f2cd4ff3b9baf43773ddb5b171204b47_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f2cd4ff3b9baf43773ddb5b171204b47_JaffaCakes118
Size

1.1MB
MD5

f2cd4ff3b9baf43773ddb5b171204b47
SHA1

43597b095545d88805996ae48df2fa891758d07a
SHA256

f09dd9474c250b7085352248dc6ff7a612e888138bdc707ccb6a9df01f590fa1
SHA512

329f5613b0e61df49b4c08eecd684e6b9659495a4704f7d4eec65043e34841b9f887a39599995175df2b16a12e688b1341da02bc1e6b9af2b3efe1ae0c02a8f9
SSDEEP

24576:sbF5izrve/g5XUNFw+d3fJMkPKpeVzpziF3bk1nANwgpLy6Oz7XafiawJ/:MFcj8FwwJMHeVFW+1nA5pLy6Oz7Xafil

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f2cd4ff3b9baf43773ddb5b171204b47_JaffaCakes118

Files

f2cd4ff3b9baf43773ddb5b171204b47_JaffaCakes118
.dll windows:5 windows x86 arch:x86

7158f368a22177f63b4147c088969891

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\lp-work\中孚KEY（liupeng）\2014主线_国密开发库\trunk\source\src\smart 兼容性开发\smart 开发库\vcprojects\Release\SmartCTCAPIHID.pdb

Imports

kernel32

LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
IsBadWritePtr
HeapFree
GetProcessHeap
Process32Next
Process32First
CreateToolhelp32Snapshot
HeapAlloc
GetCurrentProcessId
InterlockedCompareExchange
SetEnvironmentVariableA
EnterCriticalSection
GetVersionExA
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
LocalFree
LocalAlloc
DeviceIoControl
GetVersion
FormatMessageA
GetLocalTime
ProcessIdToSessionId
CreateFileA
GetFileSizeEx
CompareStringA
SetEndOfFile
PurgeComm
CreateEventA
ReadFile
GetOverlappedResult
CancelIo
MultiByteToWideChar
ReleaseMutex
CompareStringW
CreateMutexA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
DeleteFileA
SetFilePointer
lstrlenA
WriteFile
GetTickCount
GetCurrentThreadId
Sleep
ReleaseSemaphore
WaitForSingleObject
CloseHandle
OpenSemaphoreA
GetLastError
CreateSemaphoreA
GetUserDefaultLCID
GetDateFormatA
GetSystemTimeAsFileTime
HeapReAlloc
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
SetConsoleCtrlHandler
HeapCreate
HeapDestroy
VirtualFree
FatalAppExitA
VirtualAlloc
GetModuleHandleW
GetProcAddress
ExitProcess
GetStdHandle
WideCharToMultiByte
GetTimeZoneInformation
SetHandleCount
GetFileType
GetStartupInfoA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
HeapSize
LCMapStringA
LCMapStringW
GetModuleHandleA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
FreeLibrary
InterlockedExchange
LoadLibraryA
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetModuleFileNameA

user32

CharUpperBuffA
GetSystemMetrics
FindWindowA

advapi32

CryptAcquireContextA
CryptGenRandom
InitializeSecurityDescriptor
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
CryptReleaseContext
CryptDestroyKey
CryptExportKey
CryptGetUserKey
SetSecurityDescriptorDacl

shell32

SHGetSpecialFolderPathA

hid

HidD_GetFeature
HidD_GetManufacturerString
HidD_GetHidGuid
HidD_GetPreparsedData
HidP_GetCaps
HidD_FreePreparsedData
HidD_GetAttributes
HidD_SetFeature

