181e0cf47e724b429e4794c97e3e6df3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

181e0cf47e724b429e4794c97e3e6df3_JaffaCakes118
Size

329KB
MD5

181e0cf47e724b429e4794c97e3e6df3
SHA1

baea58516d895ea3723644a3a63ee11fdc55a743
SHA256

6bf05bfcce7c9e21b36a0f088452aa2f822bb7537c507194a6bacd4401413cd6
SHA512

3131425cca483d0308f4978d9a7b2231e50b7f22e0da2311c122061fd86c804f57bf5a72ce0a0eeedf0888b7c0ad62b805ad7b279cb962129589539f8c5870c2
SSDEEP

6144:e3cgA+PL1toExlOWqqs0bqKWwXOuExUogAOol/IWlIYinL813T/6Y4hQOB8OvUv:eMpu1CClNqqsJRwXO/xtll/ZIYiLKr6I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
181e0cf47e724b429e4794c97e3e6df3_JaffaCakes118

Files

181e0cf47e724b429e4794c97e3e6df3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2cb21e34ae1e7fcd97546ad018927a39

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumKeyExW
RegCreateKeyExW
ReportEventW
CredFree
RegOpenKeyExW
GetTokenInformation
CryptHashData
QueryServiceStatus
RegOpenKeyW
RegQueryValueExW
RevertToSelf
CryptDestroyHash
FreeSid
GetTraceLoggerHandle
LookupAccountSidW
RegisterEventSourceW
DeregisterEventSource
AllocateAndInitializeSid
CryptSetProvParam
RegNotifyChangeKeyValue
CryptGetHashParam
SetThreadToken
CryptAcquireContextW
CryptGetProvParam
OpenSCManagerW
RegCloseKey
SystemFunction006
RegSetValueExW
CryptCreateHash
QueryServiceConfigW
RegisterTraceGuidsW
RegQueryInfoKeyW
OpenServiceW
CryptReleaseContext
RegDeleteValueW
SystemFunction007
OpenProcessToken
CloseServiceHandle
CredUnmarshalCredentialW
RegConnectRegistryW
TraceEvent
OpenThreadToken

cryptdll

CDGenerateRandomBits
CDLocateCheckSum
CDLocateCSystem
MD5Init
MD5Update
MD5Final
CDBuildIntegrityVect
CDFindCommonCSystemWithKey

ntdll

RtlGetElementGenericTable
RtlLengthSid
RtlFreeSid
RtlCompareUnicodeString
NtQueryInformationToken
RtlUpcaseUnicodeString
RtlFreeUnicodeString
RtlDeleteResource
NtQuerySystemInformation
RtlFreeAnsiString
RtlSubAuthoritySid
RtlCreateSecurityDescriptor
NtWaitForSingleObject
NtAllocateVirtualMemory
RtlCopyLuid
RtlVerifyVersionInfo
RtlValidSid
RtlCreateAcl
RtlTimeToTimeFields
RtlCopyUnicodeString
RtlCreateTimer
RtlEqualDomainName
NtDuplicateObject
VerSetConditionMask
RtlUnicodeStringToAnsiString
RtlInitializeCriticalSection
RtlAppendUnicodeStringToString
RtlInitializeGenericTableAvl
NtAllocateLocallyUniqueId
RtlPrefixUnicodeString
NtCreateEvent
RtlInitializeSid
RtlAnsiStringToUnicodeString
RtlCopySid
RtlRunDecodeUnicodeString
RtlTimeFieldsToTime
RtlInitializeGenericTable
RtlDeleteTimerQueue
RtlCreateTimerQueue
RtlDowncaseUnicodeString
NtSetSecurityObject
RtlAddAccessAllowedAce
RtlIntegerToUnicodeString
RtlSubAuthorityCountSid
NtOpenEvent
RtlSystemTimeToLocalTime
RtlInitializeResource
RtlCompareMemory
RtlAcquireResourceExclusive
DbgPrint
RtlInsertElementGenericTableAvl
RtlInitUnicodeString
RtlInitAnsiString
RtlEraseUnicodeString
RtlEqualSid
RtlReleaseResource
RtlSetDaclSecurityDescriptor
RtlUniform
RtlEnterCriticalSection
RtlAllocateAndInitializeSid
NtQuerySystemTime
RtlDeregisterWait
RtlInsertElementGenericTable
RtlEqualUnicodeString
RtlConvertSidToUnicodeString
RtlLeaveCriticalSection
RtlDeleteElementGenericTable
RtlOemStringToUnicodeString
RtlConvertSharedToExclusive
RtlLookupElementGenericTable
RtlLengthRequiredSid
RtlLookupElementGenericTableAvl
RtlNtStatusToDosError
RtlRegisterWait
NtOpenThreadToken
NtOpenProcessToken
NtClose
RtlAcquireResourceShared

