crypt32.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
0ba5615088523b37394f42e3733eaa51_JaffaCakes118.dll
Resource
win7-20240221-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
0ba5615088523b37394f42e3733eaa51_JaffaCakes118.dll
Resource
win10v2004-20240419-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
0ba5615088523b37394f42e3733eaa51_JaffaCakes118
-
Size
1.2MB
-
MD5
0ba5615088523b37394f42e3733eaa51
-
SHA1
dae1ce8982b95212d92efc4d5fc8ada075332c5a
-
SHA256
02eb9613044cdfac79f58dac5a776a73d7ccf83f2d1f2c2844891637beb43819
-
SHA512
5f6a5803aa4ecbe77d1251c6499846b3e59811e667cb3bc478636c5301b901dcdc35906e45b8d75bd3cd9660114859b877c915d2fe7934ef247a8aa669fb4f4e
-
SSDEEP
24576:i87Sz3Z/DsMicx+7UqUDYl9sXnhUmJELeiwoH:DSzZ/Dsbcx+7UqU+IlJxixH
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0ba5615088523b37394f42e3733eaa51_JaffaCakes118
Files
-
0ba5615088523b37394f42e3733eaa51_JaffaCakes118.dll windows:6 windows x64 arch:x64
b8f85d3ac1ef7509e0f09787dcc1cfc6
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
advapi32
RegCreateKeyExA
RegOpenKeyExA
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
GetSidIdentifierAuthority
OpenProcessToken
GetSidSubAuthority
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
CopySid
IsValidSid
GetLengthSid
CryptReleaseContext
SetThreadToken
CryptGetProvParam
CryptDestroyKey
CryptAcquireContextW
CryptGetUserKey
CryptGenKey
ImpersonateSelf
RevertToSelf
RegConnectRegistryW
RegSetValueExA
RegSetValueExW
RegQueryValueExW
RegQueryValueExA
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyW
RegDeleteKeyA
RegDeleteValueW
RegNotifyChangeKeyValue
RegEnumValueW
CryptDestroyHash
CryptGetKeyParam
CryptExportKey
CryptSignHashA
CryptImportKey
CryptAcquireContextA
CryptVerifySignatureA
CryptSetProvParam
CryptEnumProvidersW
MD5Init
MD5Update
MD5Final
A_SHAInit
A_SHAUpdate
A_SHAFinal
CryptCreateHash
CryptHashData
CryptGetHashParam
RegEnumKeyA
RegLoadMUIStringW
CryptGetDefaultProviderW
GetUserNameW
AllocateAndInitializeSid
LookupPrivilegeValueA
ConvertStringSidToSidW
AdjustTokenPrivileges
FreeSid
RegGetKeySecurity
GetSecurityDescriptorOwner
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
GetSecurityInfo
RegSetKeySecurity
GetAce
EqualSid
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityInfo
InitializeAcl
AddAccessAllowedAce
CryptSetKeyParam
CryptEncrypt
CryptDecrypt
CryptSetHashParam
CryptDeriveKey
CryptGenRandom
CryptContextAddRef
ConvertSidToStringSidW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
SystemFunction040
SystemFunction041
LsaNtStatusToWinError
StartServiceW
QueryServiceStatus
QueryServiceConfigA
ChangeServiceConfigA
StartServiceA
LockServiceDatabase
OpenServiceW
OpenSCManagerW
ControlService
CloseServiceHandle
UnlockServiceDatabase
LookupAccountSidW
msvcrt
_onexit
_lock
__dllonexit
_unlock
__C_specific_handler
_amsg_exit
_initterm
_XcptFilter
toupper
_ultow
iswspace
wcsstr
memcpy
memset
atol
_vsnwprintf
_vsnprintf
strncmp
isxdigit
_ultoa
memmove
_wcsicmp
_ltow
_itow
wcschr
iswalpha
strtoul
_ltoa
qsort
bsearch
malloc
free
isupper
isdigit
memcmp
kernel32
GetDateFormatA
GetTimeFormatA
GetLocalTime
DelayLoadFailureHook
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetTickCount
SetThreadStackGuarantee
VirtualProtect
GetSystemInfo
VirtualAlloc
VirtualQuery
LocalSize
CreateDirectoryW
LoadLibraryA
FreeLibrary
GetEnvironmentVariableA
GetLastError
GetProcAddress
MultiByteToWideChar
SetLastError
LocalAlloc
LocalFree
WideCharToMultiByte
CloseHandle
