1a6f2ded218a72736e21f373fa027ffc_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1a6f2ded218a72736e21f373fa027ffc_JaffaCakes118
Size

329KB
MD5

1a6f2ded218a72736e21f373fa027ffc
SHA1

22f7b0fcb82b94a2821a67799baea47336fee46c
SHA256

e28dbd8d4f11bedba2d38b9baaf8e6a3cbc03c0c4e6ffb33226ecceef96e35c3
SHA512

2f2001c3e328008ffb1e3f3a0f4b88bc5153043fe0e80c7e5112145de340d18e85e22905092cfe1f94af1833152387f8d1c72e1e150f11490273f791db247416
SSDEEP

6144:ga7exobo7K4zUeT1+yLRaEuc6HvzJXocR6RjrxERF/FvS:ga7Db34onBrVR6R3WxvS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a6f2ded218a72736e21f373fa027ffc_JaffaCakes118

Files

1a6f2ded218a72736e21f373fa027ffc_JaffaCakes118
.exe windows:5 windows x86 arch:x86

10141e3c3c8cf83dd1475c791722d93b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
LoadLibraryW
VirtualAlloc
lstrlenA
OpenFileMappingW
GetACP
GetCurrentThread
LocalFree
LeaveCriticalSection
CreateFileA
OpenEventW
InterlockedCompareExchange
DeleteCriticalSection
SetEvent
lstrcmpW
GetCurrentProcessId
InterlockedIncrement
GetModuleFileNameA
GetComputerNameExW
GetProfileStringA
CreateEventW
GetLastError
OutputDebugStringA
EnterCriticalSection
QueryPerformanceCounter
InitializeCriticalSection
LocalAlloc
CreateFileMappingW
MultiByteToWideChar
UnregisterWait
TerminateProcess
WriteFile
GetTickCount
GetSystemInfo
lstrlenW
SetUnhandledExceptionFilter
InterlockedDecrement
InterlockedExchangeAdd
ExpandEnvironmentStringsW
CloseHandle
RegisterWaitForSingleObjectEx
GetModuleHandleW
GetLocalTime
UnhandledExceptionFilter
MapViewOfFileEx
DisableThreadLibraryCalls
GetEnvironmentVariableW
GetCurrentProcess
GetComputerNameW
DebugBreak
FormatMessageW
lstrcpyW
FreeLibrary
GetModuleFileNameW
WideCharToMultiByte
Sleep
UnmapViewOfFile
InterlockedExchange
GetProcAddress
lstrcmpiA
CreateFileW
GetSystemTimeAsFileTime
RaiseException
LoadLibraryA
FileTimeToSystemTime

msasn1

ASN1BERDecEndOfContents
ASN1BERDecOpenType2
ASN1bitstring_free
ASN1BEREncExplicitTag
ASN1BEREncOpenType
ASN1BEREncU32
ASN1Free
ASN1intx_free
ASN1BERDecZeroCharString
ASN1objectidentifier_free
ASN1BEREncBitString
ASN1BERDecGeneralizedTime
ASN1_CloseDecoder
ASN1CEREncGeneralizedTime
ASN1ztcharstring_free
ASN1_FreeEncoded
ASN1BERDecU32Val
ASN1BERDecSkip
ASN1BERDecBool
ASN1BERDecS32Val
ASN1BERDecNotEndOfContents
ASN1BERDecObjectIdentifier
ASN1_Decode
ASN1BEREncCharString
ASN1_CreateEncoder
ASN1intxisuint32
ASN1intx_setuint32
ASN1_CloseEncoder
ASN1EncSetError
ASN1BEREncS32
ASN1BEREncObjectIdentifier
ASN1BEREncBool
ASN1charstring_free
ASN1intx2int32
ASN1BERDecBitString
ASN1BERDecOctetString
ASN1_CreateModule
ASN1BERDecExplicitTag
ASN1octetstring_free
ASN1BERDecCharString
ASN1BERDecSXVal
ASN1_FreeDecoded
ASN1_Encode
ASN1DecAlloc
ASN1intx2uint32
ASN1DecSetError
ASN1BERDecPeekTag
ASN1BEREncOctetString
ASN1BEREncEndOfContents
ASN1BEREncSX
ASN1_CreateDecoder

