0700aaf94a98639691d0ffc5b667ce01_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0700aaf94a98639691d0ffc5b667ce01_JaffaCakes118
Size

330KB
MD5

0700aaf94a98639691d0ffc5b667ce01
SHA1

7c57628bd2477d78d5f5e378477752cf91d8ea88
SHA256

14bae8a56d5848001f62519d87eec5b29522d2b815a5996861e3b10d7ced3803
SHA512

37b6edef11b99a2720c76bf30a61824b3ae1c89cac34cc83e2086ceef10048586a44d3e9cbdaf5f064b7c0763d01f8c21d0839e3586a73d0cabe0190dafdc29e
SSDEEP

6144:CI6+GFP7apSwppyMoVXqnXWbxktGa6A8JKb+BlsxLk1l1FwkdtMn5:U+YwpiXRy0vJ6+gmf1FZMn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0700aaf94a98639691d0ffc5b667ce01_JaffaCakes118

Files

0700aaf94a98639691d0ffc5b667ce01_JaffaCakes118
.exe windows:5 windows x86 arch:x86

60fd756c1a7e690ee1e9cda3e52dc4be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wcscat
_adjust_fdiv
_wcsicmp
_wcsnicmp
wcsspn
_except_handler3
wcslen
wcscpy
_initterm
strchr
qsort
_ultoa
strrchr
_strnicmp
sprintf
malloc
wcstoul
wcsrchr
swprintf
sscanf
_stricmp
free
_strcmpi
wcscmp
_vsnprintf

secur32

CredMarshalTargetInfo
LsaFreeReturnBuffer
LsaGetLogonSessionData
FreeContextBuffer
CredUnmarshalTargetInfo

kernel32

GetCurrentThread
InterlockedDecrement
GetLastError
DisableThreadLibraryCalls
OpenFileMappingW
WriteFile
OpenEventW
CloseHandle
EnterCriticalSection
OutputDebugStringA
GetSystemInfo
GetEnvironmentVariableW
LoadLibraryA
GetComputerNameW
lstrcmpW
SetUnhandledExceptionFilter
GetProfileStringA
GetCurrentThreadId
MultiByteToWideChar
GetModuleHandleW
GetTickCount
WideCharToMultiByte
GetCurrentProcess
MapViewOfFileEx
LoadLibraryW
InterlockedExchange
FileTimeToSystemTime
UnmapViewOfFile
InitializeCriticalSection
VirtualAlloc
lstrlenW
InterlockedExchangeAdd
CreateFileMappingW
ExitProcess
lstrcpyW
LocalFree
GetModuleFileNameA
lstrcmpiA
CreateFileA
GetComputerNameExW
UnregisterWait
GetCurrentProcessId
LocalAlloc
GetProcAddress
CreateFileW
FreeLibrary
GetModuleFileNameW
DeleteCriticalSection
GetSystemTimeAsFileTime
GetACP
QueryPerformanceCounter
RaiseException
SetEvent
TerminateProcess
RegisterWaitForSingleObjectEx
InterlockedIncrement
lstrlenA
UnhandledExceptionFilter
Sleep
CreateEventW
InterlockedCompareExchange
GetLocalTime
LeaveCriticalSection
DebugBreak
FormatMessageW

advapi32

RegOpenKeyW
OpenServiceW
CryptGetProvParam
FreeSid
SystemFunction007
CryptDestroyHash
RegQueryValueExW
RegConnectRegistryW
RegEnumKeyExW
SetThreadToken
CryptReleaseContext
RegCreateKeyExW
SystemFunction006
CloseServiceHandle
GetTokenInformation
RegOpenKeyExW
RegisterEventSourceW
ReportEventW
CryptSetProvParam
CryptHashData
RevertToSelf
OpenSCManagerW
LookupAccountSidW
AllocateAndInitializeSid
GetTraceLoggerHandle
CryptCreateHash
OpenProcessToken
RegisterTraceGuidsW
DeregisterEventSource
RegDeleteValueW
RegNotifyChangeKeyValue
QueryServiceConfigW
OpenThreadToken
CredFree
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
CredUnmarshalCredentialW
QueryServiceStatus
TraceEvent
CryptAcquireContextW
CryptGetHashParam