GetCurrentProcess
GetCurrentThread
GetACP
OutputDebugStringA
CreateEventA
DeleteCriticalSection
WaitForSingleObject
CompareStringW
CompareFileTime
CompareStringA
CreateFileW
WaitForSingleObjectEx
WriteFile
SetEndOfFile
ReadFile
DuplicateHandle
SetFilePointer
GetFileSize
EnterCriticalSection
LeaveCriticalSection
GetFileAttributesExW
SetEvent
GetSystemTimeAsFileTime
ExitThread
CreateThread
GetSystemTime
SystemTimeToFileTime
RegisterWaitForSingleObject
GetComputerNameW
Sleep
FindFirstFileW
FindNextFileW
WaitForMultipleObjectsEx
FindClose
FindNextChangeNotification
SetFileAttributesW
GetCurrentThreadId
DeleteFileW
FreeLibraryAndExitThread
FindFirstChangeNotificationW
FindCloseChangeNotification
UnregisterWaitEx
LoadLibraryExW
ExpandEnvironmentStringsW
GetModuleFileNameW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
LocalReAlloc
GetUserDefaultLCID
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTimeFormatW
GetDateFormatW
FormatMessageW
GetTempFileNameA
CreateFileA
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
GetTempPathA
GetModuleHandleA
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
lstrlenA
lstrcmpA
GetTempPathW
GetTempFileNameW
FreeResource
FindResourceA
LoadResource
SizeofResource
LockResource
QueryPerformanceCounter
GetCurrentProcessId
QueryPerformanceFrequency
GetCommandLineA
InitializeCriticalSection
GetFileAttributesW
user32
GetDesktopWindow
MessageBoxW
LoadStringW
GetProcessDefaultLayout
msasn1
ASN1BEREncMultibyteString
ASN1_Decode
ASN1_Encode
ASN1_SetEncoderOption
ASN1BERDecU16Val
ASN1objectidentifier2_cmp
ASN1octetstring_free
ASN1open_free
ASN1BERDecOpenType
ASN1BERDecObjectIdentifier2
ASN1BEREncObjectIdentifier2
ASN1bitstring_free
ASN1BERDecBitString
ASN1BERDecOctetString
ASN1BEREncChar16String
ASN1BEREncOpenType
ASN1BERDecEoid
ASN1BERDecChar32String
ASN1CEREncNewBlkElement
ASN1CEREncEndBlk
ASN1_FreeEncoded
ASN1_FreeDecoded
ASN1_CloseEncoder
ASN1_CloseDecoder
ASN1_CreateEncoder
ASN1_CreateDecoder
ASN1BERDotVal2Eoid
ASN1BEREoid2DotVal
ASN1Free
ASN1BERDecBitString2
ASN1utf8string_free
ASN1BEREncS32
ASN1BERDecUTCTime
ASN1BERDecSXVal
ASN1BEREncEndOfContents
ASN1BEREncSX
ASN1BERDecU32Val
ASN1BEREncOctetString
ASN1ztcharstring_free
ASN1BERDecUTF8String
ASN1BERDecS32Val
ASN1CEREncFlushBlkElement
ASN1BERDecChar16String
ASN1BERDecPeekTag
ASN1char32string_free
ASN1BERDecOctetString2
ASN1_CreateModule
ASN1BEREncNull
ASN1DecSetError
ASN1BERDecEndOfContents
ASN1DecRealloc
ASN1CEREncBeginBlk
ASN1BEREncCharString
ASN1BEREncUTF8String
ASN1BERDecExplicitTag
ASN1BEREncBitString
ASN1_CloseModule
ASN1BERDecOpenType2
ASN1BERDecMultibyteString
ASN1BEREoid_free
ASN1BERDecBool
ASN1charstring_free
ASN1BERDecNotEndOfContents
ASN1CEREncGeneralizedTime
ASN1BEREncExplicitTag
ASN1intx_free
ASN1BERDecNull
ASN1BERDecCharString
ASN1BEREncBool
ASN1CEREncUTCTime
ASN1BERDecZeroCharString
ASN1BEREncU32
ASN1char16string_free
ASN1BERDecGeneralizedTime
ASN1BEREncChar32String
ASN1BEREncEoid
ASN1EncSetError
rpcrt4
RpcImpersonateClient
UuidToStringW
UuidCreate
RpcStringFreeW
UuidToStringA
RpcStringFreeA
UuidIsNil
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcBindingFree
RpcStringBindingComposeA
RpcBindingSetAuthInfoExW
RpcEpResolveBinding
RpcBindingFromStringBindingA
NdrClientCall3
RpcRevertToSelf
ntdll
RtlAllocateHeap
RtlFreeHeap
NtQueryInformationFile
ShipAssert
NtQueryObject
RtlImageNtHeader
userenv
UnregisterGPNotification
GetUserProfileDirectoryW
RegisterGPNotification
ExpandEnvironmentStringsForUserW