user32

CharLowerBuffW
wsprintfW

advapi32

RegQueryValueExW
RevertToSelf
OpenServiceW
GetTraceLoggerHandle
CryptGetHashParam
RegCreateKeyExW
RegOpenKeyW
AllocateAndInitializeSid
CredUnmarshalCredentialW
CryptCreateHash
RegisterEventSourceW
RegOpenKeyExW
CloseServiceHandle
CryptSetProvParam
RegDeleteValueW
RegConnectRegistryW
RegNotifyChangeKeyValue
LookupAccountSidW
RegQueryInfoKeyW
RegEnumKeyExW
DeregisterEventSource
CryptGetProvParam
GetTokenInformation
SystemFunction006
FreeSid
CredFree
SetThreadToken
QueryServiceStatus
CryptHashData
RegSetValueExW
SystemFunction007
CryptReleaseContext
CryptAcquireContextW
OpenSCManagerW
RegisterTraceGuidsW
ReportEventW
OpenThreadToken
RegCloseKey
TraceEvent
OpenProcessToken
CryptDestroyHash
QueryServiceConfigW

ntdll

RtlCreateTimerQueue
NtOpenThreadToken
RtlDeleteTimerQueue
RtlVerifyVersionInfo
NtCreateEvent
RtlIntegerToUnicodeString
RtlOemStringToUnicodeString
RtlDeleteCriticalSection
RtlLengthRequiredSid
RtlConvertSharedToExclusive
RtlEqualSid
RtlDowncaseUnicodeString
RtlLengthSid
RtlInitializeGenericTable
RtlInitializeResource
NtQueryInformationToken
RtlEraseUnicodeString
RtlInitializeSid
RtlDeleteElementGenericTable
RtlNtStatusToDosError
RtlCompareMemory
RtlConvertSidToUnicodeString
RtlDeregisterWait
RtlEqualDomainName
RtlCopyLuid
RtlUpcaseUnicodeString
RtlInitAnsiString
RtlCopyUnicodeString
RtlFreeAnsiString
RtlSetDaclSecurityDescriptor
RtlCreateTimer
RtlReleaseResource
RtlInitializeCriticalSection
RtlLookupElementGenericTable
RtlTimeFieldsToTime
RtlLeaveCriticalSection
RtlPrefixUnicodeString
RtlAnsiStringToUnicodeString
RtlCreateAcl
RtlEqualUnicodeString
RtlTimeToTimeFields
RtlUniform
NtClose
RtlAppendUnicodeStringToString
NtWaitForSingleObject
RtlSubAuthorityCountSid
NtSetSecurityObject
RtlAcquireResourceShared
RtlValidSid
NtAllocateVirtualMemory
RtlInsertElementGenericTableAvl
RtlAllocateAndInitializeSid
RtlUnicodeStringToAnsiString
RtlCompareUnicodeString
RtlInitUnicodeString
RtlAcquireResourceExclusive
RtlInsertElementGenericTable
RtlCreateSecurityDescriptor
RtlFreeUnicodeString
RtlFreeSid
NtQuerySystemInformation
RtlLookupElementGenericTableAvl
RtlRunDecodeUnicodeString
RtlInitializeGenericTableAvl
RtlSubAuthoritySid
NtDuplicateObject
RtlAddAccessAllowedAce
DbgPrint
RtlEnterCriticalSection
NtQuerySystemTime
RtlRegisterWait
RtlGetElementGenericTable
RtlCopySid
NtOpenEvent
NtAllocateLocallyUniqueId
RtlSystemTimeToLocalTime
RtlDeleteResource
NtOpenProcessToken

secur32

FreeContextBuffer
CredUnmarshalTargetInfo
LsaGetLogonSessionData
LsaFreeReturnBuffer
CredMarshalTargetInfo

cryptdll

CDLocateCheckSum
CDBuildIntegrityVect
MD5Final
CDLocateCSystem
MD5Init
CDGenerateRandomBits
CDFindCommonCSystemWithKey
MD5Update

msvcrt

malloc
_wcsicmp
_strnicmp
_strcmpi
_adjust_fdiv
sprintf
wcscmp
strchr
wcslen
qsort
swprintf
wcstoul
_except_handler3
_ultoa
wcsspn
wcscpy
_wcsnicmp
wcscat
_vsnprintf
_stricmp
_initterm
wcsrchr
strrchr
free
sscanf

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

10141e3c3c8cf83dd1475c791722d93b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msasn1

user32

advapi32

ntdll

secur32

cryptdll

msvcrt

Sections

.text Size: 18KB - Virtual size: 17KB

.data Size: 9KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 36KB - Virtual size: 36KB

.rdata Size: 264KB - Virtual size: 263KB

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 9KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 36KB - Virtual size: 36KB

.rdata
Size: 264KB - Virtual size: 263KB