JaffaCakes118_ccc51c3115fe99dc006f26168b98e63d

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_ccc51c3115fe99dc006f26168b98e63d
Size

432KB
MD5

ccc51c3115fe99dc006f26168b98e63d
SHA1

8f61b9859ea6b0c724fd23d50c5cd9ee0805f53a
SHA256

7d1f673b1210b14856dbf0406d1964f1a3c292a5fce71b1265c356cc29633376
SHA512

3e579f6f988f54853be21e672e83bc1c6e455185f78e88fa0bd776c7db2d480d706ca84ad051dd9acb2b9e6ffbffcbf1ba35558afeb53108e1719b2d18d2a05b
SSDEEP

12288:WUCmZiCB2SWXcbOFHRkZ35yzzVEG31m5Iy/uYPt:UCBRWXcbwHR++K5I2uQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_ccc51c3115fe99dc006f26168b98e63d

Files

JaffaCakes118_ccc51c3115fe99dc006f26168b98e63d
.exe windows:10 windows x86 arch:x86

41721e0f933696d50ab32d544d64dcd3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

svchost.pdb

Imports

api-ms-win-core-crt-l2-1-0

_initterm
_initterm_e
__wgetmainargs

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
SetProcessAffinityUpdateMode
ExitProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64
GetTickCount

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
SetErrorMode
UnhandledExceptionFilter

api-ms-win-service-private-l1-1-3

I_RegisterSvchostNotificationCallback

api-ms-win-core-crt-l1-1-0

qsort_s
memset
memcpy
_wcsicmp

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
LoadLibraryExW

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
AcquireSRWLockExclusive
AcquireSRWLockShared
InitializeSRWLock
EnterCriticalSection
LeaveCriticalSection
ReleaseSRWLockShared

api-ms-win-service-winsvc-l1-1-0

RegisterServiceCtrlHandlerW

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW
SetServiceStatus

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
RegDisablePredefinedCacheEx
RegQueryValueExW
RegGetValueW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
ExpandEnvironmentStringsW

api-ms-win-core-processthreads-l1-1-1

SetProcessMitigationPolicy

api-ms-win-core-processthreads-l1-1-2

SetProtectedPolicy

rpcrt4

RpcServerUnregisterIfEx
I_RpcMapWin32Status
RpcServerUseProtseqEpW
RpcMgmtSetServerStackSize
RpcServerUnregisterIf
RpcServerRegisterIf
RpcMgmtStopServerListening
RpcServerListen
RpcMgmtWaitServerListen
I_RpcServerDisableExceptionFilter

api-ms-win-core-localization-l1-2-0

LCMapStringW

api-ms-win-security-base-l1-1-0

SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
GetLengthSid
AddAccessAllowedAce
InitializeAcl
GetTokenInformation
InitializeSecurityDescriptor

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-crt-utility-l1-1-0

bsearch_s

api-ms-win-core-sidebyside-l1-1-0

ReleaseActCtx
CreateActCtxW
DeactivateActCtx
ActivateActCtx

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

ntdll

RtlQueryHeapInformation
RtlImageNtHeader
_vsnwprintf
TpSetTimer
TpReleaseTimer
TpWaitForTimer
TpSetTimerEx
EtwEventWrite
RtlRunOnceExecuteOnce
RtlNtStatusToDosError
EtwEventEnabled
TpReleaseWait
RtlNtStatusToDosErrorNoTeb
TpSetWait
TpAllocWait
EtwEventRegister
RtlUnhandledExceptionFilter
NtSetInformationProcess
RtlSetProcessIsCritical
RtlInitializeCriticalSection
RtlInitializeSid
RtlAllocateHeap
RtlSubAuthoritySid
RtlGetDeviceFamilyInfoEnum
RtlReleaseSRWLockExclusive
RtlSubAuthorityCountSid
RtlAcquireSRWLockExclusive
RtlLengthRequiredSid
RtlDeriveCapabilitySidsFromName
RtlCopySid
RtlFreeHeap
TpAllocTimer
NtQuerySystemInformation

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 400KB - Virtual size: 992KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

41721e0f933696d50ab32d544d64dcd3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-crt-l2-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-service-private-l1-1-3

api-ms-win-core-crt-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-processthreads-l1-1-2

rpcrt4

api-ms-win-core-localization-l1-2-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-core-sidebyside-l1-1-0

api-ms-win-core-threadpool-private-l1-1-0

ntdll

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Sections

.text Size: 22KB - Virtual size: 22KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 20B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 400KB - Virtual size: 992KB

.text
Size: 22KB - Virtual size: 22KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 20B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 400KB - Virtual size: 992KB