Exports
Exports
CertAddCRLContextToStore
CertAddCRLLinkToStore
CertAddCTLContextToStore
CertAddCTLLinkToStore
CertAddCertificateContextToStore
CertAddCertificateLinkToStore
CertAddEncodedCRLToStore
CertAddEncodedCTLToStore
CertAddEncodedCertificateToStore
CertAddEncodedCertificateToSystemStoreA
CertAddEncodedCertificateToSystemStoreW
CertAddEnhancedKeyUsageIdentifier
CertAddRefServerOcspResponse
CertAddRefServerOcspResponseContext
CertAddSerializedElementToStore
CertAddStoreToCollection
CertAlgIdToOID
CertCloseServerOcspResponse
CertCloseStore
CertCompareCertificate
CertCompareCertificateName
CertCompareIntegerBlob
CertComparePublicKeyInfo
CertControlStore
CertCreateCRLContext
CertCreateCTLContext
CertCreateCTLEntryFromCertificateContextProperties
CertCreateCertificateChainEngine
CertCreateCertificateContext
CertCreateContext
CertCreateSelfSignCertificate
CertDeleteCRLFromStore
CertDeleteCTLFromStore
CertDeleteCertificateFromStore
CertDuplicateCRLContext
CertDuplicateCTLContext
CertDuplicateCertificateChain
CertDuplicateCertificateContext
CertDuplicateStore
CertEnumCRLContextProperties
CertEnumCRLsInStore
CertEnumCTLContextProperties
CertEnumCTLsInStore
CertEnumCertificateContextProperties
CertEnumCertificatesInStore
CertEnumPhysicalStore
CertEnumSubjectInSortedCTL
CertEnumSystemStore
CertEnumSystemStoreLocation
CertFindAttribute
CertFindCRLInStore
CertFindCTLInStore
CertFindCertificateInCRL
CertFindCertificateInStore
CertFindChainInStore
CertFindExtension
CertFindRDNAttr
CertFindSubjectInCTL
CertFindSubjectInSortedCTL
CertFreeCRLContext
CertFreeCTLContext
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateContext
CertFreeServerOcspResponseContext
CertGetCRLContextProperty
CertGetCRLFromStore
CertGetCTLContextProperty
CertGetCertificateChain
CertGetCertificateContextProperty
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertGetIssuerCertificateFromStore
CertGetNameStringA
CertGetNameStringW
CertGetPublicKeyLength
CertGetServerOcspResponseContext
CertGetStoreProperty
CertGetSubjectCertificateFromStore
CertGetValidUsages
CertIsRDNAttrsInCertificateName
CertIsValidCRLForCertificate
CertNameToStrA
CertNameToStrW
CertOIDToAlgId
CertOpenServerOcspResponse
CertOpenStore
CertOpenSystemStoreA
CertOpenSystemStoreW
CertRDNValueToStrA
CertRDNValueToStrW
CertRegisterPhysicalStore
CertRegisterSystemStore
CertRemoveEnhancedKeyUsageIdentifier
CertRemoveStoreFromCollection
CertResyncCertificateChainEngine
CertRetrieveLogoOrBiometricInfo
CertSaveStore
CertSerializeCRLStoreElement
CertSerializeCTLStoreElement
CertSerializeCertificateStoreElement
CertSetCRLContextProperty
CertSetCTLContextProperty
CertSetCertificateContextPropertiesFromCTLEntry
CertSetCertificateContextProperty
CertSetEnhancedKeyUsage
CertSetStoreProperty
CertStrToNameA
CertStrToNameW
CertUnregisterPhysicalStore
CertUnregisterSystemStore
CertVerifyCRLRevocation
CertVerifyCRLTimeValidity
CertVerifyCTLUsage
CertVerifyCertificateChainPolicy
CertVerifyRevocation
CertVerifySubjectCertificateContext
CertVerifyTimeValidity
CertVerifyValidityNesting
CryptAcquireCertificatePrivateKey
CryptBinaryToStringA
CryptBinaryToStringW
CryptCloseAsyncHandle
CryptCreateAsyncHandle
CryptCreateKeyIdentifierFromCSP
CryptDecodeMessage
CryptDecodeObject
CryptDecodeObjectEx
CryptDecryptAndVerifyMessageSignature
CryptDecryptMessage
CryptEncodeObject
CryptEncodeObjectEx
CryptEncryptMessage
CryptEnumKeyIdentifierProperties
CryptEnumOIDFunction
CryptEnumOIDInfo
CryptExportPKCS8
