06f502970ab457a60030264b6cf1ac90_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

06f502970ab457a60030264b6cf1ac90_JaffaCakes118
Size

712KB
MD5

06f502970ab457a60030264b6cf1ac90
SHA1

c813f921149a2810c93065075e297ef812415801
SHA256

95ff039cc194a4af5ac397fcf69bd3a993d104f673c9ff6785e4a14957632fd4
SHA512

a0a1e0132fc3dff749455718090416361677588fc07a98fb3a47fb0b86cbfa8e2bea1d6503d635e3a2d92bba02119cfb22fddc018ab6bccd4c5b335c7f557e63
SSDEEP

12288:QnMHDi2vrsvVEkz17PxZc6IWM8UgWNptrpVyvqn6uVl4gbay1:9fvrsvVnBc6IT8jQptg+6uVl4Hy1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06f502970ab457a60030264b6cf1ac90_JaffaCakes118

Files

06f502970ab457a60030264b6cf1ac90_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5c3e0a7d2e20faced3f1b5d2d30234f7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

r:\pismere\athena\auth\krb5\src\lib\obj\i386\rel\krb5_32.pdb

Imports

comerr32

add_error_table
remove_error_table
error_message

k5sprt32

krb5int_get_plugin_dir_data
krb5int_free_plugin_dir_data
krb5int_gai_strerror
krb5int_getaddrinfo
krb5int_freeaddrinfo
krb5int_open_plugin_dirs
krb5int_clear_error
krb5int_free_error
krb5int_getnameinfo
krb5int_get_error
krb5int_vset_error
krb5int_set_error_info_callout_fn
krb5int_set_error
krb5int_gmt_mktime
krb5int_close_plugin_dirs

kernel32

GetStdHandle
GetConsoleMode
SetConsoleMode
GetPrivateProfileStringA
RaiseException
InterlockedExchange
SetLastError
GetEnvironmentVariableA
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
lstrcpyW
MultiByteToWideChar
GetSystemTimeAsFileTime
CompareFileTime
LocalAlloc
GetLastError
CreateMutexA
CloseHandle
ReleaseMutex
WaitForSingleObject
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExW
GetCurrentProcess
GetModuleHandleW
WideCharToMultiByte
GetCPInfo
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalFree

ws2_32

getsockopt
shutdown
__WSAFDIsSet
WSASend
recv
ioctlsocket
setsockopt
send
getpeername
select
socket
inet_addr
connect
getsockname
closesocket
gethostbyname
getservbyname
gethostname
WSAGetLastError
WSACleanup
WSAStartup
ntohl
htonl
htons
ntohs

user32

SetWindowLongA
SetDlgItemTextA
GetWindowLongA
GetDlgItemTextA
EndDialog
DialogBoxParamA
GetWindowRect
GetDC
ReleaseDC
MoveWindow
RegisterWindowMessageA
PostMessageA

gdi32

GetDeviceCaps

msvcr71

_read
_open
_unlink
_fstat
_lseek
_mktemp
_fileno
_getpid
_stricmp
fprintf
sscanf
localtime
isgraph
ispunct
_close
_write
_strdup
isprint
strncmp
_isatty
gmtime
isdigit
_iob
fputs
fgets
putchar
getchar
memchr
strtol
labs
_commit
rename
atoi
strspn
islower
toupper
_stat
time
isupper
tolower
isspace
fflush
setbuf
fwrite
getc
fread
fseek
ftell
fopen
fclose
strrchr
wcslen
mktime
strcspn
_strnicmp
_assert
abort
free
sprintf
malloc
strcpy
strlen
_ftime
strcmp
memcpy
isalpha
strchr
getenv
strncpy
printf
memset
realloc
memmove
memcmp
_errno
calloc
strcat
strerror
wcsncpy
wcscat
strncat

