19f69d87f20e95d0d5a70fd3a8a7dbdc_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

19f69d87f20e95d0d5a70fd3a8a7dbdc_JaffaCakes118
Size

329KB
MD5

19f69d87f20e95d0d5a70fd3a8a7dbdc
SHA1

92248b08210abf2efe985e840fda59ebf568cf81
SHA256

185d3d4b8c64280992105161d343f50d9e3e9224ce19a82a8e910a818f5f04b3
SHA512

9c54d9b4c69dcf505868ec3d6bb980168ebeeb5c6e85fef7d559812e3a6766ed86b06894a0793b54c9f0f777545886ee8b63e501e52f6d2846ed5f95b14e2850
SSDEEP

6144:IsTuoScRK254Z3kwu4qSQJscVaIMCsUY:IIFdyZ3i4qhTaIdY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
19f69d87f20e95d0d5a70fd3a8a7dbdc_JaffaCakes118

Files

19f69d87f20e95d0d5a70fd3a8a7dbdc_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b7fc22fcb664b8d393e260ffc7505925

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlLengthRequiredSid
RtlFreeAnsiString
RtlCompareUnicodeString
RtlConvertSidToUnicodeString
RtlCopySid
RtlSystemTimeToLocalTime
RtlLeaveCriticalSection
NtQuerySystemInformation
RtlEqualDomainName
RtlEraseUnicodeString
RtlInitializeSid
RtlInitializeGenericTable
RtlDeleteCriticalSection
RtlUniform
NtWaitForSingleObject
RtlCompareMemory
RtlEnterCriticalSection
DbgPrint
RtlOemStringToUnicodeString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
NtQuerySystemTime
RtlFreeUnicodeString
RtlCopyUnicodeString
RtlAppendUnicodeStringToString
RtlInitializeGenericTableAvl
RtlInsertElementGenericTable
RtlDeleteElementGenericTable
RtlInitializeResource
RtlCreateSecurityDescriptor
NtOpenThreadToken
NtSetSecurityObject
RtlEqualSid
RtlSubAuthorityCountSid
RtlCreateTimerQueue
RtlInitializeCriticalSection
RtlTimeToTimeFields
NtClose
RtlCreateTimer
NtOpenProcessToken
RtlAcquireResourceShared
RtlGetElementGenericTable
RtlInitAnsiString
RtlLookupElementGenericTableAvl
RtlCopyLuid
RtlDeregisterWait
RtlIntegerToUnicodeString
NtQueryInformationToken
RtlSubAuthoritySid
RtlVerifyVersionInfo
RtlConvertSharedToExclusive
NtDuplicateObject
RtlDowncaseUnicodeString
RtlFreeSid
RtlAnsiStringToUnicodeString
RtlTimeFieldsToTime
RtlLookupElementGenericTable
RtlAcquireResourceExclusive
RtlNtStatusToDosError
RtlInsertElementGenericTableAvl
RtlEqualUnicodeString
NtAllocateVirtualMemory
RtlReleaseResource
RtlAddAccessAllowedAce
RtlAllocateAndInitializeSid
RtlUpcaseUnicodeString
RtlDeleteResource
NtOpenEvent
RtlSetDaclSecurityDescriptor
RtlLengthSid
RtlCreateAcl
RtlRunDecodeUnicodeString
RtlRegisterWait
NtCreateEvent
RtlDeleteTimerQueue
VerSetConditionMask
RtlValidSid
RtlPrefixUnicodeString

msvcrt

sscanf
_vsnprintf
wcslen
_strcmpi
sprintf
_except_handler3
wcsrchr
_ultoa
malloc
strrchr
wcstoul
_stricmp
wcscmp
swprintf
_adjust_fdiv
qsort
wcscat
_wcsnicmp
wcscpy
free
_initterm
strchr
wcsspn
_wcsicmp
_strnicmp

secur32

CredUnmarshalTargetInfo
LsaGetLogonSessionData
CredMarshalTargetInfo
FreeContextBuffer
LsaFreeReturnBuffer