CryptExportPublicKeyInfo
CryptExportPublicKeyInfoEx
CryptFindCertificateKeyProvInfo
CryptFindLocalizedName
CryptFindOIDInfo
CryptFormatObject
CryptFreeOIDFunctionAddress
CryptGetAsyncParam
CryptGetDefaultOIDDllList
CryptGetDefaultOIDFunctionAddress
CryptGetKeyIdentifierProperty
CryptGetMessageCertificates
CryptGetMessageSignerCount
CryptGetOIDFunctionAddress
CryptGetOIDFunctionValue
CryptHashCertificate
CryptHashCertificate2
CryptHashMessage
CryptHashPublicKeyInfo
CryptHashToBeSigned
CryptImportPKCS8
CryptImportPublicKeyInfo
CryptImportPublicKeyInfoEx
CryptImportPublicKeyInfoEx2
CryptInitOIDFunctionSet
CryptInstallDefaultContext
CryptInstallOIDFunctionAddress
CryptLoadSip
CryptMemAlloc
CryptMemFree
CryptMemRealloc
CryptMsgCalculateEncodedLength
CryptMsgClose
CryptMsgControl
CryptMsgCountersign
CryptMsgCountersignEncoded
CryptMsgDuplicate
CryptMsgEncodeAndSignCTL
CryptMsgGetAndVerifySigner
CryptMsgGetParam
CryptMsgOpenToDecode
CryptMsgOpenToEncode
CryptMsgSignCTL
CryptMsgUpdate
CryptMsgVerifyCountersignatureEncoded
CryptMsgVerifyCountersignatureEncodedEx
CryptProtectData
CryptProtectMemory
CryptQueryObject
CryptRegisterDefaultOIDFunction
CryptRegisterOIDFunction
CryptRegisterOIDInfo
CryptSIPAddProvider
CryptSIPCreateIndirectData
CryptSIPGetSignedDataMsg
CryptSIPLoad
CryptSIPPutSignedDataMsg
CryptSIPRemoveProvider
CryptSIPRemoveSignedDataMsg
CryptSIPRetrieveSubjectGuid
CryptSIPRetrieveSubjectGuidForCatalogFile
CryptSIPVerifyIndirectData
CryptSetAsyncParam
CryptSetKeyIdentifierProperty
CryptSetOIDFunctionValue
CryptSignAndEncodeCertificate
CryptSignAndEncryptMessage
CryptSignCertificate
CryptSignMessage
CryptSignMessageWithKey
CryptStringToBinaryA
CryptStringToBinaryW
CryptUninstallDefaultContext
CryptUnprotectData
CryptUnprotectMemory
CryptUnregisterDefaultOIDFunction
CryptUnregisterOIDFunction
CryptUnregisterOIDInfo
CryptUpdateProtectedState
CryptVerifyCertificateSignature
CryptVerifyCertificateSignatureEx
CryptVerifyDetachedMessageHash
CryptVerifyDetachedMessageSignature
CryptVerifyMessageHash
CryptVerifyMessageSignature
CryptVerifyMessageSignatureWithKey
I_CertDiagControl
I_CertProtectFunction
I_CertSrvProtectFunction
I_CertSyncStore
I_CertUpdateStore
I_CryptAddRefLruEntry
I_CryptAddSmartCardCertToStore
I_CryptAllocTls
I_CryptCreateLruCache
I_CryptCreateLruEntry
I_CryptDetachTls
I_CryptDisableLruOfEntries
I_CryptEnableLruOfEntries
I_CryptEnumMatchingLruEntries
I_CryptFindLruEntry
I_CryptFindLruEntryData
I_CryptFindSmartCardCertInStore
I_CryptFlushLruCache
I_CryptFreeLruCache
I_CryptFreeTls
I_CryptGetAsn1Decoder
I_CryptGetAsn1Encoder
I_CryptGetDefaultCryptProv
I_CryptGetDefaultCryptProvForEncrypt
I_CryptGetFileVersion
I_CryptGetLruEntryData
I_CryptGetLruEntryIdentifier
I_CryptGetOssGlobal
I_CryptGetTls
I_CryptInsertLruEntry
I_CryptInstallAsn1Module
I_CryptInstallOssGlobal
I_CryptReadTrustedPublisherDWORDValueFromRegistry
I_CryptRegisterSmartCardStore
I_CryptReleaseLruEntry
I_CryptRemoveLruEntry
I_CryptSetTls
I_CryptTouchLruEntry
I_CryptUninstallAsn1Module
I_CryptUninstallOssGlobal
I_CryptUnregisterSmartCardStore
I_CryptWalkAllLruCacheEntries
PFXExportCertStore
PFXExportCertStore2
PFXExportCertStoreEx
PFXImportCertStore
PFXIsPFXBlob
PFXVerifyPassword
Sections
.text Size: 907KB - Virtual size: 907KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 41KB - Virtual size: 41KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 258KB - Virtual size: 257KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