Exports

Exports

afs_string_to_key
decode_krb5_ap_req
des_ecb_encrypt
des_init_random_number_generator
des_key_sched
des_new_random_key
des_pcbc_encrypt
des_quad_cksum
des_string_to_key
krb5_425_conv_principal
krb5_524_conv_principal
krb5_524_convert_creds
krb5_address_compare
krb5_address_order
krb5_address_search
krb5_aname_to_localname
krb5_appdefault_boolean
krb5_appdefault_string
krb5_auth_con_free
krb5_auth_con_genaddrs
krb5_auth_con_get_checksum_func
krb5_auth_con_getaddrs
krb5_auth_con_getauthenticator
krb5_auth_con_getflags
krb5_auth_con_getkey
krb5_auth_con_getlocalseqnumber
krb5_auth_con_getlocalsubkey
krb5_auth_con_getrcache
krb5_auth_con_getrecvsubkey
krb5_auth_con_getremoteseqnumber
krb5_auth_con_getremotesubkey
krb5_auth_con_getsendsubkey
krb5_auth_con_init
krb5_auth_con_initivector
krb5_auth_con_set_checksum_func
krb5_auth_con_set_req_cksumtype
krb5_auth_con_setaddrs
krb5_auth_con_setflags
krb5_auth_con_setports
krb5_auth_con_setrcache
krb5_auth_con_setrecvsubkey
krb5_auth_con_setsendsubkey
krb5_auth_con_setuseruserkey
krb5_build_principal
krb5_build_principal_ext
krb5_build_principal_va
krb5_c_block_size
krb5_c_checksum_length
krb5_c_decrypt
krb5_c_encrypt
krb5_c_encrypt_length
krb5_c_enctype_compare
krb5_c_is_coll_proof_cksum
krb5_c_is_keyed_cksum
krb5_c_keyed_checksum_types
krb5_c_make_checksum
krb5_c_make_random_key
krb5_c_prf
krb5_c_prf_length
krb5_c_random_make_octets
krb5_c_random_seed
krb5_c_string_to_key
krb5_c_string_to_key_with_params
krb5_c_valid_cksumtype
krb5_c_valid_enctype
krb5_c_verify_checksum
krb5_calculate_checksum
krb5_cc_close
krb5_cc_copy_creds
krb5_cc_default
krb5_cc_default_name
krb5_cc_destroy
krb5_cc_end_seq_get
krb5_cc_gen_new
krb5_cc_get_name
krb5_cc_get_principal
krb5_cc_get_type
krb5_cc_initialize
krb5_cc_new_unique
krb5_cc_next_cred
krb5_cc_remove_cred
krb5_cc_resolve
krb5_cc_retrieve_cred
krb5_cc_set_default_name
krb5_cc_set_flags
krb5_cc_start_seq_get
krb5_cc_store_cred
krb5_cccol_cursor_free
krb5_cccol_cursor_new
krb5_cccol_cursor_next
krb5_change_password
krb5_checksum_size
krb5_cksumtype_to_string
krb5_clear_error_message
krb5_copy_addresses
krb5_copy_authdata
krb5_copy_authenticator
krb5_copy_checksum
krb5_copy_context
krb5_copy_creds
krb5_copy_data
krb5_copy_keyblock
krb5_copy_keyblock_contents
krb5_copy_principal
krb5_copy_ticket
krb5_decode_ticket
krb5_decrypt
krb5_decrypt_tkt_part
krb5_deltat_to_string
krb5_eblock_enctype
krb5_encrypt
krb5_encrypt_size
krb5_enctype_to_string
krb5_externalize_opaque
krb5_finish_key
krb5_finish_random_key
krb5_free_addresses
krb5_free_ap_rep_enc_part
krb5_free_ap_req
krb5_free_authdata
krb5_free_authenticator
krb5_free_checksum
krb5_free_checksum_contents
krb5_free_cksumtypes
krb5_free_config_files
krb5_free_context
krb5_free_cred_contents
krb5_free_creds
krb5_free_data
krb5_free_data_contents
krb5_free_default_realm
krb5_free_enc_tkt_part
krb5_free_error
krb5_free_error_message
krb5_free_host_realm
krb5_free_keyblock
krb5_free_keyblock_contents
krb5_free_keytab_entry_contents
krb5_free_ktypes
krb5_free_principal
krb5_free_tgt_creds
krb5_free_ticket
krb5_free_unparsed_name
krb5_fwd_tgt_creds
krb5_get_credentials
krb5_get_credentials_renew
krb5_get_credentials_validate
krb5_get_default_config_files
krb5_get_default_realm
krb5_get_error_message
krb5_get_host_realm
