2860aa477b45f3fbeb594220e3aee882_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2860aa477b45f3fbeb594220e3aee882_JaffaCakes118
Size

166KB
MD5

2860aa477b45f3fbeb594220e3aee882
SHA1

6190928016e7d6654d362d09b58e09067032e380
SHA256

513548d55f17d1dfd8b737ed786eb498a54dda20d3cf59b58dea97bede059bf7
SHA512

629be50cf6c857d5c7ea6ce7c2c3a6f79f45342d3a3da0e184828b4c34116a78703ada8a1647beabb4161dd00bd15e34bd4b43755f359024e89638b4c50b6b3e
SSDEEP

3072:M5b6kRPgV5Y3xnOIzHg5koL7902TEbAJ/J/GwDK4O/JcjRQwVSIW26FrbdmqqZZr:2pY7enMRz3LjtgzSh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2860aa477b45f3fbeb594220e3aee882_JaffaCakes118

Files

2860aa477b45f3fbeb594220e3aee882_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

f1300ceb80a71a5cf03ef9a78ef06fd2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

wintrust.pdb

Imports

msvcrt

__dllonexit
_adjust_fdiv
_initterm
wcslen
_snprintf
malloc
_onexit
qsort
_stricmp
_ltoa
atol
_wcsnicmp
_itow
wcsrchr
_memicmp
wcstol
memmove
vswprintf
wcscpy
wcscat
free
wcschr
_wtol
towupper
_except_handler3
wcscmp
_wcsicmp

advapi32

CryptDestroyHash
QueryServiceStatus
StartServiceA
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceConfigA
LockServiceDatabase
ChangeServiceConfigA
UnlockServiceDatabase
StartServiceW
CloseServiceHandle
EqualSid
LookupAccountSidW
AllocateAndInitializeSid
FreeSid
OpenThreadToken
OpenProcessToken
GetTokenInformation
GetLengthSid
CopySid
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
MD5Final
MD5Update
MD5Init
RegEnumValueA
CryptReleaseContext
CryptSetProvParam
A_SHAInit
CryptCreateHash
A_SHAUpdate
CryptHashData
A_SHAFinal
CryptGetHashParam
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCreateKeyExA
RegDeleteKeyA
RegDeleteKeyW
RegEnumValueW
RegDeleteValueA
RegDeleteValueW
CryptAcquireContextA

ntdll

RtlNtStatusToDosError

crypt32

CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertDeleteCertificateFromStore
CryptMsgGetParam
CertGetNameStringW
CertSetCertificateContextProperty
CertCreateCertificateContext
CertOpenSystemStoreA
CryptExportPublicKeyInfo
CertRDNValueToStrW
CertFindRDNAttr
CryptSIPLoad
CryptSIPRetrieveSubjectGuid
CryptMsgUpdate
CryptMsgOpenToDecode
CertGetSubjectCertificateFromStore
CryptMsgControl
CryptMsgVerifyCountersignatureEncodedEx
CryptEncodeObjectEx
CertFindAttribute
CryptSIPRemoveProvider
CryptSIPAddProvider
CryptEncodeObject
CryptStringToBinaryW
CertAlgIdToOID
CryptSIPRetrieveSubjectGuidForCatalogFile
CertCreateContext
CryptMsgEncodeAndSignCTL
CertFindSubjectInSortedCTL
CertVerifyCertificateChainPolicy
I_CryptCreateLruCache
CertCompareCertificateName
CertCloseStore
CertCreateCertificateChainEngine
CertOpenStore
CertDuplicateStore
CertAddStoreToCollection
CertComparePublicKeyInfo
CertFreeCertificateChainEngine
CertFreeCertificateChain
CertGetCertificateChain
CertGetEnhancedKeyUsage
CertFreeCTLContext
CertFreeCertificateContext
CertDuplicateCertificateContext
I_CryptGetAsn1Encoder
I_CryptGetAsn1Decoder
CryptRegisterOIDFunction
CryptUnregisterOIDFunction
I_CryptUninstallAsn1Module
I_CryptInstallAsn1Module
CertControlStore
CertVerifySubjectCertificateContext
CryptDecodeObject
CertCompareIntegerBlob
CertFindExtension
CertVerifyValidityNesting
CertVerifyTimeValidity
CertGetIssuerCertificateFromStore
I_CryptReadTrustedPublisherDWORDValueFromRegistry
I_CryptGetDefaultCryptProv
CryptMsgClose
CertOIDToAlgId
CertFindCertificateInStore
CertGetCertificateContextProperty
CryptEnumOIDInfo
I_CryptFreeLruCache
I_CryptCreateLruEntry
I_CryptReleaseLruEntry
I_CryptInsertLruEntry
I_CryptFindLruEntryData
I_CryptFlushLruCache

