163525fc235449ec122f5a438020851c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

163525fc235449ec122f5a438020851c_JaffaCakes118
Size

329KB
MD5

163525fc235449ec122f5a438020851c
SHA1

b900f71e84f297893ca09d928d7fa928acbbb83d
SHA256

a55cc9e511c853c09f9e2eb06f516084f4b17a0503238a26e7449dae6349f997
SHA512

01773e116fdf1a360d4f1327d35a517a027bcea40aaf3116968a3b8e9930a666928e839a8f5f8c9eb5b19e4d85dbbc94efd503f6b99c80c99c4793732b268fcc
SSDEEP

6144:NivcoDkJloRZMJcLWSibO18zbeDhYgWzcA8HAFim8LJ28glvi3:sDkJyROJcLpiKDDezcAsJ28glvq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
163525fc235449ec122f5a438020851c_JaffaCakes118

Files

163525fc235449ec122f5a438020851c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

87091a29711ef976f76b7c082e7c4c5d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wcsspn
strchr
_initterm
_wcsnicmp
wcslen
swprintf
_vsnprintf
sscanf
_strnicmp
_except_handler3
strrchr
_adjust_fdiv
sprintf
wcsrchr
free
wcstoul
wcscat
_strcmpi
wcscpy
malloc
qsort
_stricmp
wcscmp
_wcsicmp
_ultoa

ntdll

RtlEnterCriticalSection
RtlNtStatusToDosError
RtlCompareUnicodeString
RtlInitializeGenericTableAvl
RtlUpcaseUnicodeString
RtlTimeToTimeFields
RtlInitializeResource
RtlInitializeCriticalSection
RtlLeaveCriticalSection
NtQuerySystemTime
RtlInitializeSid
RtlCreateSecurityDescriptor
RtlSubAuthoritySid
NtQuerySystemInformation
RtlUniform
RtlLengthSid
RtlLengthRequiredSid
RtlCopySid
RtlEqualUnicodeString
RtlCreateAcl
NtQueryInformationToken
RtlIntegerToUnicodeString
RtlAcquireResourceExclusive
RtlDeregisterWait
RtlRegisterWait
NtCreateEvent
NtAllocateVirtualMemory
RtlDowncaseUnicodeString
DbgPrint
RtlDeleteTimerQueue
RtlFreeSid
RtlFreeUnicodeString
RtlEqualDomainName
RtlFreeAnsiString
RtlSystemTimeToLocalTime
RtlReleaseResource
RtlEqualSid
RtlSetDaclSecurityDescriptor
RtlAnsiStringToUnicodeString
RtlRunDecodeUnicodeString
RtlEraseUnicodeString
RtlDeleteResource
RtlInsertElementGenericTable
RtlAppendUnicodeStringToString
RtlLookupElementGenericTableAvl
NtSetSecurityObject
RtlUnicodeStringToAnsiString
NtOpenEvent
RtlOemStringToUnicodeString
RtlAcquireResourceShared
RtlCreateTimerQueue
RtlDeleteCriticalSection
RtlSubAuthorityCountSid
NtOpenProcessToken
NtDuplicateObject
RtlPrefixUnicodeString
RtlLookupElementGenericTable
RtlValidSid
VerSetConditionMask
RtlConvertSidToUnicodeString
RtlConvertSharedToExclusive
RtlInitUnicodeString
RtlTimeFieldsToTime
RtlInitAnsiString
RtlCopyLuid
NtOpenThreadToken
RtlDeleteElementGenericTable
NtAllocateLocallyUniqueId
NtWaitForSingleObject
RtlCompareMemory
NtClose
RtlAllocateAndInitializeSid
RtlInitializeGenericTable
RtlVerifyVersionInfo
RtlCreateTimer
RtlCopyUnicodeString
RtlGetElementGenericTable
RtlInsertElementGenericTableAvl

