16c21c7a18b2a97ed8a4632b1bb5688f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

16c21c7a18b2a97ed8a4632b1bb5688f_JaffaCakes118
Size

157KB
MD5

16c21c7a18b2a97ed8a4632b1bb5688f
SHA1

9643e1b5950dfc26c34e59d69593d53dc9504d84
SHA256

c1da547ce4b25ecc9477dee3f7b2713956ce6ae35bd0ea7228867aa06e8fd874
SHA512

d52cd40459ef196c33b1a1a4bdc923e59aec8e46e7d1f87a81815d279c21119fa1ac0843223cc33d529f6daad9adf0d532e168c24c96f5c88747fe6d7339b39e
SSDEEP

3072:/YFZqfEQE9mM3EnsRWzUSJ/aQiTM80ItTJKOGn4PgirLMKdK:QCQ9mM3VR0tJCTMyJ4ggir4KdK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16c21c7a18b2a97ed8a4632b1bb5688f_JaffaCakes118

Files

16c21c7a18b2a97ed8a4632b1bb5688f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1ec97defba4625b9c482c88fa5bb782f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msasn1

ASN1intx_setuint32
ASN1BEREncOctetString
ASN1_CreateDecoder
ASN1objectidentifier_free
ASN1_FreeEncoded
ASN1BEREncU32
ASN1_CreateModule
ASN1_CreateEncoder
ASN1DecSetError
ASN1EncSetError
ASN1BERDecGeneralizedTime
ASN1octetstring_free
ASN1BERDecBitString
ASN1intx_free
ASN1BERDecS32Val
ASN1_FreeDecoded
ASN1BERDecU32Val
ASN1DecAlloc
ASN1BERDecSkip
ASN1BERDecOctetString
ASN1intx2int32
ASN1BERDecCharString
ASN1CEREncGeneralizedTime
ASN1ztcharstring_free
ASN1BEREncBool
ASN1BERDecPeekTag
ASN1BEREncOpenType
ASN1BEREncCharString
ASN1charstring_free
ASN1BEREncObjectIdentifier
ASN1BERDecNotEndOfContents
ASN1BEREncEndOfContents
ASN1BERDecObjectIdentifier
ASN1BEREncBitString
ASN1bitstring_free
ASN1BERDecBool
ASN1_Decode
ASN1BEREncExplicitTag
ASN1BEREncSX
ASN1BERDecEndOfContents
ASN1_CloseDecoder
ASN1BERDecZeroCharString
ASN1_Encode
ASN1intx2uint32
ASN1BERDecExplicitTag
ASN1_CloseEncoder
ASN1Free
ASN1BERDecOpenType2
ASN1BEREncS32
ASN1intxisuint32
ASN1BERDecSXVal

ntdll

RtlReleaseResource
NtQueryInformationToken
RtlCreateTimerQueue
NtSetSecurityObject
RtlFreeAnsiString
RtlCreateTimer
RtlAnsiStringToUnicodeString
NtQuerySystemTime
RtlEnterCriticalSection
RtlSubAuthorityCountSid
RtlInitializeGenericTableAvl
RtlFreeUnicodeString
RtlConvertSharedToExclusive
RtlLengthSid
DbgPrint
RtlInitializeGenericTable
RtlVerifyVersionInfo
NtWaitForSingleObject
RtlDeleteElementGenericTable
RtlLookupElementGenericTableAvl
VerSetConditionMask
RtlInitializeResource
RtlDowncaseUnicodeString
RtlInitializeCriticalSection
RtlAppendUnicodeStringToString
RtlInsertElementGenericTableAvl
RtlSetDaclSecurityDescriptor
NtQuerySystemInformation
RtlCopyLuid
RtlSystemTimeToLocalTime
RtlDeregisterWait
RtlCreateSecurityDescriptor
RtlCopyUnicodeString
RtlInitUnicodeString
RtlInsertElementGenericTable
RtlRegisterWait
NtCreateEvent
RtlGetElementGenericTable
RtlCopySid
RtlDeleteTimerQueue
NtAllocateLocallyUniqueId
RtlEraseUnicodeString
RtlNtStatusToDosError
RtlAllocateAndInitializeSid
RtlEqualUnicodeString
RtlCompareMemory
RtlLookupElementGenericTable
NtAllocateVirtualMemory
RtlAcquireResourceExclusive
RtlUpcaseUnicodeString
RtlCompareUnicodeString
RtlConvertSidToUnicodeString
RtlLengthRequiredSid
NtClose
RtlLeaveCriticalSection
RtlRunDecodeUnicodeString
RtlPrefixUnicodeString
RtlInitAnsiString
RtlOemStringToUnicodeString
RtlCreateAcl
RtlInitializeSid
NtOpenEvent
NtOpenProcessToken
NtOpenThreadToken
RtlEqualDomainName
RtlUnicodeStringToAnsiString
RtlIntegerToUnicodeString
RtlValidSid
RtlTimeFieldsToTime
RtlDeleteCriticalSection
RtlTimeToTimeFields
NtDuplicateObject
RtlSubAuthoritySid
RtlAcquireResourceShared
RtlAddAccessAllowedAce
RtlFreeSid
RtlDeleteResource
RtlEqualSid