ntdll

RtlRunDecodeUnicodeString
RtlDeleteElementGenericTable
RtlAppendUnicodeStringToString
RtlInitializeCriticalSection
RtlIntegerToUnicodeString
RtlFreeAnsiString
NtAllocateVirtualMemory
RtlFreeUnicodeString
NtCreateDebugObject
RtlCreateSecurityDescriptor
RtlConvertSidToUnicodeString
RtlGetElementGenericTable
RtlTimeFieldsToTime
RtlDeleteResource
RtlUniform
RtlVerifyVersionInfo
RtlSubAuthorityCountSid
RtlAcquireResourceShared
RtlInitUnicodeString
NtDuplicateObject
RtlUlongByteSwap
NtQuerySystemInformation
RtlOemStringToUnicodeString
NtQueryInformationToken
RtlEqualSid
NtOpenEvent
RtlLeaveCriticalSection
RtlInsertElementGenericTable
RtlCompareMemory
RtlInitAnsiString
RtlCreateTimerQueue
VerSetConditionMask
RtlUpcaseUnicodeString
RtlInitializeGenericTable
RtlDeregisterWait
RtlLengthSid
RtlEnterCriticalSection
RtlRegisterWait
NtOpenProcessToken
RtlSetDaclSecurityDescriptor
RtlAddAccessAllowedAce
RtlEqualUnicodeString
RtlNtStatusToDosError
NtWaitForSingleObject
NtQuerySystemTime
RtlValidSid
RtlInitializeSid
NtClose
RtlCopyLuid
RtlReleaseResource
RtlDowncaseUnicodeString
RtlPrefixUnicodeString
RtlInsertElementGenericTableAvl
RtlEqualDomainName
RtlCopyUnicodeString
RtlAllocateAndInitializeSid
NtSetSecurityObject
RtlSubAuthoritySid
RtlDeleteCriticalSection
RtlFreeSid
RtlAcquireResourceExclusive
RtlTimeToTimeFields
RtlSystemTimeToLocalTime
RtlCompareUnicodeString
RtlLengthRequiredSid
NtAllocateLocallyUniqueId
RtlAnsiStringToUnicodeString
RtlConvertSharedToExclusive
RtlCopySid
RtlLookupElementGenericTableAvl
NtOpenThreadToken
RtlUnicodeStringToAnsiString
RtlLookupElementGenericTable
RtlCreateAcl
RtlInitializeGenericTableAvl
NtCreateEvent
RtlInitializeResource
RtlEraseUnicodeString

cryptdll

MD5Init
CDLocateCSystem
MD5Final
CDBuildIntegrityVect
CDFindCommonCSystemWithKey
CDLocateCheckSum
CDGenerateRandomBits
MD5Update

user32

CharLowerBuffW
wsprintfW

msasn1

ASN1EncSetError
ASN1BERDecBitString
ASN1BERDecOctetString
ASN1DecSetError
ASN1BEREncU32
ASN1_CreateDecoder
ASN1DecAlloc
ASN1_FreeEncoded
ASN1BEREncObjectIdentifier
ASN1BERDecExplicitTag
ASN1BEREncSX
ASN1octetstring_free
ASN1intxisuint32
ASN1BEREncCharString
ASN1_CloseEncoder
ASN1objectidentifier_free
ASN1BERDecSkip
ASN1BEREncBitString
ASN1BERDecBool
ASN1_FreeDecoded
ASN1intx2uint32
ASN1_CloseDecoder
ASN1ztcharstring_free
ASN1BEREncOctetString
ASN1BERDecObjectIdentifier
ASN1_CreateEncoder
ASN1BEREncOpenType
ASN1_Decode
ASN1BERDecSXVal
ASN1BERDecOpenType2
ASN1BEREncEndOfContents
ASN1BEREncBool
ASN1BERDecZeroCharString
ASN1CEREncGeneralizedTime
ASN1intx2int32
ASN1BERDecS32Val
ASN1BERDecCharString
ASN1BERDecU32Val
ASN1_CreateModule
ASN1_Encode
ASN1Free
ASN1BERDecEndOfContents
ASN1BERDecNotEndOfContents
ASN1bitstring_free
ASN1BEREncExplicitTag
ASN1BERDecGeneralizedTime
ASN1intx_setuint32
ASN1BEREncS32
ASN1intx_free
ASN1charstring_free
ASN1BERDecPeekTag

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 160KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

60fd756c1a7e690ee1e9cda3e52dc4be

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

secur32

kernel32

advapi32

ntdll

cryptdll

user32

msasn1

Sections

.text Size: 12KB - Virtual size: 11KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 144KB - Virtual size: 143KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 160KB - Virtual size: 1.4MB

.text
Size: 12KB - Virtual size: 11KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 144KB - Virtual size: 143KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 160KB - Virtual size: 1.4MB