3a9fbba4b915778be2365223e9b92750_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3a9fbba4b915778be2365223e9b92750_JaffaCakes118
Size

329KB
MD5

3a9fbba4b915778be2365223e9b92750
SHA1

dac137b072401815918690e695c75bdf25e74eec
SHA256

c8dcefd31db87c63403746b058f65b63cb314b0d6127f73dddf5679814b70015
SHA512

ed73008b0bfd418721cc0c1f5fd4671bf5b253d211918742831b797f4b469e45bd7a836a10e9209d8e18e64fd0f626dec6de9a2e4170d0f96d30e4595008b451
SSDEEP

6144:zmYDQ+MofaDUR5HCTDVd/9tvbBeFcC+G9SvgMky1wjjwRVLpQT:HDfPbR5HCTDV3FMiClcYKlQT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a9fbba4b915778be2365223e9b92750_JaffaCakes118

Files

3a9fbba4b915778be2365223e9b92750_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ea4868e27e387ecb42ac8a4dd2344303

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlUniform
RtlCompareUnicodeString
RtlFreeAnsiString
RtlEnterCriticalSection
RtlEqualUnicodeString
NtAllocateLocallyUniqueId
RtlAcquireResourceShared
NtSetSecurityObject
RtlRunDecodeUnicodeString
RtlConvertSidToUnicodeString
RtlReleaseResource
RtlInsertElementGenericTableAvl
RtlCompareMemory
RtlCopyLuid
RtlCreateTimerQueue
NtDuplicateObject
RtlDeleteTimerQueue
RtlInsertElementGenericTable
RtlValidSid
RtlAcquireResourceExclusive
RtlFreeUnicodeString
RtlLookupElementGenericTable
NtQueryInformationToken
NtOpenEvent
RtlEraseUnicodeString
DbgPrint
NtOpenThreadToken
RtlGetElementGenericTable
NtClose
RtlUpcaseUnicodeString
RtlConvertSharedToExclusive
RtlLeaveCriticalSection
RtlPrefixUnicodeString
NtQuerySystemInformation
RtlNtStatusToDosError
RtlIntegerToUnicodeString
RtlInitializeSid
RtlVerifyVersionInfo
RtlTimeFieldsToTime
RtlFreeSid
RtlAnsiStringToUnicodeString
RtlSetDaclSecurityDescriptor
RtlInitializeGenericTable
RtlDeleteResource
NtAllocateVirtualMemory
RtlSubAuthoritySid
RtlRegisterWait
RtlLengthSid
RtlCopyUnicodeString
RtlAddAccessAllowedAce
RtlDeregisterWait
RtlDeleteCriticalSection
RtlTimeToTimeFields
RtlSystemTimeToLocalTime
RtlAppendUnicodeStringToString
RtlCreateTimer
NtOpenProcessToken
NtCreateEvent
RtlCreateAcl
NtQuerySystemTime
RtlDeleteElementGenericTable
RtlInitAnsiString
RtlInitializeResource
RtlEqualSid
VerSetConditionMask
RtlUnicodeStringToAnsiString
RtlLengthRequiredSid
RtlCopySid
RtlLookupElementGenericTableAvl
RtlInitUnicodeString
NtWaitForSingleObject
RtlAllocateAndInitializeSid
RtlEqualDomainName
RtlInitializeCriticalSection
RtlInitializeGenericTableAvl
RtlDowncaseUnicodeString
RtlSubAuthorityCountSid
RtlOemStringToUnicodeString

secur32

LsaFreeReturnBuffer
CredUnmarshalTargetInfo
LsaGetLogonSessionData
CredMarshalTargetInfo
FreeContextBuffer

user32

CharLowerBuffW
wsprintfW

cryptdll

CDFindCommonCSystemWithKey
MD5Final
CDLocateCheckSum
CDGenerateRandomBits
MD5Init
CDBuildIntegrityVect
CDLocateCSystem
MD5Update

