JaffaCakes118_08420c6aba2a98c0244745a441371759

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_08420c6aba2a98c0244745a441371759
Size

3.2MB
MD5

08420c6aba2a98c0244745a441371759
SHA1

ae8de0c8ec2e898a2af98b53e4900f3efa492d86
SHA256

34a96628474c2b2d223d2c01b9691ab97edb9d3205c4a32ecc9c15e64e71ed52
SHA512

8edefe017cfe9bf62eedcd347f6344758d91af4d76cdf013462c2c91aa535d7f30e51771d5a87da89a8c8a421d7925c80eed3219bf872e80780a906075d4b6f8
SSDEEP

49152:YdYBe5gRjzQM2cZQSQbe8WyOcRWpCP7UVG9k2cfkrqlnHwwf65iJuyV1K5cojcxv:XxMB5NMKSL1vWDkhhz5ABh9SJVNvJb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_08420c6aba2a98c0244745a441371759

Files

JaffaCakes118_08420c6aba2a98c0244745a441371759
.exe windows:6 windows x86 arch:x86

522613916868e4512bdf9a470d3400f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

sppsvc.pdb

Imports

advapi32

TraceMessage
RegCloseKey
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
SetServiceStatus
RegOpenKeyExW
RegQueryValueExW
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
FreeSid
RegDeleteKeyW
RegCreateKeyExW
CheckTokenMembership
AllocateAndInitializeSid
ConvertStringSidToSidW
RegEnumKeyW
RegQueryInfoKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetKeySecurity
RegDeleteValueW
RegSetValueExW
CryptGenRandom
CryptAcquireContextW
CryptReleaseContext
DeregisterEventSource
ReportEventW
RegisterEventSourceW
EqualSid
OpenProcessToken
ConvertSidToStringSidW
LookupAccountNameW
RegEnumKeyExW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptDestroyKey
CryptEncrypt
CryptDecrypt
CryptImportKey
CryptSignHashA
CryptVerifySignatureA
CryptExportKey
CryptGenKey
RegisterTraceGuidsA
GetTokenInformation

kernel32

Sleep
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
GetCurrentThreadId
DeleteTimerQueueEx
ReleaseSemaphore
LoadLibraryW
SetThreadPriority
GetThreadPriority
DuplicateHandle
GetCurrentProcess
GetCurrentThread
OpenThread
GetTickCount
ReleaseMutex
CreateSemaphoreW
IsWow64Process
OpenMutexW
CreateMutexW
ExpandEnvironmentStringsW
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
SetFileAttributesW
GetFileAttributesW
ChangeTimerQueueTimer
CreateDirectoryW
WriteFile
CreateFileW
GetFileSizeEx
QueueUserWorkItem
ReadFile
GetFileSize
MultiByteToWideChar
OpenProcess
GetCurrentProcessId
GetSystemInfo
CompareFileTime
SystemTimeToFileTime
GetSystemTimeAsFileTime
DeleteTimerQueue
WaitForMultipleObjects
GetDevicePowerState
CreateSemaphoreA
InterlockedExchangeAdd
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetFullPathNameW
InitializeCriticalSection
SetLastError
VirtualProtect
VirtualFree
VirtualAlloc
GetLocalTime
MoveFileExW
CopyFileW
FlushFileBuffers
DeleteFileW
SetFilePointer
CreateFileMappingW
MapViewOfFile
GetModuleHandleW
UnmapViewOfFile
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetComputerNameW
DeviceIoControl
GetLocaleInfoW
GetSystemDirectoryW
LCMapStringW
WideCharToMultiByte
GetVersionExA
GetVersion
VirtualQuery
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedExchange
UnregisterWaitEx
SetEvent
GetModuleHandleExW
GetProcAddress
CreateTimerQueue
CreateTimerQueueTimer
CreateEventW
RegisterWaitForSingleObject
RaiseException
InterlockedDecrement
GetVersionExW
InterlockedIncrement
GetLastError
HeapSetInformation
DeleteTimerQueueTimer
LeaveCriticalSection
LocalFree
EnterCriticalSection
LocalAlloc
DeleteCriticalSection
FreeLibrary
CloseHandle
DecodePointer
EncodePointer
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
lstrlenW

msvcrt

rand
srand
time
memset
_vscwprintf
_beginthreadex
_vsnwprintf
_itow
_wtoi
_ui64tow
_wtof
free
malloc
_controlfp
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
wcsncmp
_wcsnicmp
wcschr
memmove
swscanf
_wcsicmp
_purecall
sscanf
memcpy

rpcrt4

NdrServerCall2
RpcServerRegisterIfEx
RpcServerUseProtseqEpW
RpcServerListen
RpcServerUnregisterIf
RpcMgmtStopServerListening
I_RpcBindingInqLocalClientPID
RpcServerInqCallAttributesW
RpcRaiseException
RpcStringFreeW
RpcRevertToSelfEx
RpcImpersonateClient
UuidCreate
UuidFromStringW
UuidToStringW
I_RpcMapWin32Status

ntdll

NtQueryInformationThread
NtSetInformationThread
RtlUnwind
RtlFreeHeap
RtlAllocateHeap
RtlInitUnicodeString
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlCopyUnicodeString
RtlCompareUnicodeString

ole32

CoInitializeSecurity
CoUninitialize
CoInitializeEx

Exports

Exports

?SPRevision@@3PADA
?SPVersion@@3PADA

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 258KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 176KB - Virtual size: 472KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

522613916868e4512bdf9a470d3400f6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

rpcrt4

ntdll

ole32

Exports

Exports

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.data Size: 258KB - Virtual size: 257KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 88KB - Virtual size: 88KB

.vmp0 Size: 176KB - Virtual size: 472KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.data
Size: 258KB - Virtual size: 257KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 88KB - Virtual size: 88KB

.vmp0
Size: 176KB - Virtual size: 472KB