msasn1

ASN1BERDecNotEndOfContents
ASN1intx_free
ASN1BEREncS32
ASN1BEREncBitString
ASN1BERDecSkip
ASN1BERDecOpenType2
ASN1BEREncOctetString
ASN1_CloseDecoder
ASN1bitstring_free
ASN1EncSetError
ASN1_Decode
ASN1BERDecCharString
ASN1_FreeDecoded
ASN1BERDecZeroCharString
ASN1_CloseEncoder
ASN1intxisuint32
ASN1BEREncSX
ASN1charstring_free
ASN1ztcharstring_free
ASN1intx2uint32
ASN1DecAlloc
ASN1BEREncOpenType
ASN1BERDecExplicitTag
ASN1intx2int32
ASN1BERDecPeekTag
ASN1BEREncObjectIdentifier
ASN1BEREncCharString
ASN1BERDecS32Val
ASN1Free
ASN1BERDecSXVal
ASN1octetstring_free
ASN1BERDecEndOfContents
ASN1BERDecObjectIdentifier
ASN1BERDecOctetString
ASN1BERDecGeneralizedTime
ASN1BERDecBool
ASN1_CreateEncoder
ASN1CEREncGeneralizedTime
ASN1BEREncEndOfContents
ASN1BERDecU32Val
ASN1BERDecBitString
ASN1BEREncU32
ASN1_CreateDecoder
ASN1BEREncExplicitTag
ASN1_Encode
ASN1BEREncBool
ASN1objectidentifier_free
ASN1intx_setuint32
ASN1DecSetError
ASN1_FreeEncoded
ASN1_CreateModule

cryptdll

MD5Update
CDFindCommonCSystemWithKey
CDBuildIntegrityVect
MD5Init
MD5Final
CDLocateCSystem
CDLocateCheckSum
CDGenerateRandomBits

user32

CharLowerBuffW
wsprintfW

secur32

FreeContextBuffer
CredMarshalTargetInfo
LsaFreeReturnBuffer
LsaGetLogonSessionData
CredUnmarshalTargetInfo

advapi32

DeregisterEventSource
SystemFunction006
RegOpenKeyW
CryptCreateHash
QueryServiceConfigW
LookupAccountSidW
RegCloseKey
TraceEvent
OpenProcessToken
RegisterEventSourceW
QueryServiceStatus
RegEnumKeyExW
FreeSid
CredFree
CryptAcquireContextW
RegQueryInfoKeyW
CryptDestroyHash
AllocateAndInitializeSid
RegCreateKeyExW
RegDeleteValueW
SystemFunction007
RegNotifyChangeKeyValue
ReportEventW
RegOpenKeyExW
GetTraceLoggerHandle
RegSetValueExW
RegQueryValueExW
OpenSCManagerW
RegisterTraceGuidsW
CloseServiceHandle
GetTokenInformation
RegConnectRegistryW
OpenThreadToken
CryptReleaseContext
CryptGetProvParam
CryptGetHashParam
CryptHashData
SetThreadToken
CredUnmarshalCredentialW
RevertToSelf
CryptSetProvParam
OpenServiceW

kernel32

CreateEventW
ExpandEnvironmentStringsW
LeaveCriticalSection
VirtualAlloc
GetComputerNameExW
GetLastError
CreateFileW
GetACP
GetCurrentProcess
OutputDebugStringA
SetEvent
EnterCriticalSection
CreateFileMappingW
InterlockedExchange
FormatMessageW
QueryPerformanceCounter
GetSystemInfo
InterlockedCompareExchange
GetCurrentProcessId
DebugBreak
MultiByteToWideChar
lstrcmpW
DisableThreadLibraryCalls
lstrcpyW
GetTickCount
GetProfileStringA
GetProcAddress
lstrlenW
CloseHandle
GetComputerNameW
GetSystemTimeAsFileTime
Sleep
WideCharToMultiByte
UnmapViewOfFile
GetLocalTime
lstrlenA
DeleteCriticalSection
GetCurrentThread
UnregisterWait
GetModuleHandleW
LoadLibraryA
WriteFile
GetModuleFileNameA
LocalFree
UnhandledExceptionFilter
InitializeCriticalSection
GetCurrentThreadId
FileTimeToSystemTime
GetEnvironmentVariableW
FreeLibrary
CreateFileA
SetUnhandledExceptionFilter
LocalAlloc
GetModuleFileNameW
InterlockedExchangeAdd
TerminateProcess
InterlockedIncrement
RegisterWaitForSingleObjectEx
lstrcmpiA
OpenFileMappingW
LoadLibraryW
OpenEventW
RaiseException
MapViewOfFileEx
InterlockedDecrement

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

87091a29711ef976f76b7c082e7c4c5d

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

msasn1

cryptdll

user32

secur32

advapi32

kernel32

Sections

.text Size: 18KB - Virtual size: 17KB

.data Size: 9KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 36KB - Virtual size: 36KB

.rdata Size: 264KB - Virtual size: 263KB

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 9KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 36KB - Virtual size: 36KB

.rdata
Size: 264KB - Virtual size: 263KB