314b9f1ccfc7b9a15a51f3fd8786d463_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

314b9f1ccfc7b9a15a51f3fd8786d463_JaffaCakes118
Size

329KB
MD5

314b9f1ccfc7b9a15a51f3fd8786d463
SHA1

a780c9ad34bde1e397f19f80d215568426322403
SHA256

1717c1d598f15886e9bb58d11ca76c09def6fe8d4ffcaa704bc30883150838df
SHA512

b7f7aa68741c95550ae059e9c8f201dff40a3821f08cbf55628e11020ffe8c5929a858e76de91c0e6666f1721f47da45fae03c23b7caccc7c6636774b7b5e1bf
SSDEEP

6144:ZAvoyo+YwlKKi9lZyGCAELt0GZYnRnwM5g/+FnIzqARsCvxXM:Yq+YwlKKi9lZhCAEiGaRn/iGQ3xX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
314b9f1ccfc7b9a15a51f3fd8786d463_JaffaCakes118

Files

314b9f1ccfc7b9a15a51f3fd8786d463_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0e7636b0d3c85607e0a326d5e87e48ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringA
lstrlenW
RaiseException
GetComputerNameExW
lstrcpyW
GetSystemTimeAsFileTime
GetCurrentProcess
CloseHandle
CreateFileMappingW
LoadLibraryA
OpenFileMappingW
GetProfileStringA
OpenEventW
FreeLibrary
MapViewOfFileEx
WriteFile
GetModuleFileNameA
QueryPerformanceCounter
GetLastError
SetEvent
GetTickCount
InterlockedCompareExchange
UnmapViewOfFile
GetCurrentThread
GetModuleHandleW
CreateFileW
DebugBreak
RegisterWaitForSingleObjectEx
UnhandledExceptionFilter
MultiByteToWideChar
EnterCriticalSection
LocalFree
GetComputerNameW
TerminateProcess
LoadLibraryW
LeaveCriticalSection
GetSystemInfo
GetCurrentProcessId
FormatMessageW
DisableThreadLibraryCalls
LocalAlloc
CreateEventW
WideCharToMultiByte
GetCurrentThreadId
SetUnhandledExceptionFilter
GetACP
lstrcmpiA
UnregisterWait
Sleep
InitializeCriticalSection
InterlockedExchangeAdd
DeleteCriticalSection
InterlockedExchange
CreateFileA
InterlockedDecrement
InterlockedIncrement
lstrlenA
GetLocalTime
VirtualAlloc
FileTimeToSystemTime
GetModuleFileNameW
lstrcmpW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
GetProcAddress

secur32

CredUnmarshalTargetInfo
LsaGetLogonSessionData
CredMarshalTargetInfo
FreeContextBuffer
LsaFreeReturnBuffer

user32

wsprintfW
CharLowerBuffW

msvcrt

wcslen
_stricmp
_except_handler3
wcsrchr
wcscpy
_initterm
_wcsnicmp
sscanf
free
qsort
_wcsicmp
_strnicmp
_strcmpi
swprintf
wcstoul
wcscmp
strrchr
_vsnprintf
_ultoa
_adjust_fdiv
wcscat
strchr
wcsspn
malloc
sprintf

cryptdll

MD5Update
CDBuildIntegrityVect
MD5Init
CDFindCommonCSystemWithKey
CDGenerateRandomBits
MD5Final
CDLocateCheckSum
CDLocateCSystem

advapi32

RegNotifyChangeKeyValue
OpenProcessToken
RegEnumKeyExW
CryptReleaseContext
OpenSCManagerW
CredFree
RegOpenKeyExW
SystemFunction007
RegQueryValueExW
CryptGetProvParam
RegCloseKey
CryptAcquireContextW
SystemFunction006
CryptHashData
CryptGetHashParam
ReportEventW
RegisterEventSourceW
RegOpenKeyW
DeregisterEventSource
FreeSid
RegCreateKeyExW
RegisterTraceGuidsW
RevertToSelf
GetTokenInformation
CredUnmarshalCredentialW
CryptDestroyHash
TraceEvent
QueryServiceStatus
OpenThreadToken
CryptSetProvParam
SetThreadToken
QueryServiceConfigW
LookupAccountSidW
RegQueryInfoKeyW
CloseServiceHandle
CryptCreateHash
RegSetValueExW
RegConnectRegistryW
GetTraceLoggerHandle
AllocateAndInitializeSid
RegDeleteValueW
OpenServiceW