user32

CharLowerBuffW
wsprintfW

advapi32

GetTokenInformation
FreeSid
RegOpenKeyW
RegNotifyChangeKeyValue
RevertToSelf
CryptHashData
RegCreateKeyExW
RegSetValueExW
CryptAcquireContextW
RegisterEventSourceW
SetThreadToken
CryptSetProvParam
CloseServiceHandle
CryptReleaseContext
RegQueryValueExW
RegDeleteValueW
RegConnectRegistryW
GetTraceLoggerHandle
CryptGetHashParam
CryptCreateHash
QueryServiceStatus
RegCloseKey
CryptDestroyHash
CryptGetProvParam
SystemFunction006
RegOpenKeyExW
DeregisterEventSource
OpenThreadToken
QueryServiceConfigW
AllocateAndInitializeSid
SystemFunction007
RegisterTraceGuidsW
CredFree
OpenSCManagerW
RegQueryInfoKeyW
CredUnmarshalCredentialW
OpenServiceW
RegEnumKeyExW
LookupAccountSidW
TraceEvent
OpenProcessToken
ReportEventW

msvcrt

_wcsicmp
malloc
_vsnprintf
_adjust_fdiv
sprintf
wcstoul
wcsrchr
_initterm
_wcsnicmp
free
wcscpy
strrchr
_stricmp
_strnicmp
wcscat
sscanf
swprintf
wcscmp
qsort
_except_handler3
_strcmpi
_ultoa
strchr
wcslen
wcsspn

secur32

LsaFreeReturnBuffer
FreeContextBuffer
CredUnmarshalTargetInfo
CredMarshalTargetInfo
LsaGetLogonSessionData

kernel32

GetModuleFileNameW
DisableThreadLibraryCalls
GetACP
LocalFree
CreateFileW
CloseHandle
TerminateProcess
FreeLibrary
InterlockedDecrement
GetLocalTime
InterlockedExchange
CreateFileA
FormatMessageW
GetSystemTimeAsFileTime
lstrcpyW
VirtualAlloc
RegisterWaitForSingleObjectEx
DebugBreak
WriteFile
InterlockedCompareExchange
Sleep
lstrlenW
GetLastError
EnterCriticalSection
UnhandledExceptionFilter
InitializeCriticalSection
InterlockedIncrement
GetTickCount
CreateEventW
GetCurrentThread
GetProcAddress
LoadLibraryA
MapViewOfFileEx
SetUnhandledExceptionFilter
RaiseException
LocalAlloc
QueryPerformanceCounter
LoadLibraryW
GetModuleHandleW
GetComputerNameExW
WideCharToMultiByte
GetSystemInfo
SetEvent
OutputDebugStringA
lstrcmpW
GetModuleFileNameA
lstrlenA
FileTimeToSystemTime
CreateFileMappingW
GetCurrentProcess
DeleteCriticalSection
GetComputerNameW
GetProfileStringA
GetCurrentThreadId
MultiByteToWideChar
LeaveCriticalSection
InterlockedExchangeAdd
UnregisterWait
GetEnvironmentVariableW
OpenFileMappingW
ExpandEnvironmentStringsW
OpenEventW
UnmapViewOfFile
lstrcmpiA
GetCurrentProcessId

cryptdll

MD5Final
MD5Update
CDBuildIntegrityVect
CDLocateCSystem
CDFindCommonCSystemWithKey
CDLocateCheckSum
MD5Init
CDGenerateRandomBits

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1ec97defba4625b9c482c88fa5bb782f

Headers

DLL Characteristics

File Characteristics

Imports

msasn1

ntdll

user32

advapi32

msvcrt

secur32

kernel32

cryptdll

Sections

.text Size: 34KB - Virtual size: 34KB

.reloc Size: 512B - Virtual size: 20B

.data Size: 59KB - Virtual size: 352KB

.rsrc Size: 9KB - Virtual size: 8KB

.rdata Size: 53KB - Virtual size: 52KB

.text
Size: 34KB - Virtual size: 34KB

.reloc
Size: 512B - Virtual size: 20B

.data
Size: 59KB - Virtual size: 352KB

.rsrc
Size: 9KB - Virtual size: 8KB

.rdata
Size: 53KB - Virtual size: 52KB