28864a6c715763eb579737cbfdc728ea_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

28864a6c715763eb579737cbfdc728ea_JaffaCakes118
Size

418KB
MD5

28864a6c715763eb579737cbfdc728ea
SHA1

fafed50b8cd8120303c0f78ae6bc6e68ec7e9bb4
SHA256

859abe6430c708a00ad1293b5d4b812b0dd6c5b3792d1dd93dfa08c2c240ef66
SHA512

5238a3e2a07750aece19474993e4ddd4b31c65ea7eb80ea756d7eddb9748396ab6b799bc30066ca9569c10a7bdd2d85cee72145dcb73e63fbb5cbc5bf44f0098
SSDEEP

6144:UOvqrLH6p3b49yaqMr9kj5yfjFR9gDVVYOyr10ZF7s9P5+lKx8kNMQtCyq7zPVWb:9qrLHssCEoUFMiOyp0Uxtttns

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28864a6c715763eb579737cbfdc728ea_JaffaCakes118

Files

28864a6c715763eb579737cbfdc728ea_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b707c17fb982616c2619d03a4ffe69c1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RaiseException
InterlockedExchangeAdd
GetTickCount
DeleteCriticalSection
CreateFileA
Sleep
ExpandEnvironmentStringsW
DisableThreadLibraryCalls
OutputDebugStringA
UnmapViewOfFile
CreateEventW
GetCurrentThread
lstrcmpiA
GetModuleFileNameA
OpenEventW
MapViewOfFileEx
GetLocalTime
GetCurrentThreadId
SetUnhandledExceptionFilter
LeaveCriticalSection
InterlockedExchange
GetProcAddress
GetLastError
QueryPerformanceCounter
GetACP
lstrlenA
GetEnvironmentVariableW
UnhandledExceptionFilter
GetSystemInfo
EnterCriticalSection
LocalAlloc
VirtualAlloc
SetEvent
lstrcmpW
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
FileTimeToSystemTime
GetCurrentProcessId
OpenFileMappingW
RegisterWaitForSingleObjectEx
LoadLibraryA
GetSystemTimeAsFileTime
MultiByteToWideChar
CloseHandle
GetModuleHandleW
FreeLibrary
CreateFileMappingW
WideCharToMultiByte
FormatMessageW
InitializeCriticalSection
GetProfileStringA
GetComputerNameW
WriteFile
lstrcpyW
LoadLibraryW
CreateFileW
UnregisterWait
LocalFree
GetModuleFileNameW
lstrlenW
DebugBreak
GetComputerNameExW
InterlockedCompareExchange
TerminateProcess

secur32

LsaFreeReturnBuffer
LsaGetLogonSessionData
CredMarshalTargetInfo
CredUnmarshalTargetInfo
FreeContextBuffer

advapi32

CryptGetHashParam
OpenThreadToken
LookupAccountSidW
RegSetValueExW
DeregisterEventSource
RegQueryInfoKeyW
RegisterEventSourceW
RegConnectRegistryW
RegOpenKeyExW
RevertToSelf
ReportEventW
SystemFunction007
OpenServiceW
AllocateAndInitializeSid
OpenSCManagerW
CryptReleaseContext
GetTraceLoggerHandle
RegisterTraceGuidsW
RegQueryValueExW
TraceEvent
CredUnmarshalCredentialW
CryptAcquireContextW
GetTokenInformation
RegCreateKeyExW
RegEnumKeyExW
QueryServiceStatus
RegNotifyChangeKeyValue
CryptCreateHash
RegCloseKey
RegOpenKeyW
CloseServiceHandle
QueryServiceConfigW
CryptDestroyHash
CryptHashData
OpenProcessToken
CryptSetProvParam
SystemFunction006
FreeSid
SetThreadToken
CryptGetProvParam
RegDeleteValueW
CredFree

msasn1

ASN1BEREncBool
ASN1intx_free
ASN1BEREncOpenType
ASN1octetstring_free
ASN1BEREncEndOfContents
ASN1BERDecOctetString
ASN1BERDecObjectIdentifier
ASN1BERDecS32Val
ASN1ztcharstring_free
ASN1EncSetError
ASN1DecAlloc
ASN1BERDecPeekTag
ASN1intxisuint32
ASN1intx_setuint32
ASN1BERDecEndOfContents
ASN1BERDecOpenType2
ASN1BERDecGeneralizedTime
ASN1BEREncSX
ASN1BEREncCharString
ASN1BEREncOctetString
ASN1_CreateDecoder
ASN1BEREncU32
ASN1BERDecU32Val
ASN1charstring_free
ASN1BEREncObjectIdentifier
ASN1CEREncGeneralizedTime
ASN1BERDecZeroCharString
ASN1bitstring_free
ASN1intx2uint32
ASN1BERDecSkip
ASN1BEREncExplicitTag
ASN1BERDecExplicitTag
ASN1BERDecCharString
ASN1BERDecNotEndOfContents
ASN1objectidentifier_free
ASN1_CloseEncoder
ASN1intx2int32
ASN1BERDecSXVal
ASN1_CreateEncoder
ASN1_Encode
ASN1_FreeDecoded
ASN1_CreateModule
ASN1BEREncBitString
ASN1DecSetError
ASN1BERDecBitString
ASN1Free
ASN1BERDecBool
ASN1BEREncS32
ASN1_FreeEncoded
ASN1_Decode
ASN1_CloseDecoder

