3f2f00c7b74e4237c7f709826cbe5723_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3f2f00c7b74e4237c7f709826cbe5723_JaffaCakes118
Size

352KB
MD5

3f2f00c7b74e4237c7f709826cbe5723
SHA1

a955c477d9c2dbd85d4384942d6573b93d5ad285
SHA256

252567d3d167d9310d1c29ab8d46fae8845a19745f2f66abfd18fe4eec832652
SHA512

409dc9d77c4aaddb1ccc6cb852edb5de7a0b960d9e63a9c726b2682b54ddd8efe5bd58f84fe996e5c69f44697dc74f2ac53707e74becdbffbdd945fb5f8ffa84
SSDEEP

6144:OgyjQj+yTvn+B0M9sxE5reib94hcmYZWLU3TED1wOoTwAZ1AmU4dqC90D8Rx:mje/Tn+Hsm5reibtmYZWLUAvoMATAf4N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f2f00c7b74e4237c7f709826cbe5723_JaffaCakes118

Files

3f2f00c7b74e4237c7f709826cbe5723_JaffaCakes118
.exe windows:5 windows x86 arch:x86

45a6cbf39b5f9303a132f099b074a5cc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

secur32

ApplyControlToken
LsaCallAuthenticationPackage
LsaFreeReturnBuffer
LsaConnectUntrusted
LsaLookupAuthenticationPackage

msvcrt

wcschr
_except_handler3
wcslen
wcscat
iswctype
memmove
wcscpy
_ltow
wcscmp
time
free
_initterm
malloc
_adjust_fdiv
_ultoa
_ltoa

msasn1

ASN1CEREncNewBlkElement
ASN1_FreeDecoded
ASN1CEREncBeginBlk
ASN1CEREncFlushBlkElement
ASN1CEREncEndBlk
ASN1_FreeEncoded
ASN1_SetEncoderOption
ASN1_Decode
ASN1_Encode
ASN1octetstring_free
ASN1BERDecOctetString
ASN1intx_free
ASN1BERDecS32Val
ASN1BERDecSXVal
ASN1BEREncS32
ASN1BEREncSX
ASN1BERDecObjectIdentifier2
ASN1BEREncObjectIdentifier2
ASN1open_free
ASN1Free
ASN1BERDecExplicitTag
ASN1BERDecNotEndOfContents
ASN1BERDecPeekTag
ASN1DecRealloc
ASN1BERDecOpenType
ASN1BERDecEndOfContents
ASN1BEREncExplicitTag
ASN1BEREncOpenType
ASN1BEREncEndOfContents
ASN1BERDecBitString2
ASN1_CloseModule
ASN1_CreateModule
ASN1BEREncOctetString
ASN1BEREncBitString

crypt32

CryptSignAndEncodeCertificate
CertFindChainInStore
CryptEncodeObject
CryptDecodeObject
I_CryptUninstallAsn1Module
I_CryptInstallAsn1Module
CryptInstallOIDFunctionAddress
I_CryptGetAsn1Decoder
I_CryptGetAsn1Encoder
CertDuplicateCertificateContext
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertGetEnhancedKeyUsage
CertVerifyCertificateChainPolicy
CertOpenSystemStoreA
CertAddStoreToCollection
CertEnumCTLsInStore
CertAddEncodedCertificateToStore
CertGetCertificateContextProperty
CertSerializeCertificateStoreElement
CertSaveStore
CertFreeCertificateChain
CertCompareCertificateName
CertGetCertificateChain
CryptDecodeObjectEx
CertGetNameStringW
CertFindCertificateInStore
CertOpenStore
CertAddSerializedElementToStore
CertCloseStore
CertNameToStrW
CertCreateCertificateContext
CertNameToStrA
CertFreeCertificateContext
CertDuplicateStore
CertControlStore

advapi32

AllocateLocallyUniqueId
CryptAcquireContextA
CryptAcquireContextW
CryptReleaseContext
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CryptDestroyHash
CryptSetHashParam
CryptCreateHash
RevertToSelf
CredFree
CredUnmarshalCredentialW
CredIsMarshaledCredentialW
CryptSignHashW
CryptHashData
RegSetValueExW
RegQueryValueExW
RegCreateKeyExA
RegCreateKeyExW
RegOpenKeyExW
RegNotifyChangeKeyValue
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegFlushKey
CryptGenRandom
CryptExportKey
CryptDestroyKey
CryptImportKey
MD5Final
MD5Update
MD5Init
CryptGenKey
CryptGetKeyParam
CryptDuplicateKey
A_SHAFinal
A_SHAUpdate
A_SHAInit
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenThreadToken
CryptGetProvParam
CryptDecrypt
CryptDeriveKey
CryptDuplicateHash
CryptEncrypt
CryptGetUserKey
CryptHashSessionKey
CryptSetKeyParam
CryptSignHashA
CryptVerifySignatureA
CryptGetHashParam

kernel32

LocalReAlloc
InitializeCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
EnterCriticalSection
DeleteCriticalSection
lstrcmpiA
lstrlenA
CreateEventA
RegisterWaitForSingleObject
UnregisterWaitEx
SetEvent
ResetEvent
GetTickCount
FormatMessageW
CreateEventW
OpenProcess
GetCurrentProcess
VirtualAlloc
InterlockedDecrement
lstrcpyW
DisableThreadLibraryCalls
FreeLibrary
LoadLibraryW
GetProcAddress
GetSystemDefaultLCID
GetLocaleInfoA
InterlockedIncrement
SetLastError
GetCurrentThread
GetComputerNameW
GetComputerNameExW
GetSystemWow64DirectoryA

userenv

RegisterGPNotification
UnregisterGPNotification

Sections

.text
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.uuup
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.kuup
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ouup
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.duup
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.auuu
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qiii
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gooo
Size: 322KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 432KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45a6cbf39b5f9303a132f099b074a5cc

Headers

File Characteristics

Imports

secur32

msvcrt

msasn1

crypt32

advapi32

kernel32

userenv

Sections

.text Size: 7KB - Virtual size: 8KB

.rdata Size: 6KB - Virtual size: 8KB

.data Size: 1KB - Virtual size: 4KB

.uuup Size: 512B - Virtual size: 4KB

.kuup Size: 512B - Virtual size: 4KB

.ouup Size: 512B - Virtual size: 4KB

.duup Size: 512B - Virtual size: 4KB

.auuu Size: 512B - Virtual size: 4KB

.qiii Size: 512B - Virtual size: 4KB

.gooo Size: 322KB - Virtual size: 324KB

.rsrc Size: 11KB - Virtual size: 432KB

.text
Size: 7KB - Virtual size: 8KB

.rdata
Size: 6KB - Virtual size: 8KB

.data
Size: 1KB - Virtual size: 4KB

.uuup
Size: 512B - Virtual size: 4KB

.kuup
Size: 512B - Virtual size: 4KB

.ouup
Size: 512B - Virtual size: 4KB

.duup
Size: 512B - Virtual size: 4KB

.auuu
Size: 512B - Virtual size: 4KB

.qiii
Size: 512B - Virtual size: 4KB

.gooo
Size: 322KB - Virtual size: 324KB

.rsrc
Size: 11KB - Virtual size: 432KB