msvcrt

_strnicmp
qsort
_wcsicmp
sprintf
wcsspn
_ultoa
_except_handler3
strchr
wcstoul
sscanf
wcscpy
free
_vsnprintf
_stricmp
wcslen
wcsrchr
_initterm
wcscat
_wcsnicmp
_adjust_fdiv
strrchr
malloc
_strcmpi
swprintf
wcscmp

secur32

CredUnmarshalTargetInfo
LsaGetLogonSessionData
LsaFreeReturnBuffer
CredMarshalTargetInfo
FreeContextBuffer

msasn1

ASN1BERDecEndOfContents
ASN1BERDecSkip
ASN1CEREncGeneralizedTime
ASN1BERDecNotEndOfContents
ASN1octetstring_free
ASN1DecSetError
ASN1BERDecCharString
ASN1BERDecGeneralizedTime
ASN1BERDecU32Val
ASN1BEREncObjectIdentifier
ASN1_Encode
ASN1_Decode
ASN1BEREncS32
ASN1BEREncOctetString
ASN1BERDecExplicitTag
ASN1_CloseDecoder
ASN1bitstring_free
ASN1BEREncBool
ASN1_CreateEncoder
ASN1BEREncExplicitTag
ASN1BEREncOpenType
ASN1BERDecOctetString
ASN1BERDecBitString
ASN1_CloseEncoder
ASN1BERDecOpenType2
ASN1BERDecZeroCharString
ASN1_FreeDecoded
ASN1Free
ASN1BEREncEndOfContents
ASN1intx2uint32
ASN1ztcharstring_free
ASN1BERDecS32Val
ASN1_CreateModule
ASN1DecAlloc
ASN1objectidentifier_free
ASN1BERDecBool
ASN1intx_free
ASN1intx_setuint32
ASN1BERDecSXVal
ASN1EncSetError
ASN1BEREncBitString
ASN1charstring_free
ASN1BEREncU32
ASN1_CreateDecoder
ASN1intx2int32
ASN1BEREncSX
ASN1_FreeEncoded
ASN1BERDecObjectIdentifier
ASN1BERDecPeekTag
ASN1intxisuint32
ASN1BEREncCharString

user32

CharLowerBuffW
wsprintfW

kernel32

GetProfileStringA
ExpandEnvironmentStringsW
SetUnhandledExceptionFilter
DebugBreak
GetComputerNameExW
LocalAlloc
InterlockedIncrement
CreateFileW
OutputDebugStringA
LeaveCriticalSection
GetModuleFileNameA
CloseHandle
RegisterWaitForSingleObjectEx
GetLastError
GetLocalTime
TerminateProcess
GetModuleHandleW
InterlockedDecrement
InitializeCriticalSection
EnterCriticalSection
WriteFile
GetCurrentProcess
UnmapViewOfFile
MultiByteToWideChar
lstrcmpiA
GetSystemTimeAsFileTime
GetComputerNameW
GetCurrentThreadId
GetModuleFileNameW
VirtualAlloc
WideCharToMultiByte
GetTickCount
CreateEventW
GetSystemInfo
DeleteCriticalSection
UnhandledExceptionFilter
DisableThreadLibraryCalls
lstrcmpW
LocalFree
FreeLibrary
FileTimeToSystemTime
OpenFileMappingW
GetCurrentThread
GetEnvironmentVariableW
InterlockedExchange
Sleep
InterlockedCompareExchange
lstrlenA
lstrcpyW
GetCurrentProcessId
QueryPerformanceCounter
lstrlenW
LoadLibraryW
LoadLibraryA
RaiseException
UnregisterWait
OpenEventW
FormatMessageW
SetEvent
GetACP
GetProcAddress
InterlockedExchangeAdd
CreateFileA
MapViewOfFileEx
CreateFileMappingW

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2cb21e34ae1e7fcd97546ad018927a39

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

cryptdll

ntdll

msvcrt

secur32

msasn1

user32

kernel32

Sections

.text Size: 18KB - Virtual size: 17KB

.data Size: 9KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 36KB - Virtual size: 36KB

.rdata Size: 264KB - Virtual size: 263KB

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 9KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 36KB - Virtual size: 36KB

.rdata
Size: 264KB - Virtual size: 263KB