user32

CharLowerBuffW
wsprintfW

ntdll

RtlCreateTimerQueue
NtOpenEvent
NtOpenProcessToken
NtQuerySystemTime
RtlFreeAnsiString
RtlUniform
RtlCopyUnicodeString
RtlPrefixUnicodeString
NtAllocateLocallyUniqueId
RtlEqualUnicodeString
RtlEraseUnicodeString
RtlSubAuthorityCountSid
RtlGetElementGenericTable
RtlCopySid
RtlLengthSid
RtlConvertSharedToExclusive
RtlInsertElementGenericTableAvl
RtlInitializeSid
NtClose
RtlCreateTimer
RtlValidSid
RtlInitAnsiString
RtlSystemTimeToLocalTime
RtlVerifyVersionInfo
RtlInsertElementGenericTable
NtQuerySystemInformation
RtlInitializeResource
DbgPrint
RtlLookupElementGenericTableAvl
NtSetSecurityObject
RtlReleaseResource
RtlEqualDomainName
RtlAllocateAndInitializeSid
RtlEqualSid
NtCreateEvent
RtlFreeSid
RtlNtStatusToDosError
RtlInitializeGenericTable
RtlCompareUnicodeString
RtlCreateSecurityDescriptor
NtDuplicateObject
RtlFreeUnicodeString
RtlAddAccessAllowedAce
NtOpenThreadToken
RtlRegisterWait
RtlRunDecodeUnicodeString
RtlIntegerToUnicodeString
RtlDeleteCriticalSection
RtlUnicodeStringToAnsiString
RtlDeleteElementGenericTable
RtlDeregisterWait
RtlUpcaseUnicodeString
RtlAppendUnicodeStringToString
RtlLeaveCriticalSection
RtlOemStringToUnicodeString
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
RtlDeleteTimerQueue
RtlDeleteResource
NtAllocateVirtualMemory
RtlSubAuthoritySid
RtlAcquireResourceExclusive
RtlInitializeCriticalSection
NtWaitForSingleObject
RtlConvertSidToUnicodeString
RtlCompareMemory
RtlDowncaseUnicodeString
VerSetConditionMask
RtlSetDaclSecurityDescriptor
RtlInitializeGenericTableAvl
RtlTimeFieldsToTime
RtlTimeToTimeFields
NtQueryInformationToken
RtlLengthRequiredSid
RtlCreateAcl
RtlCopyLuid
RtlLookupElementGenericTable
RtlAcquireResourceShared

cryptdll

MD5Init
CDFindCommonCSystemWithKey
MD5Final
CDLocateCSystem
CDLocateCheckSum
MD5Update
CDGenerateRandomBits
CDBuildIntegrityVect

msvcrt

wcsspn
swprintf
_initterm
_ultoa
wcscpy
wcstoul
wcslen
sscanf
wcscat
strchr
sprintf
_strnicmp
wcscmp
_wcsicmp
free
wcsrchr
qsort
_strcmpi
_wcsnicmp
_vsnprintf
malloc
strrchr
_except_handler3
_stricmp
_adjust_fdiv

Sections

.text
Size: 242KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 928KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b707c17fb982616c2619d03a4ffe69c1

Headers

File Characteristics

Imports

kernel32

secur32

advapi32

msasn1

user32

ntdll

cryptdll

msvcrt

Sections

.text Size: 242KB - Virtual size: 241KB

.reloc Size: 512B - Virtual size: 24B

.data Size: 52KB - Virtual size: 928KB

.rsrc Size: 25KB - Virtual size: 25KB

.rdata Size: 96KB - Virtual size: 96KB

.text
Size: 242KB - Virtual size: 241KB

.reloc
Size: 512B - Virtual size: 24B

.data
Size: 52KB - Virtual size: 928KB

.rsrc
Size: 25KB - Virtual size: 25KB

.rdata
Size: 96KB - Virtual size: 96KB