JaffaCakes118_d0a07561429c8bf2a710ba8f28e88a27

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_d0a07561429c8bf2a710ba8f28e88a27
Size

432KB
MD5

d0a07561429c8bf2a710ba8f28e88a27
SHA1

e5f489a8fd563faab635be2ef33767e77e0b46a3
SHA256

da961e2ef259a6989f065c8ccc6197955ac58af48ab37a1db15602754790067a
SHA512

e540b895e00e8becb584b89a03283b52c188136cf8152c9e843ef4975849384c1d636c8d0b96a1c26ca7103c0fafaef52763abcb2ced443b79fb39d6d8202cb3
SSDEEP

12288:HUCmZiCQMBbM8WKutYYCc8gCzsVILw1ZrD:pCTjWKU7CgVI+rD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_d0a07561429c8bf2a710ba8f28e88a27

Files

JaffaCakes118_d0a07561429c8bf2a710ba8f28e88a27
.exe windows:10 windows x86 arch:x86

41721e0f933696d50ab32d544d64dcd3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

svchost.pdb

Imports

api-ms-win-core-crt-l2-1-0

_initterm
_initterm_e
__wgetmainargs

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
SetProcessAffinityUpdateMode
ExitProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64
GetTickCount

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
SetErrorMode
UnhandledExceptionFilter

api-ms-win-service-private-l1-1-3

I_RegisterSvchostNotificationCallback

api-ms-win-core-crt-l1-1-0

qsort_s
memset
memcpy
_wcsicmp

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
LoadLibraryExW

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
AcquireSRWLockExclusive
AcquireSRWLockShared
InitializeSRWLock
EnterCriticalSection
LeaveCriticalSection
ReleaseSRWLockShared

api-ms-win-service-winsvc-l1-1-0

RegisterServiceCtrlHandlerW

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW
SetServiceStatus

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
RegDisablePredefinedCacheEx
RegQueryValueExW
RegGetValueW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
ExpandEnvironmentStringsW

api-ms-win-core-processthreads-l1-1-1

SetProcessMitigationPolicy

api-ms-win-core-processthreads-l1-1-2

SetProtectedPolicy

rpcrt4

RpcServerUnregisterIfEx
I_RpcMapWin32Status
RpcServerUseProtseqEpW
RpcMgmtSetServerStackSize
RpcServerUnregisterIf
RpcServerRegisterIf
RpcMgmtStopServerListening
RpcServerListen
RpcMgmtWaitServerListen
I_RpcServerDisableExceptionFilter

api-ms-win-core-localization-l1-2-0

LCMapStringW

api-ms-win-security-base-l1-1-0

SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
GetLengthSid
AddAccessAllowedAce
InitializeAcl
GetTokenInformation
InitializeSecurityDescriptor

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-crt-utility-l1-1-0

bsearch_s

api-ms-win-core-sidebyside-l1-1-0

ReleaseActCtx
CreateActCtxW
DeactivateActCtx
ActivateActCtx

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

ntdll

RtlQueryHeapInformation
RtlImageNtHeader
_vsnwprintf
TpSetTimer
TpReleaseTimer
TpWaitForTimer
TpSetTimerEx
EtwEventWrite
RtlRunOnceExecuteOnce
RtlNtStatusToDosError
EtwEventEnabled
TpReleaseWait
RtlNtStatusToDosErrorNoTeb
TpSetWait
TpAllocWait
EtwEventRegister
RtlUnhandledExceptionFilter
NtSetInformationProcess
RtlSetProcessIsCritical
RtlInitializeCriticalSection
RtlInitializeSid
RtlAllocateHeap
RtlSubAuthoritySid
RtlGetDeviceFamilyInfoEnum
RtlReleaseSRWLockExclusive
RtlSubAuthorityCountSid
RtlAcquireSRWLockExclusive
RtlLengthRequiredSid
RtlDeriveCapabilitySidsFromName
RtlCopySid
RtlFreeHeap
TpAllocTimer
NtQuerySystemInformation

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 400KB - Virtual size: 992KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

41721e0f933696d50ab32d544d64dcd3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-crt-l2-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-service-private-l1-1-3

api-ms-win-core-crt-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-processthreads-l1-1-2

rpcrt4

api-ms-win-core-localization-l1-2-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-core-sidebyside-l1-1-0

api-ms-win-core-threadpool-private-l1-1-0

ntdll

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Sections

.text Size: 22KB - Virtual size: 22KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 20B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 400KB - Virtual size: 992KB

.text
Size: 22KB - Virtual size: 22KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 20B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 400KB - Virtual size: 992KB