3ae1e0484f763eed317f022786545ade_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3ae1e0484f763eed317f022786545ade_JaffaCakes118
Size

53KB
MD5

3ae1e0484f763eed317f022786545ade
SHA1

a989a8ca26510728ed1645acb0a7d7741c9be20f
SHA256

cb65af03a14072d6946159f9d82d7bdc452bf5c633956abc93b32e14487d7afa
SHA512

3ddc7905aaabd1aafa5b17577924553227db382c124d305aa83576fefba4143595cadfd2061ae99684cc47403b923723e0f67d417a07e3ef26f0d1144682ea0b
SSDEEP

768:hWPdXGtW+HuucCkHG/92Cmr+nKg5y4DHIBnZBXdWWDZ5YyQ6GajF1Wu:oh9Zw2CLnKg5poBnr0CZ5M6pjfT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ae1e0484f763eed317f022786545ade_JaffaCakes118

Files

3ae1e0484f763eed317f022786545ade_JaffaCakes118
.exe windows:4 windows x86 arch:x86

29761038de737d5bce44b24e8364c07a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

cryptdll

MD5Init
MD5Final
CDFindCommonCSystemWithKey
CDBuildIntegrityVect
CDLocateCheckSum
CDGenerateRandomBits
CDLocateCSystem
MD5Update

advapi32

DeregisterEventSource
OpenServiceW
GetTokenInformation
CryptReleaseContext
CryptHashData
QueryServiceConfigW
RegQueryValueExW
RegOpenKeyW
CryptSetProvParam
ReportEventW
CryptAcquireContextW
CredUnmarshalCredentialW
RegisterEventSourceW
RegOpenKeyExW
RegCreateKeyExW
CryptGetHashParam
RegNotifyChangeKeyValue
SystemFunction007
CredFree
RegEnumKeyExW
RevertToSelf
TraceEvent
FreeSid
RegQueryInfoKeyW
RegConnectRegistryW
LookupAccountSidW
RegCloseKey
CryptGetProvParam
CryptCreateHash
OpenThreadToken
SetThreadToken
OpenProcessToken
SystemFunction006
CryptDestroyHash
RegisterTraceGuidsW
RegDeleteValueW
QueryServiceStatus
AllocateAndInitializeSid
OpenSCManagerW
RegSetValueExW
GetTraceLoggerHandle
CloseServiceHandle

ntdll

NtOpenThreadToken
RtlAllocateAndInitializeSid
RtlNtStatusToDosError
RtlSubAuthoritySid
RtlLengthRequiredSid
RtlInsertElementGenericTable
RtlCompareMemory
RtlInsertElementGenericTableAvl
RtlRegisterWait
RtlInitializeGenericTableAvl
NtSetSecurityObject
RtlSubAuthorityCountSid
RtlTimeToTimeFields
RtlEraseUnicodeString
RtlInitializeResource
RtlUniform
RtlCopyUnicodeString
RtlAddAccessAllowedAce
RtlAppendUnicodeStringToString
RtlDeleteElementGenericTable
RtlVerifyVersionInfo
RtlPrefixUnicodeString
RtlInitializeCriticalSection
RtlCompareUnicodeString
NtCreateEvent
RtlAcquireResourceShared
RtlOemStringToUnicodeString
RtlCopySid
RtlInitializeSid
NtQuerySystemTime
RtlDeleteTimerQueue
RtlLeaveCriticalSection
RtlFreeUnicodeString
RtlReleaseResource
NtAllocateLocallyUniqueId
NtAllocateVirtualMemory
RtlInitAnsiString
RtlDeleteCriticalSection
NtOpenEvent
RtlInitializeGenericTable
NtOpenProcessToken
RtlRunDecodeUnicodeString
RtlCopyLuid
RtlFreeSid
RtlEqualUnicodeString
RtlDeleteResource
RtlSetDaclSecurityDescriptor
RtlIntegerToUnicodeString
RtlUpcaseUnicodeString
RtlCreateTimerQueue
DbgPrint
RtlEqualDomainName
RtlEqualSid
RtlGetElementGenericTable
RtlConvertSidToUnicodeString
RtlCreateSecurityDescriptor
NtClose
RtlConvertSharedToExclusive
RtlLengthSid
RtlCreateAcl
RtlEnterCriticalSection
RtlTimeFieldsToTime
RtlFreeAnsiString
RtlAnsiStringToUnicodeString
RtlCreateTimer
RtlLookupElementGenericTable
NtQueryInformationToken
NtQuerySystemInformation
NtDuplicateObject
RtlSystemTimeToLocalTime
RtlLookupElementGenericTableAvl
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
RtlDowncaseUnicodeString
RtlDeregisterWait
NtWaitForSingleObject
VerSetConditionMask
RtlValidSid

