b7cfdb21d7e98b462eb1af3112f9293c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b7cfdb21d7e98b462eb1af3112f9293c_JaffaCakes118
Size

86KB
MD5

b7cfdb21d7e98b462eb1af3112f9293c
SHA1

f297fbc62b181f73e8fba82698640f5be7413d96
SHA256

5550c3b3db370397b7435ac9bc2c9441517951de2e7e7b3fca073fca60f7cbd2
SHA512

7bc49dfb0804110e0763b04e3ebd3180ce6d4111343acc8138c07e97920e681031adbf17c91431c652d1d12cc0d116a5dc61b36bed4328d1033560e9f94ae4ed
SSDEEP

1536:HZNgyPXTmbyfv0IajLXzO3d31nr9lyX7lWMTDr4RxuqhMfXXk34U5z3+v47tQ:HZlzH0IELX63p1nrzyNr4RwjE3DF31tQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7cfdb21d7e98b462eb1af3112f9293c_JaffaCakes118

Files

b7cfdb21d7e98b462eb1af3112f9293c_JaffaCakes118
.dll windows:6 windows x86 arch:x86

d7e9fe36530aa43b696f6a47d5c43d2a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ncrypt.pdb

Imports

ntdll

RtlUnhandledExceptionFilter
memcmp
NtTerminateProcess
EtwEventWrite
EtwRegisterTraceGuidsA
EtwGetTraceLoggerHandle
EtwUnregisterTraceGuids
EtwEventUnregister
EtwTraceMessage
EtwEventRegister
memset
memmove
RtlCompareMemory
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
_vsnwprintf
RtlAllocateHeap
RtlFreeHeap
RtlInitializeCriticalSection
RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlEnterCriticalSection
RtlCompareUnicodeString
RtlInitUnicodeString
_wcsicmp
RtlImageNtHeader
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
memcpy
LdrDisableThreadCalloutsForDll
_alloca_probe
RtlUnwind

api-ms-win-core-interlocked-l1-2-0

InterlockedCompareExchange
InterlockedIncrement
InterlockedDecrement

api-ms-win-core-libraryloader-l1-1-1

LoadLibraryExW
GetModuleFileNameW
FreeLibrary
GetProcAddress

api-ms-win-security-base-l1-2-0

GetSecurityDescriptorControl
PrivilegeCheck
IsValidSecurityDescriptor
MakeSelfRelativeSD
GetSecurityDescriptorLength

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-errorhandling-l1-1-1

GetLastError

api-ms-win-core-synch-l1-2-0

InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection

api-ms-win-core-sysinfo-l1-2-0

GetSystemInfo
GetSystemDirectoryW

bcrypt

BCryptSetProperty
BCryptFreeBuffer
BCryptResolveProviders
BCryptDecrypt
BCryptOpenAlgorithmProvider
BCryptDestroyHash
BCryptHashData
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptGetProperty
BCryptGenRandom
BCryptGenerateSymmetricKey
BCryptImportKey
BCryptDestroyKey
BCryptExportKey
BCryptEncrypt

ntasn1

ord2
ord4
ord3
ord5
ord37
ord6

api-ms-win-core-processthreads-l1-1-1

OpenProcessToken
SetThreadStackGuarantee
GetCurrentProcess

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegDeleteValueW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW

