3ae4154bd5a8977ffcf25696d5f162ff_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3ae4154bd5a8977ffcf25696d5f162ff_JaffaCakes118
Size

329KB
MD5

3ae4154bd5a8977ffcf25696d5f162ff
SHA1

93aa968fbc80439881b1783da06f62244064d2fb
SHA256

43b2e0687ea4b49123a50d7658c21be1e03e4e095c7b0aa737c485bec7241253
SHA512

72393461855a60f9be97e0160455ffd245270901612b0e65c652ba2bed4da1c2471534dfbf3deaa8628a73fc014b60cbff7db3d70b2454b9792977db8540f327
SSDEEP

6144:xHjsoG7ONIQeyhvjTVmNqtVfa1tdB95FrhjhaYsclNBzCIs:ZjvG7OuvO7TYqtVf0D5tbacNej

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ae4154bd5a8977ffcf25696d5f162ff_JaffaCakes118

Files

3ae4154bd5a8977ffcf25696d5f162ff_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c546069fdc121e6c80204132314ec0a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

secur32

CredMarshalTargetInfo
CredUnmarshalTargetInfo
FreeContextBuffer
LsaGetLogonSessionData
LsaFreeReturnBuffer

kernel32

CreateFileW
DisableThreadLibraryCalls
CreateEventW
InterlockedExchangeAdd
InterlockedDecrement
InterlockedExchange
UnregisterWait
SetEvent
FormatMessageW
OpenEventW
lstrlenA
GetCurrentThreadId
CloseHandle
GetComputerNameExW
lstrcmpiA
RegisterWaitForSingleObjectEx
GetModuleHandleW
GetModuleFileNameW
GetEnvironmentVariableW
lstrlenW
FileTimeToSystemTime
LoadLibraryW
WriteFile
GetSystemTimeAsFileTime
WideCharToMultiByte
ExpandEnvironmentStringsW
GetComputerNameW
GetCurrentProcessId
UnmapViewOfFile
DebugBreak
InterlockedCompareExchange
UnhandledExceptionFilter
lstrcpyW
DeleteCriticalSection
SetUnhandledExceptionFilter
MultiByteToWideChar
GetACP
TerminateProcess
GetProfileStringA
EnterCriticalSection
MapViewOfFileEx
LocalFree
QueryPerformanceCounter
GetLocalTime
GetTickCount
GetProcAddress
InitializeCriticalSection
OpenFileMappingW
Sleep
RaiseException
InterlockedIncrement
LeaveCriticalSection
GetModuleFileNameA
GetSystemInfo
GetLastError
GetCurrentProcess
lstrcmpW
CreateFileMappingW
CreateFileA
FreeLibrary
LoadLibraryA
OutputDebugStringA
LocalAlloc
VirtualAlloc
GetCurrentThread

ntdll

NtOpenEvent
RtlSetDaclSecurityDescriptor
RtlConvertSharedToExclusive
RtlTimeFieldsToTime
RtlVerifyVersionInfo
RtlTimeToTimeFields
RtlCopyLuid
RtlAppendUnicodeStringToString
NtClose
NtQueryInformationToken
RtlLeaveCriticalSection
RtlSystemTimeToLocalTime
RtlInitializeCriticalSection
NtAllocateVirtualMemory
RtlEqualUnicodeString
NtAllocateLocallyUniqueId
RtlCreateTimer
RtlLookupElementGenericTableAvl
RtlInitUnicodeString
RtlLengthSid
RtlEqualSid
RtlAcquireResourceShared
RtlDeleteElementGenericTable
RtlConvertSidToUnicodeString
RtlFreeAnsiString
VerSetConditionMask
RtlNtStatusToDosError
NtQuerySystemTime
RtlEqualDomainName
RtlInitializeSid
RtlValidSid
RtlCopySid
RtlOemStringToUnicodeString
RtlAnsiStringToUnicodeString
RtlCreateTimerQueue
NtWaitForSingleObject
NtOpenProcessToken
DbgPrint
RtlLengthRequiredSid
RtlInsertElementGenericTable
RtlInitializeGenericTable
RtlUpcaseUnicodeString
RtlCompareUnicodeString
RtlInitializeGenericTableAvl
NtDuplicateObject
RtlCreateSecurityDescriptor
RtlEnterCriticalSection
RtlLookupElementGenericTable
NtQuerySystemInformation
RtlGetElementGenericTable
RtlAcquireResourceExclusive
NtOpenThreadToken
RtlDowncaseUnicodeString
NtCreateEvent
RtlInitAnsiString
RtlDeleteCriticalSection
RtlAddAccessAllowedAce
RtlDeleteTimerQueue
RtlCompareMemory
RtlUnicodeStringToAnsiString
RtlRunDecodeUnicodeString
RtlIntegerToUnicodeString
RtlPrefixUnicodeString
RtlInitializeResource
RtlFreeSid
RtlSubAuthorityCountSid
RtlFreeUnicodeString
RtlRegisterWait
RtlAllocateAndInitializeSid
RtlCreateAcl
RtlReleaseResource
RtlCopyUnicodeString
RtlUniform
RtlInsertElementGenericTableAvl
RtlEraseUnicodeString
NtSetSecurityObject
RtlDeregisterWait
RtlDeleteResource