krb5_get_in_tkt
krb5_get_in_tkt_with_keytab
krb5_get_in_tkt_with_password
krb5_get_in_tkt_with_skey
krb5_get_init_creds_keytab
krb5_get_init_creds_opt_alloc
krb5_get_init_creds_opt_free
krb5_get_init_creds_opt_free_pa
krb5_get_init_creds_opt_get_pa
krb5_get_init_creds_opt_init
krb5_get_init_creds_opt_set_address_list
krb5_get_init_creds_opt_set_change_password_prompt
krb5_get_init_creds_opt_set_etype_list
krb5_get_init_creds_opt_set_forwardable
krb5_get_init_creds_opt_set_pa
krb5_get_init_creds_opt_set_preauth_list
krb5_get_init_creds_opt_set_proxiable
krb5_get_init_creds_opt_set_renew_life
krb5_get_init_creds_opt_set_salt
krb5_get_init_creds_opt_set_tkt_life
krb5_get_init_creds_password
krb5_get_permitted_enctypes
krb5_get_profile
krb5_get_prompt_types
krb5_get_renewed_creds
krb5_get_server_rcache
krb5_get_tgs_ktypes
krb5_get_time_offsets
krb5_get_validated_creds
krb5_init_context
krb5_init_keyblock
krb5_init_random_key
krb5_init_secure_context
krb5_internalize_opaque
krb5_is_referral_realm
krb5_is_thread_safe
krb5_kt_add_entry
krb5_kt_close
krb5_kt_default
krb5_kt_default_name
krb5_kt_end_seq_get
krb5_kt_free_entry
krb5_kt_get_entry
krb5_kt_get_name
krb5_kt_get_type
krb5_kt_next_entry
krb5_kt_read_service_key
krb5_kt_remove_entry
krb5_kt_resolve
krb5_kt_start_seq_get
krb5_kuserok
krb5_mk_1cred
krb5_mk_error
krb5_mk_ncred
krb5_mk_priv
krb5_mk_rep
krb5_mk_req
krb5_mk_req_extended
krb5_mk_safe
krb5_os_localaddr
krb5_parse_name
krb5_principal2salt
krb5_principal_compare
krb5_process_key
krb5_prompter_posix
krb5_random_key
krb5_rc_close
krb5_rd_cred
krb5_rd_error
krb5_rd_priv
krb5_rd_rep
krb5_rd_req
krb5_rd_safe
krb5_read_password
krb5_realm_compare
krb5_recvauth
krb5_recvauth_version
krb5_salttype_to_string
krb5_sendauth
krb5_ser_auth_context_init
krb5_ser_ccache_init
krb5_ser_context_init
krb5_ser_keytab_init
krb5_ser_pack_bytes
krb5_ser_pack_int32
krb5_ser_rcache_init
krb5_ser_unpack_bytes
krb5_ser_unpack_int32
krb5_server_decrypt_ticket_keytab
krb5_set_default_realm
krb5_set_default_tgs_enctypes
krb5_set_error_message
krb5_set_password
krb5_set_password_using_ccache
krb5_set_principal_realm
krb5_set_real_time
krb5_size_opaque
krb5_sname_to_principal
krb5_string_to_cksumtype
krb5_string_to_deltat
krb5_string_to_enctype
krb5_string_to_key
krb5_string_to_salttype
krb5_string_to_timestamp
krb5_timeofday
krb5_timestamp_to_sfstring
krb5_timestamp_to_string
krb5_unparse_name
krb5_unparse_name_ext
krb5_us_timeofday
krb5_use_enctype
krb5_verify_checksum
krb5_verify_init_creds
krb5_verify_init_creds_opt_init
krb5_verify_init_creds_opt_set_ap_req_nofail
krb5_vset_error_message
krb5int_accessor
krb5int_cc_default

Sections

.text
Size: 512KB - Virtual size: 509KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c3e0a7d2e20faced3f1b5d2d30234f7

Headers

File Characteristics

PDB Paths

Imports

comerr32

k5sprt32

kernel32

ws2_32

user32

gdi32

msvcr71

Exports

Exports

Sections

.text Size: 512KB - Virtual size: 509KB

.rdata Size: 76KB - Virtual size: 73KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 96KB - Virtual size: 95KB

.reloc Size: 20KB - Virtual size: 18KB

.text
Size: 512KB - Virtual size: 509KB

.rdata
Size: 76KB - Virtual size: 73KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 96KB - Virtual size: 95KB

.reloc
Size: 20KB - Virtual size: 18KB