kernel32

SetUnhandledExceptionFilter
lstrlenW
InterlockedExchange
CreateFileA
LeaveCriticalSection
WriteFile
GetModuleFileNameW
GetLastError
CreateEventW
LocalFree
GetProfileStringA
GetProcAddress
GetCurrentThreadId
UnmapViewOfFile
lstrcmpW
DisableThreadLibraryCalls
RegisterWaitForSingleObjectEx
QueryPerformanceCounter
FormatMessageW
RaiseException
LocalAlloc
GetCurrentProcess
EnterCriticalSection
CreateFileMappingW
SetEvent
InitializeCriticalSection
GetACP
FreeLibrary
GetTickCount
lstrcmpiA
TerminateProcess
GetCurrentThread
GetCurrentProcessId
MultiByteToWideChar
LoadLibraryW
InterlockedIncrement
GetSystemTimeAsFileTime
CloseHandle
GetEnvironmentVariableW
InterlockedDecrement
DebugBreak
UnregisterWait
UnhandledExceptionFilter
VirtualAlloc
CreateFileW
WideCharToMultiByte
lstrcpyW
LoadLibraryA
GetLocalTime
GetComputerNameW
lstrlenA
FileTimeToSystemTime
Sleep
InterlockedExchangeAdd
GetSystemInfo
OpenFileMappingW
MapViewOfFileEx
GetComputerNameExW
GetModuleFileNameA
InterlockedCompareExchange
DeleteCriticalSection
OpenEventW
ExpandEnvironmentStringsW
GetModuleHandleW
OutputDebugStringA

cryptdll

MD5Init
MD5Update
CDLocateCSystem
CDGenerateRandomBits
CDBuildIntegrityVect
CDFindCommonCSystemWithKey
MD5Final
CDLocateCheckSum

advapi32

RevertToSelf
LookupAccountSidW
CryptCreateHash
RegSetValueExW
SystemFunction007
CryptHashData
QueryServiceStatus
CredUnmarshalCredentialW
RegQueryInfoKeyW
RegCloseKey
RegCreateKeyExW
FreeSid
SystemFunction006
CryptSetProvParam
RegDeleteValueW
RegisterTraceGuidsW
CredFree
RegOpenKeyExW
OpenSCManagerW
AllocateAndInitializeSid
TraceEvent
DeregisterEventSource
RegQueryValueExW
RegNotifyChangeKeyValue
CryptGetHashParam
ReportEventW
CloseServiceHandle
RegEnumKeyExW
QueryServiceConfigW
CryptAcquireContextW
CryptGetProvParam
RegisterEventSourceW
CryptDestroyHash
GetTraceLoggerHandle
RegOpenKeyW
OpenThreadToken
CryptReleaseContext
RegConnectRegistryW
GetTokenInformation
OpenProcessToken
SetThreadToken
OpenServiceW

msasn1

ASN1_Encode
ASN1BEREncExplicitTag
ASN1BERDecBool
ASN1BERDecBitString
ASN1ztcharstring_free
ASN1BERDecCharString
ASN1BEREncS32
ASN1_FreeEncoded
ASN1_CreateDecoder
ASN1BERDecPeekTag
ASN1CEREncGeneralizedTime
ASN1_CreateModule
ASN1intx_free
ASN1intxisuint32
ASN1BERDecEndOfContents
ASN1objectidentifier_free
ASN1Free
ASN1BEREncSX
ASN1BERDecSXVal
ASN1EncSetError
ASN1intx2int32
ASN1BERDecGeneralizedTime
ASN1_CloseDecoder
ASN1_CloseEncoder
ASN1_Decode
ASN1intx_setuint32
ASN1BEREncBitString
ASN1BEREncOctetString
ASN1octetstring_free
ASN1DecAlloc
ASN1DecSetError
ASN1BERDecExplicitTag
ASN1BEREncOpenType
ASN1BERDecSkip
ASN1BERDecU32Val
ASN1BERDecS32Val
ASN1BEREncObjectIdentifier
ASN1BERDecNotEndOfContents
ASN1BEREncU32
ASN1BERDecObjectIdentifier
ASN1bitstring_free
ASN1intx2uint32
ASN1charstring_free
ASN1BEREncCharString
ASN1BERDecOpenType2
ASN1BEREncBool
ASN1_CreateEncoder
ASN1BERDecZeroCharString
ASN1BEREncEndOfContents
ASN1BERDecOctetString
ASN1_FreeDecoded

user32

CharLowerBuffW
wsprintfW

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b7fc22fcb664b8d393e260ffc7505925

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

msvcrt

secur32

kernel32

cryptdll

advapi32

msasn1

user32

Sections

.text Size: 18KB - Virtual size: 17KB

.data Size: 9KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 36KB - Virtual size: 36KB

.rdata Size: 264KB - Virtual size: 263KB

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 9KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 36KB - Virtual size: 36KB

.rdata
Size: 264KB - Virtual size: 263KB