api-ms-win-core-memory-l1-1-1

VirtualQuery
VirtualProtect
VirtualAlloc

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI
DelayLoadFailureHook

Exports

Exports

BCryptAddContextFunction
BCryptAddContextFunctionProvider
BCryptCloseAlgorithmProvider
BCryptConfigureContext
BCryptConfigureContextFunction
BCryptCreateContext
BCryptCreateHash
BCryptDecrypt
BCryptDeleteContext
BCryptDeriveKey
BCryptDeriveKeyCapi
BCryptDeriveKeyPBKDF2
BCryptDestroyHash
BCryptDestroyKey
BCryptDestroySecret
BCryptDuplicateHash
BCryptDuplicateKey
BCryptEncrypt
BCryptEnumAlgorithms
BCryptEnumContextFunctionProviders
BCryptEnumContextFunctions
BCryptEnumContexts
BCryptEnumProviders
BCryptEnumRegisteredProviders
BCryptExportKey
BCryptFinalizeKeyPair
BCryptFinishHash
BCryptFreeBuffer
BCryptGenRandom
BCryptGenerateKeyPair
BCryptGenerateSymmetricKey
BCryptGetFipsAlgorithmMode
BCryptGetProperty
BCryptHashData
BCryptImportKey
BCryptImportKeyPair
BCryptKeyDerivation
BCryptOpenAlgorithmProvider
BCryptQueryContextConfiguration
BCryptQueryContextFunctionConfiguration
BCryptQueryContextFunctionProperty
BCryptQueryProviderRegistration
BCryptRegisterConfigChangeNotify
BCryptRegisterProvider
BCryptRemoveContextFunction
BCryptRemoveContextFunctionProvider
BCryptResolveProviders
BCryptSecretAgreement
BCryptSetAuditingInterface
BCryptSetContextFunctionProperty
BCryptSetProperty
BCryptSignHash
BCryptUnregisterConfigChangeNotify
BCryptUnregisterProvider
BCryptVerifySignature
GetIsolationServerInterface
GetKeyStorageInterface
GetSChannelInterface
NCryptCloseKeyProtector
NCryptCloseProtectionDescriptor
NCryptCreatePersistedKey
NCryptCreateProtectionDescriptor
NCryptDecrypt
NCryptDeleteKey
NCryptDeriveKey
NCryptDuplicateKeyProtectorHandle
NCryptEncrypt
NCryptEnumAlgorithms
NCryptEnumKeys
NCryptEnumStorageProviders
NCryptExportKey
NCryptFinalizeKey
NCryptFreeBuffer
NCryptFreeObject
NCryptGetProperty
NCryptGetProtectionDescriptorInfo
NCryptImportKey
NCryptIsAlgSupported
NCryptIsKeyHandle
NCryptKeyDerivation
NCryptNotifyChangeKey
NCryptOpenKey
NCryptOpenKeyProtector
NCryptOpenStorageProvider
NCryptProtectKey
NCryptProtectSecret
NCryptQueryProtectionDescriptorName
NCryptRegisterProtectionDescriptorName
NCryptSecretAgreement
NCryptSetAuditingInterface
NCryptSetProperty
NCryptSignHash
NCryptStreamClose
NCryptStreamOpenToProtect
NCryptStreamOpenToUnprotect
NCryptStreamUpdate
NCryptTranslateHandle
NCryptUnprotectKey
NCryptUnprotectSecret
NCryptVerifySignature
SslChangeNotify
SslComputeClientAuthHash
SslComputeEapKeyBlock
SslComputeFinishedHash
SslCreateClientAuthHash
SslCreateEphemeralKey
SslCreateHandshakeHash
SslDecrementProviderReferenceCount
SslDecryptPacket
SslEncryptPacket
SslEnumCipherSuites
SslEnumProtocolProviders
SslExportKey
SslFreeBuffer
SslFreeObject
SslGenerateMasterKey
SslGenerateSessionKeys
SslGetCipherSuitePRFHashAlgorithm
SslGetKeyProperty
SslGetProviderProperty
SslHashHandshake
SslImportKey
SslImportMasterKey
SslIncrementProviderReferenceCount
SslLookupCipherLengths
SslLookupCipherSuiteInfo
SslOpenPrivateKey
SslOpenProvider
SslSignHash
SslVerifySignature

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7e9fe36530aa43b696f6a47d5c43d2a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

api-ms-win-core-interlocked-l1-2-0

api-ms-win-core-libraryloader-l1-1-1

api-ms-win-security-base-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-sysinfo-l1-2-0

bcrypt

ntasn1

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-memory-l1-1-1

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 69KB - Virtual size: 68KB

.data Size: 1KB - Virtual size: 2KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 69KB - Virtual size: 68KB

.data
Size: 1KB - Virtual size: 2KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 3KB - Virtual size: 2KB