user32

wsprintfW
CharLowerBuffW

cryptdll

MD5Update
CDBuildIntegrityVect
MD5Final
CDLocateCheckSum
CDLocateCSystem
CDFindCommonCSystemWithKey
MD5Init
CDGenerateRandomBits

advapi32

RegisterTraceGuidsW
RegQueryValueExW
GetTraceLoggerHandle
OpenSCManagerW
LookupAccountSidW
ReportEventW
QueryServiceConfigW
TraceEvent
CryptGetHashParam
CryptReleaseContext
RegCreateKeyExW
OpenProcessToken
RegOpenKeyW
RegQueryInfoKeyW
RegEnumKeyExW
FreeSid
RegDeleteValueW
RegOpenKeyExW
OpenThreadToken
RegNotifyChangeKeyValue
CredFree
CryptGetProvParam
RegSetValueExW
SystemFunction006
CryptDestroyHash
QueryServiceStatus
DeregisterEventSource
CryptAcquireContextW
RevertToSelf
CryptHashData
OpenServiceW
AllocateAndInitializeSid
RegCloseKey
CryptSetProvParam
RegConnectRegistryW
SetThreadToken
CryptCreateHash
CredUnmarshalCredentialW
RegisterEventSourceW
GetTokenInformation
CloseServiceHandle
SystemFunction007

msvcrt

free
_initterm
swprintf
wcstoul
wcscpy
wcsrchr
qsort
sscanf
_wcsicmp
strchr
_strcmpi
_strnicmp
_stricmp
wcscat
wcscmp
wcslen
_ultoa
_wcsnicmp
sprintf
_adjust_fdiv
_vsnprintf
_except_handler3
strrchr
wcsspn
malloc

msasn1

ASN1BEREncEndOfContents
ASN1BEREncBitString
ASN1BERDecExplicitTag
ASN1CEREncGeneralizedTime
ASN1bitstring_free
ASN1_CloseDecoder
ASN1intx2uint32
ASN1_CreateDecoder
ASN1BEREncU32
ASN1BEREncOctetString
ASN1BERDecSkip
ASN1_CreateModule
ASN1BEREncSX
ASN1_Encode
ASN1Free
ASN1BERDecGeneralizedTime
ASN1intx_free
ASN1DecSetError
ASN1intx_setuint32
ASN1_CloseEncoder
ASN1BERDecOctetString
ASN1BERDecZeroCharString
ASN1BEREncCharString
ASN1_FreeDecoded
ASN1BEREncOpenType
ASN1BERDecEndOfContents
ASN1BERDecNotEndOfContents
ASN1charstring_free
ASN1BERDecU32Val
ASN1_Decode
ASN1octetstring_free
ASN1BERDecSXVal
ASN1BEREncS32
ASN1BERDecOpenType2
ASN1BEREncBool
ASN1BERDecS32Val
ASN1BERDecPeekTag
ASN1BERDecCharString
ASN1BERDecBitString
ASN1EncSetError
ASN1ztcharstring_free
ASN1BERDecObjectIdentifier
ASN1_FreeEncoded
ASN1DecAlloc
ASN1BEREncObjectIdentifier
ASN1BEREncExplicitTag
ASN1_CreateEncoder
ASN1objectidentifier_free
ASN1intx2int32
ASN1BERDecBool
ASN1intxisuint32

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c546069fdc121e6c80204132314ec0a6

Headers

DLL Characteristics

File Characteristics

Imports

secur32

kernel32

ntdll

user32

cryptdll

advapi32

msvcrt

msasn1

Sections

.text Size: 18KB - Virtual size: 17KB

.data Size: 9KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 36KB - Virtual size: 36KB

.rdata Size: 264KB - Virtual size: 263KB

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 9KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 36KB - Virtual size: 36KB

.rdata
Size: 264KB - Virtual size: 263KB