secur32

FreeContextBuffer
CredUnmarshalTargetInfo
CredMarshalTargetInfo
LsaGetLogonSessionData
LsaFreeReturnBuffer

msasn1

ASN1BEREncBool
ASN1BERDecSkip
ASN1intx_free
ASN1_Encode
ASN1BERDecNotEndOfContents
ASN1BEREncBitString
ASN1BERDecBitString
ASN1intx2int32
ASN1BERDecU32Val
ASN1BERDecPeekTag
ASN1octetstring_free
ASN1_FreeDecoded
ASN1objectidentifier_free
ASN1BERDecEndOfContents
ASN1_Decode
ASN1BERDecExplicitTag
ASN1Free
ASN1BERDecBool
ASN1BERDecZeroCharString
ASN1_CloseEncoder
ASN1DecSetError
ASN1bitstring_free
ASN1intxisuint32
ASN1BEREncCharString
ASN1BEREncSX
ASN1_CreateModule
ASN1intx2uint32
ASN1BERDecObjectIdentifier
ASN1intx_setuint32
ASN1BERDecSXVal
ASN1EncSetError
ASN1BERDecCharString
ASN1BEREncOpenType
ASN1BEREncExplicitTag
ASN1BEREncOctetString
ASN1BERDecGeneralizedTime
ASN1BERDecOpenType2
ASN1_CreateDecoder
ASN1ztcharstring_free
ASN1BEREncEndOfContents
ASN1BERDecS32Val
ASN1DecAlloc
ASN1_FreeEncoded
ASN1BEREncObjectIdentifier
ASN1BEREncU32
ASN1CEREncGeneralizedTime
ASN1_CreateEncoder
ASN1BEREncS32
ASN1_CloseDecoder
ASN1charstring_free
ASN1BERDecOctetString

msvcrt

wcscmp
sscanf
wcslen
_strnicmp
wcscat
wcscpy
wcsrchr
sprintf
strchr
_strcmpi
_ultoa
_initterm
wcsspn
_adjust_fdiv
_vsnprintf
_stricmp
malloc
wcstoul
qsort
_except_handler3
_wcsnicmp
free
_wcsicmp
strrchr
swprintf

kernel32

InterlockedIncrement
WriteFile
UnhandledExceptionFilter
SetEvent
GetLocalTime
QueryPerformanceCounter
RegisterWaitForSingleObjectEx
lstrlenA
VirtualAlloc
GetLastError
InterlockedCompareExchange
InterlockedExchangeAdd
ExpandEnvironmentStringsW
InitializeCriticalSection
GetComputerNameExW
LocalFree
DeleteCriticalSection
CreateFileW
GetProfileStringA
LoadLibraryA
CloseHandle
GetProcAddress
GetCurrentProcess
DisableThreadLibraryCalls
GetCurrentThreadId
GetSystemInfo
lstrlenW
TerminateProcess
GetACP
GetModuleFileNameW
CreateFileA
GetModuleFileNameA
GetModuleHandleW
OpenFileMappingW
MapViewOfFileEx
FormatMessageW
SetUnhandledExceptionFilter
lstrcpyW
GetCurrentThread
GetEnvironmentVariableW
CreateEventW
lstrcmpiA
InterlockedDecrement
GetComputerNameW
LeaveCriticalSection
UnregisterWait
CreateFileMappingW
UnmapViewOfFile
WideCharToMultiByte
DebugBreak
LoadLibraryW
GetSystemTimeAsFileTime
GetTickCount
FileTimeToSystemTime
Sleep
MultiByteToWideChar
lstrcmpW
GetCurrentProcessId
FreeLibrary
OpenEventW
EnterCriticalSection
LocalAlloc
InterlockedExchange
OutputDebugStringA
RaiseException

user32

wsprintfW
CharLowerBuffW

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 984KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 365KB - Virtual size: 365KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

29761038de737d5bce44b24e8364c07a

Headers

File Characteristics

Imports

cryptdll

advapi32

ntdll

secur32

msasn1

msvcrt

kernel32

user32

Sections

.text Size: 31KB - Virtual size: 31KB

.reloc Size: 512B - Virtual size: 20B

.data Size: 23KB - Virtual size: 984KB

.rsrc Size: 46KB - Virtual size: 45KB

.rdata Size: 365KB - Virtual size: 365KB

.text
Size: 31KB - Virtual size: 31KB

.reloc
Size: 512B - Virtual size: 20B

.data
Size: 23KB - Virtual size: 984KB

.rsrc
Size: 46KB - Virtual size: 45KB

.rdata
Size: 365KB - Virtual size: 365KB