f100ba8f921c2c01e8355689b15ae71e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f100ba8f921c2c01e8355689b15ae71e_JaffaCakes118
Size

1.5MB
MD5

f100ba8f921c2c01e8355689b15ae71e
SHA1

014d707a870318a8e484f5208b7abd5687cccee6
SHA256

6af205d5367a1b17bc8d31609e2e28fb6a44f8e04990482125c075e09d95c75c
SHA512

45e2be619cd2a3be9e5e308d0304ab81b75c1fe1749262aa01b1efc848a2b62c8754985c409a324ab92e867a3d6adff063dd9874cea3bd0ef2461d8a389cffdc
SSDEEP

49152:S75yKnDahYXSRCue/77ucMAO34Jzd9jBiIMx6:S8jOSRCue/77b3sJIm6

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack004/PWDump4.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack004/PWDump4.dll	upx
static1/unpack004/PWDump4.exe	upx

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack003/Bkhive.exe
unpack004/PWDump4.dll
unpack005/out.upx
unpack004/PWDump4.exe
unpack006/out.upx
unpack004/source/release/PWDump4.dl~
unpack004/source/release/pwdump4.ex~
unpack007/Samdump2.exe

Files

f100ba8f921c2c01e8355689b15ae71e_JaffaCakes118
.gz
sample
.tar
src_tools/Bkhive.zip
.zip
Bkhive.exe
.exe windows:4 windows x86 arch:x86

89d9e0558b61590988171d4ba51a754a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointer
GetLastError
WideCharToMultiByte
HeapAlloc
GetCommandLineA
GetVersion
ExitProcess
CloseHandle
WriteFile
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapFree
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
RtlUnwind
SetStdHandle
FlushFileBuffers
CreateFileA
MultiByteToWideChar
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetEndOfFile
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
src/bkhive.cpp
src/hive.cpp
src/hive.h
src_tools/Pwdump4.rar
.rar
COPYING.txt
PWDump4.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetHash

Sections

UPX0
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 790B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 342B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PWDump4.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PwDump4.txt
PwDumpFAQ.txt
source/Common.cpp
source/DumpMain.cpp
.js
source/DumpService.cpp
source/GetPID.cpp
source/Global.h
source/InjectRemote.cpp
source/LsaExt.cpp
source/LsaExt.def
source/LsaExt.dsp
source/LsaExt.plg
.html
source/PWDump4.lib
source/PipeInOut.cpp
source/PipeInOut.h
source/PwDump4.cpp
source/PwDump4.dsp
source/PwDump4.dsw
source/PwDump4.h
source/PwDump4.plg
.html
source/PwDump4.rc
source/release/PWDump4.dl~
.dll windows:4 windows x86 arch:x86

3a64b3de5ea8c65f03ef074c6ccd317b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OutputDebugStringA
GetProcAddress
FreeLibrary
WriteFile
DuplicateHandle
LoadLibraryA
OpenProcess
CloseHandle
GetCurrentProcess
GetLastError
DisableThreadLibraryCalls

advapi32

LsaQueryInformationPolicy
LsaOpenPolicy
LsaClose
LsaNtStatusToWinError

msvcrt

_snprintf
_vsnprintf
strchr
sprintf
wcstombs
_initterm
malloc
_adjust_fdiv
free

Exports

Exports

GetHash

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 790B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 342B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
source/release/pwdump4.ex~
.exe windows:4 windows x86 arch:x86

4d473b97282efd6208dd95dfe06538c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetCancelConnection2A
WNetAddConnection2A

kernel32

Sleep
CreateFileA
ReadFile
GetTickCount
DeleteFileA
CopyFileA
GetCurrentProcessId
WaitForSingleObject
DisconnectNamedPipe
CreateNamedPipeA
GetExitCodeThread
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
GetVersionExA
GetVersion
ConnectNamedPipe
LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleFileNameA
GetCurrentProcess
GetLastError
CloseHandle
WriteFile
MultiByteToWideChar
VirtualFreeEx

advapi32

SetServiceStatus
StartServiceCtrlDispatcherA
OpenSCManagerA
CreateServiceA
OpenServiceA
QueryServiceConfigA
StartServiceA
DeleteService
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegisterServiceCtrlHandlerA

msvcrt

strrchr
fprintf
_iob
_snprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
rand
srand
time
_beginthreadex
malloc
wcschr
printf
_getch
_putch
fclose
strchr
fopen
sprintf
__CxxFrameHandler
_CxxThrowException
setlocale
wctomb
_vsnprintf
strtoul
strncpy
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_stricmp

netapi32

NetShareGetInfo
NetApiBufferFree

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
source/resource.h
src_tools/README.txt
src_tools/Samdump2.zip
.zip
Samdump2.exe
.exe windows:4 windows x86 arch:x86

c1f02f1f6a83f9fb5c40b3f0c0005058

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileType
GetProcAddress
LoadLibraryA
HeapFree
GetLastError
WideCharToMultiByte
HeapAlloc
GetCommandLineA
GetVersion
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
CloseHandle
ReadFile
SetHandleCount
GetStdHandle
FreeLibrary
GetStartupInfoA
SetFilePointer
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
RtlUnwind
WriteFile
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
CreateFileA
GetCPInfo
GetACP
GetOEMCP
SetEndOfFile

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
src/Samdump2.cpp
src/e_os2.h
src/hive.cpp
src/hive.h
src/md32_common.h
src/md5.h
src/md5_dgst.c
src/md5_locl.h
src/opensslconf.h
src/opensslv.h
src/rc4.h
src/rc4_enc.c
src/rc4_skey.c
src_tools/bkhive_linux.tgz
.gz
bkhive_linux.tgz
.tar
bkhive.cpp
hive.cpp
hive.h
src_tools/pwdump2.zip
.zip
src_tools/samdump2_linux.tgz
.gz
src_tools/unzip552.zip
.zip

Sharing

General

Malware Config

Signatures

Files

89d9e0558b61590988171d4ba51a754a

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 7KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 20KB

UPX1 Size: 3KB - Virtual size: 4KB

UPX2 Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 4KB - Virtual size: 1KB

.rdata Size: 4KB - Virtual size: 790B

.data Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 342B

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 28KB

UPX1 Size: 12KB - Virtual size: 16KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 12KB - Virtual size: 8KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 6KB

.rsrc Size: 8KB - Virtual size: 7KB

3a64b3de5ea8c65f03ef074c6ccd317b

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 1KB

.rdata Size: 4KB - Virtual size: 790B

.data Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 342B

4d473b97282efd6208dd95dfe06538c4

Headers

File Characteristics

Imports

mpr

kernel32

advapi32

msvcrt

netapi32

Sections

.text Size: 12KB - Virtual size: 8KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 6KB

.rsrc Size: 8KB - Virtual size: 7KB

c1f02f1f6a83f9fb5c40b3f0c0005058

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 8KB

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 7KB

UPX0
Size: - Virtual size: 20KB

UPX1
Size: 3KB - Virtual size: 4KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 4KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 790B

.data
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 342B

UPX0
Size: - Virtual size: 28KB

UPX1
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 12KB - Virtual size: 8KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 8KB - Virtual size: 7KB

.text
Size: 4KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 790B

.data
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 342B

.text
Size: 12KB - Virtual size: 8KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 8KB - Virtual size: 7KB

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 8KB