
LogonUserW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
RegEnumValueW
LsaRetrievePrivateData
LsaNtStatusToWinError
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
CreateProcessAsUserW
RegCreateKeyExW
I_ScSendTSMessage
ElfRegisterEventSourceW
ElfReportEventW
LsaQueryInformationPolicy
GetEventLogInformation
LsaQuerySecret
LsaFreeMemory
LsaOpenPolicy
LsaCreateSecret
LsaOpenSecret
LsaClose
LsaSetSecret
LsaDelete
GetSecurityDescriptorDacl
GetAclInformation
GetAce
AddAce
OpenProcessToken
IsValidSecurityDescriptor
MakeAbsoluteSD
MakeSelfRelativeSD
CheckTokenMembership
OpenThreadToken
GetTokenInformation
GetLengthSid
InitializeAcl
AddAccessAllowedAce
CryptGenRandom
RegSetValueExW
LookupAccountSidW
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
AccessCheckAndAuditAlarmW
RevertToSelf
AllocateAndInitializeSid

oleaut32

SysStringByteLen
SysAllocString
VariantInit
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
VariantClear
SafeArrayDestroy
SysAllocStringLen
SysFreeString

authz

AuthziFreeAuditEventType
AuthziInitializeAuditEventType
AuthzInitializeResourceManager
AuthziFreeAuditParams
AuthzFreeAuditEvent
AuthziLogAuditEvent
AuthziInitializeAuditEvent
AuthziInitializeAuditParamsWithRM
AuthziAllocateAuditParams
AuthzFreeResourceManager

mstlsapi

ord133
ord38
ord36
ord29
ord35
ord31
ord39
ord132
ord34
ord135
ord40
ord41
ord25
ord46
ord134
ord32
ord26
ord30
ord6

Exports

Exports

ServiceMain

Sections

.text
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 99KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

812faf13064e3bfc6517e9f85a85745a

Headers

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

icaapi

rpcrt4

kernel32

user32

secur32

ws2_32

advapi32

oleaut32

authz

mstlsapi

Exports

Exports

Sections

.text Size: 206KB - Virtual size: 205KB

.data Size: 99KB - Virtual size: 134KB

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 206KB - Virtual size: 205KB

.data
Size: 99KB - Virtual size: 134KB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 12KB - Virtual size: 11KB