msasn1

ASN1_CloseDecoder
ASN1BERDecU32Val
ASN1bitstring_free
ASN1BERDecS32Val
ASN1BERDecOctetString
ASN1BERDecExplicitTag
ASN1BERDecGeneralizedTime
ASN1BEREncOctetString
ASN1BEREncS32
ASN1BERDecEndOfContents
ASN1octetstring_free
ASN1intxisuint32
ASN1BEREncBitString
ASN1intx2int32
ASN1BEREncExplicitTag
ASN1BERDecZeroCharString
ASN1BERDecSkip
ASN1BEREncU32
ASN1DecSetError
ASN1BERDecPeekTag
ASN1BERDecBitString
ASN1BEREncOpenType
ASN1BERDecSXVal
ASN1_Encode
ASN1DecAlloc
ASN1ztcharstring_free
ASN1_Decode
ASN1BERDecOpenType2
ASN1_CreateDecoder
ASN1BERDecCharString
ASN1_CreateModule
ASN1EncSetError
ASN1BEREncCharString
ASN1Free
ASN1BERDecObjectIdentifier
ASN1BEREncObjectIdentifier
ASN1_FreeEncoded
ASN1intx_free
ASN1_CreateEncoder
ASN1CEREncGeneralizedTime
ASN1BERDecBool
ASN1BEREncSX
ASN1objectidentifier_free
ASN1_FreeDecoded
ASN1_CloseEncoder
ASN1BEREncBool
ASN1charstring_free
ASN1intx_setuint32
ASN1BEREncEndOfContents
ASN1intx2uint32
ASN1BERDecNotEndOfContents

ntdll

RtlSystemTimeToLocalTime
NtDuplicateObject
RtlPrefixUnicodeString
NtSetSecurityObject
RtlLengthRequiredSid
NtClose
RtlCreateAcl
RtlDeleteCriticalSection
RtlConvertSharedToExclusive
NtQuerySystemTime
RtlTimeFieldsToTime
RtlEqualDomainName
RtlLookupElementGenericTableAvl
RtlInitializeGenericTable
RtlTimeToTimeFields
RtlDowncaseUnicodeString
RtlDeregisterWait
RtlInitializeSid
RtlAppendUnicodeStringToString
RtlSubAuthorityCountSid
RtlOemStringToUnicodeString
RtlReleaseResource
RtlConvertSidToUnicodeString
RtlInitializeGenericTableAvl
RtlEraseUnicodeString
NtQueryInformationToken
RtlLeaveCriticalSection
NtOpenEvent
RtlEqualSid
RtlSubAuthoritySid
RtlInsertElementGenericTable
RtlNtStatusToDosError
RtlUpcaseUnicodeString
RtlCopySid
RtlAnsiStringToUnicodeString
RtlAllocateAndInitializeSid
RtlAcquireResourceShared
RtlCreateTimerQueue
RtlCreateTimer
NtQuerySystemInformation
NtOpenProcessToken
RtlUniform
VerSetConditionMask
NtAllocateVirtualMemory
RtlDeleteResource
RtlAcquireResourceExclusive
RtlCompareMemory
RtlInitializeResource
RtlEqualUnicodeString
NtAllocateLocallyUniqueId
RtlInitAnsiString
RtlSetDaclSecurityDescriptor
RtlLengthSid
RtlFreeUnicodeString
RtlInitializeCriticalSection
RtlFreeSid
RtlLookupElementGenericTable
NtWaitForSingleObject
RtlInsertElementGenericTableAvl
RtlIntegerToUnicodeString
RtlEnterCriticalSection
RtlInitUnicodeString
RtlCreateSecurityDescriptor
RtlUnicodeStringToAnsiString
RtlCompareUnicodeString
RtlDeleteElementGenericTable
NtOpenThreadToken
DbgPrint
NtCreateEvent
RtlAddAccessAllowedAce
RtlRunDecodeUnicodeString
RtlDeleteTimerQueue
RtlCopyLuid
RtlGetElementGenericTable
RtlVerifyVersionInfo
RtlCopyUnicodeString
RtlFreeAnsiString
RtlValidSid

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0e7636b0d3c85607e0a326d5e87e48ec

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

secur32

user32

msvcrt

cryptdll

advapi32

msasn1

ntdll

Sections

.text Size: 18KB - Virtual size: 17KB

.data Size: 9KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 36KB - Virtual size: 36KB

.rdata Size: 264KB - Virtual size: 263KB

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 9KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 36KB - Virtual size: 36KB

.rdata
Size: 264KB - Virtual size: 263KB