msasn1

ASN1_FreeEncoded
ASN1_SetEncoderOption
ASN1_Decode
ASN1_Encode
ASN1_FreeDecoded
ASN1Free
ASN1BERDecNotEndOfContents
ASN1DecRealloc
ASN1BERDecS32Val
ASN1BEREncS32
ASN1bitstring_free
ASN1BERDecBitString
ASN1bitstring_cmp
ASN1BEREncRemoveZeroBits
ASN1charstring_free
ASN1char16string_free
ASN1DecSetError
ASN1BERDecCharString
ASN1BERDecChar16String
ASN1EncSetError
ASN1BERDecOctetString2
ASN1BERDecExplicitTag
ASN1BERDecPeekTag
ASN1BERDecOpenType2
ASN1BERDecEndOfContents
ASN1BEREncExplicitTag
ASN1BEREncOpenType
ASN1BEREncEndOfContents
ASN1BERDecUTCTime
ASN1BERDecBool
ASN1BEREncBool
ASN1BERDecObjectIdentifier2
ASN1BEREncObjectIdentifier2
ASN1_CloseModule
ASN1_CreateModule
ASN1BEREncOctetString
ASN1BEREncBitString
ASN1BEREncChar16String
ASN1BEREncCharString
ASN1CEREncEndBlk
ASN1CEREncFlushBlkElement
ASN1CEREncNewBlkElement
ASN1CEREncBeginBlk
ASN1CEREncUTCTime

user32

wsprintfA
wsprintfW
MessageBoxA
GetDesktopWindow

kernel32

LoadLibraryW
ExpandEnvironmentStringsW
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
GetCurrentThread
SystemTimeToFileTime
LocalReAlloc
CreateMutexA
WaitForMultipleObjects
ReleaseMutex
Sleep
OutputDebugStringA
GetLocalTime
SetFileAttributesW
SetFileAttributesA
GetFileAttributesW
GetFileAttributesA
CopyFileW
CopyFileA
DeleteFileW
DeleteFileA
CreateFileW
CreateFileA
MoveFileExW
FindClose
GetSystemDirectoryW
GetCurrentDirectoryW
CreateEventA
RegisterWaitForSingleObject
UnregisterWaitEx
GetSystemInfo
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
GetFileSizeEx
SetEndOfFile
GetFileSize
InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
FileTimeToSystemTime
GetTimeFormatA
GetDateFormatA
WriteFile
GetProcessHeap
HeapAlloc
HeapFree
GetVersionExA
LocalAlloc
LocalFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InitializeCriticalSection
DeleteCriticalSection
ExpandEnvironmentStringsA
lstrcpyA
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
RemoveDirectoryW
CreateDirectoryW
CreateDirectoryA
GetLastError
lstrcmpA
SetLastError
SetEvent
DisableThreadLibraryCalls
lstrlenW
FreeLibrary
GetProcAddress
WideCharToMultiByte
ResetEvent
WaitForSingleObject
LoadLibraryA
lstrlenA
MultiByteToWideChar
CloseHandle
ReadFile
SetFilePointer

imagehlp

ImageAddCertificate
ImageRemoveCertificate
ImageGetCertificateData
ImageEnumerateCertificates

rpcrt4

RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcEpResolveBinding
RpcBindingSetAuthInfoExW
RpcStringFreeW
RpcBindingFree
NdrClientCall2