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA

crypt32

CertCreateCertificateContext
CertCloseStore
CertCompareCertificateName
CertGetNameStringA
CertEnumCertificatesInStore
CryptAcquireCertificatePrivateKey
CertFindCertificateInStore
PFXImportCertStore
CertSetCertificateContextProperty
CertAddEncodedCertificateToStore
CertOpenSystemStoreA
CertFreeCertificateContext

shlwapi

PathRemoveFileSpecA

Exports

Exports

SKFX_PriKeyDecrypt
SKF_AsyPrvKeyDecrypt
SKF_CancelWaitForDevEvent
SKF_ChangeDevAuthKey
SKF_ChangePIN
SKF_ChangePinByPinID
SKF_ClearSecureState
SKF_CloseApplication
SKF_CloseContainer
SKF_CloseHandle
SKF_ConnectDev
SKF_CreateApplication
SKF_CreateContainer
SKF_CreateFile
SKF_Decrypt
SKF_DecryptFinal
SKF_DecryptInit
SKF_DecryptUpdate
SKF_DeleteApplication
SKF_DeleteContainer
SKF_DeleteFile
SKF_DevAuth
SKF_Digest
SKF_DigestFinal
SKF_DigestInit
SKF_DigestUpdate
SKF_DisConnectDev
SKF_ECCExportSessionKey
SKF_ECCExportSessionKeyEx
SKF_ECCSignData
SKF_ECCVerify
SKF_Encrypt
SKF_EncryptFinal
SKF_EncryptInit
SKF_EncryptUpdate
SKF_EnumApplication
SKF_EnumContainer
SKF_EnumDev
SKF_EnumFiles
SKF_ExportCertificate
SKF_ExportPublicKey
SKF_ExtECCDecrypt
SKF_ExtECCEncrypt
SKF_ExtECCSign
SKF_ExtECCVerify
SKF_ExtRSAPriKeyOperation
SKF_ExtRSAPubKeyOperation
SKF_GenECCExKey
SKF_GenECCKeyPair
SKF_GenExtRSAKey
SKF_GenExtRSAKey_Ex
SKF_GenRSAKeyPair
SKF_GenRandom
SKF_GenerateAgreementDataAndKeyWithECC
SKF_GenerateAgreementDataWithECC
SKF_GenerateKeyWithECC
SKF_GetAppRight
SKF_GetContainerType
SKF_GetDevInfo
SKF_GetDevState
SKF_GetFileInfo
SKF_GetFunctionList
SKF_GetPINInfo
SKF_ImportCertificate
SKF_ImportECCKeyPair
SKF_ImportRSAKeyPair
SKF_ImportSessionKey
SKF_Key_File
SKF_LockDev
SKF_Mac
SKF_MacFinal
SKF_MacInit
SKF_MacUpdate
SKF_OpenApplication
SKF_OpenContainer
SKF_PrvKeyDecrypt
SKF_RSAExportSessionKey
SKF_RSAExportSessionKeyEx
SKF_RSAImportPrivateKeyEx
SKF_RSAImportPubKeyEx
SKF_RSAPrivateKeyOperationEx
SKF_RSAPublicKeyOperationEx
SKF_RSASignData
SKF_RSAVerify
SKF_ReadFile
SKF_ReadFile_Ex
SKF_SetLabel
SKF_SetSymmKey
SKF_Transmit
SKF_UnblockPIN
SKF_UnlockDev
SKF_VerifyPIN
SKF_VerifyPinByPinID
SKF_WaitForDevEvent
SKF_WriteFile
SKF_WriteFile_Ex
Zf_Export
Zf_Import
Zf_RSAPriToDERPri
Zf_RSAPubToDERPub

Sections

.text
Size: 751KB - Virtual size: 751KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 268KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

MyData
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7158f368a22177f63b4147c088969891

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

hid

setupapi

crypt32

shlwapi

Exports

Exports

Sections

.text Size: 751KB - Virtual size: 751KB

.rdata Size: 268KB - Virtual size: 268KB

.data Size: 15KB - Virtual size: 38KB

MyData Size: 5KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 37KB - Virtual size: 37KB

.text
Size: 751KB - Virtual size: 751KB

.rdata
Size: 268KB - Virtual size: 268KB

.data
Size: 15KB - Virtual size: 38KB

MyData
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 37KB - Virtual size: 37KB