msasn1

ASN1BERDecGeneralizedTime
ASN1_FreeDecoded
ASN1Free
ASN1BERDecExplicitTag
ASN1intx_free
ASN1BEREncBool
ASN1BEREncEndOfContents
ASN1_CreateEncoder
ASN1objectidentifier_free
ASN1_CreateDecoder
ASN1intx2int32
ASN1BEREncOpenType
ASN1_CreateModule
ASN1octetstring_free
ASN1BERDecBool
ASN1_Decode
ASN1charstring_free
ASN1_FreeEncoded
ASN1intxisuint32
ASN1intx_setuint32
ASN1BEREncS32
ASN1intx2uint32
ASN1_CloseDecoder
ASN1_CloseEncoder
ASN1BEREncSX
ASN1BERDecOpenType2
ASN1ztcharstring_free
ASN1BERDecObjectIdentifier
ASN1BEREncObjectIdentifier
ASN1BERDecS32Val
ASN1BERDecNotEndOfContents
ASN1BERDecPeekTag
ASN1CEREncGeneralizedTime
ASN1BERDecBitString
ASN1DecSetError
ASN1BEREncOctetString
ASN1EncSetError
ASN1BERDecCharString
ASN1BERDecU32Val
ASN1BERDecSXVal
ASN1BEREncU32
ASN1BERDecOctetString
ASN1BEREncBitString
ASN1_Encode
ASN1BERDecSkip
ASN1BEREncExplicitTag
ASN1bitstring_free
ASN1BERDecZeroCharString
ASN1BERDecEndOfContents
ASN1DecAlloc
ASN1BEREncCharString

advapi32

RegDeleteValueW
RegQueryValueExW
GetTokenInformation
CryptGetProvParam
GetTraceLoggerHandle
RegEnumKeyExW
RegSetValueExW
RegisterEventSourceW
CryptGetHashParam
QueryServiceConfigW
LookupAccountSidW
RegCreateKeyExW
RevertToSelf
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptSetProvParam
OpenServiceW
RegConnectRegistryW
RegisterTraceGuidsW
CryptAcquireContextW
SetThreadToken
TraceEvent
CryptReleaseContext
AllocateAndInitializeSid
RegOpenKeyW
SystemFunction007
RegOpenKeyExW
CredFree
RegNotifyChangeKeyValue
ReportEventW
RegCloseKey
SystemFunction006
CloseServiceHandle
OpenSCManagerW
RegQueryInfoKeyW
OpenThreadToken
OpenProcessToken
QueryServiceStatus
FreeSid
DeregisterEventSource
CredUnmarshalCredentialW

kernel32

CreateEventW
LocalFree
VirtualAlloc
lstrlenW
CreateFileW
FileTimeToSystemTime
OpenEventW
GetModuleFileNameW
InterlockedExchange
LoadLibraryW
DisableThreadLibraryCalls
MultiByteToWideChar
lstrcmpW
lstrcmpiA
MapViewOfFileEx
DeleteCriticalSection
lstrcpyW
LocalAlloc
GetComputerNameW
GetTickCount
DebugBreak
UnregisterWait
InterlockedExchangeAdd
CreateFileMappingW
RaiseException
EnterCriticalSection
GetCurrentThreadId
lstrlenA
UnhandledExceptionFilter
FormatMessageW
LoadLibraryA
GetACP
InterlockedCompareExchange
OpenFileMappingW
GetComputerNameExW
LeaveCriticalSection
OutputDebugStringA
GetSystemTimeAsFileTime
GetLastError
GetProcAddress
InterlockedDecrement
SetUnhandledExceptionFilter
GetProfileStringA
GetModuleHandleW
GetModuleFileNameA
CloseHandle
ExpandEnvironmentStringsW
GetSystemInfo
TerminateProcess
FreeLibrary
WideCharToMultiByte
InterlockedIncrement
GetCurrentThread
GetLocalTime
GetEnvironmentVariableW
UnmapViewOfFile
WriteFile
GetCurrentProcessId
GetCurrentProcess
SetEvent
CreateFileA
Sleep
RegisterWaitForSingleObjectEx
InitializeCriticalSection
QueryPerformanceCounter

msvcrt

qsort
_wcsnicmp
_adjust_fdiv
free
strrchr
_stricmp
malloc
wcstoul
_strnicmp
_ultoa
_initterm
wcsspn
sscanf
wcsrchr
strchr
sprintf
wcscmp
wcscpy
wcscat
_wcsicmp
_vsnprintf
wcslen
swprintf
_strcmpi
_except_handler3

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ea4868e27e387ecb42ac8a4dd2344303

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

secur32

user32

cryptdll

msasn1

advapi32

kernel32

msvcrt

Sections

.text Size: 18KB - Virtual size: 17KB

.data Size: 9KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 36KB - Virtual size: 36KB

.rdata Size: 264KB - Virtual size: 263KB

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 9KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 36KB - Virtual size: 36KB

.rdata
Size: 264KB - Virtual size: 263KB