Exports

Exports

AddPersonalTrustDBPages
CatalogCompactHashDatabase
CryptCATAdminAcquireContext
CryptCATAdminAddCatalog
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATAdminPauseServiceForBackup
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
CryptCATAdminRemoveCatalog
CryptCATAdminResolveCatalogPath
CryptCATCDFClose
CryptCATCDFEnumAttributes
CryptCATCDFEnumAttributesWithCDFTag
CryptCATCDFEnumCatAttributes
CryptCATCDFEnumMembers
CryptCATCDFEnumMembersByCDFTag
CryptCATCDFEnumMembersByCDFTagEx
CryptCATCDFOpen
CryptCATCatalogInfoFromContext
CryptCATClose
CryptCATEnumerateAttr
CryptCATEnumerateCatAttr
CryptCATEnumerateMember
CryptCATGetAttrInfo
CryptCATGetCatAttrInfo
CryptCATGetMemberInfo
CryptCATHandleFromStore
CryptCATOpen
CryptCATPersistStore
CryptCATPutAttrInfo
CryptCATPutCatAttrInfo
CryptCATPutMemberInfo
CryptCATStoreFromHandle
CryptCATVerifyMember
CryptSIPCreateIndirectData
CryptSIPGetInfo
CryptSIPGetRegWorkingFlags
CryptSIPGetSignedDataMsg
CryptSIPPutSignedDataMsg
CryptSIPRemoveSignedDataMsg
CryptSIPVerifyIndirectData
DllRegisterServer
DllUnregisterServer
DriverCleanupPolicy
DriverFinalPolicy
DriverInitializePolicy
FindCertsByIssuer
GenericChainCertificateTrust
GenericChainFinalProv
HTTPSCertificateTrust
HTTPSFinalProv
I_CryptCatAdminMigrateToNewCatDB
IsCatalogFile
MsCatConstructHashTag
MsCatFreeHashTag
OfficeCleanupPolicy
OfficeInitializePolicy
OpenPersonalTrustDBDialog
OpenPersonalTrustDBDialogEx
SoftpubAuthenticode
SoftpubCheckCert
SoftpubCleanup
SoftpubDefCertInit
SoftpubDllRegisterServer
SoftpubDllUnregisterServer
SoftpubDumpStructure
SoftpubFreeDefUsageCallData
SoftpubInitialize
SoftpubLoadDefUsageCallData
SoftpubLoadMessage
SoftpubLoadSignature
TrustDecode
TrustFindIssuerCertificate
TrustFreeDecode
TrustIsCertificateSelfSigned
TrustOpenStores
WTHelperCertCheckValidSignature
WTHelperCertFindIssuerCertificate
WTHelperCertIsSelfSigned
WTHelperCheckCertUsage
WTHelperGetAgencyInfo
WTHelperGetFileHandle
WTHelperGetFileHash
WTHelperGetFileName
WTHelperGetKnownUsages
WTHelperGetProvCertFromChain
WTHelperGetProvPrivateDataFromChain
WTHelperGetProvSignerFromChain
WTHelperIsInRootStore
WTHelperOpenKnownStores
WTHelperProvDataFromStateData
WVTAsn1CatMemberInfoDecode
WVTAsn1CatMemberInfoEncode
WVTAsn1CatNameValueDecode
WVTAsn1CatNameValueEncode
WVTAsn1SpcFinancialCriteriaInfoDecode
WVTAsn1SpcFinancialCriteriaInfoEncode
WVTAsn1SpcIndirectDataContentDecode
WVTAsn1SpcIndirectDataContentEncode
WVTAsn1SpcLinkDecode
WVTAsn1SpcLinkEncode
WVTAsn1SpcMinimalCriteriaInfoDecode
WVTAsn1SpcMinimalCriteriaInfoEncode
WVTAsn1SpcPeImageDataDecode
WVTAsn1SpcPeImageDataEncode
WVTAsn1SpcSigInfoDecode
WVTAsn1SpcSigInfoEncode
WVTAsn1SpcSpAgencyInfoDecode
WVTAsn1SpcSpAgencyInfoEncode
WVTAsn1SpcSpOpusInfoDecode
WVTAsn1SpcSpOpusInfoEncode
WVTAsn1SpcStatementTypeDecode
WVTAsn1SpcStatementTypeEncode
WinVerifyTrust
WinVerifyTrustEx
WintrustAddActionID
WintrustAddDefaultForUsage
WintrustCertificateTrust
WintrustGetDefaultForUsage
WintrustGetRegPolicyFlags
WintrustLoadFunctionPointers
WintrustRemoveActionID
WintrustSetRegPolicyFlags
mscat32DllRegisterServer
mscat32DllUnregisterServer
mssip32DllRegisterServer
mssip32DllUnregisterServer

Sections

.text
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f1300ceb80a71a5cf03ef9a78ef06fd2

Headers

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

ntdll

crypt32

msasn1

user32

kernel32

imagehlp

rpcrt4

Exports

Exports

Sections

.text Size: 154KB - Virtual size: 154KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 154KB - Virtual size: 154KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 5KB - Virtual size: 5KB