3d7f58c1807870990942665708b05e9a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3d7f58c1807870990942665708b05e9a_JaffaCakes118
Size

97KB
MD5

3d7f58c1807870990942665708b05e9a
SHA1

0f54b8e2fb60a6d9be0c2cc7a30f9f77818d9e34
SHA256

2e9967ec82efbdedf9550e48f34ca058b90e66114b25cd4d7de47601c664b521
SHA512

cfb8ff423a2ef3138a35e56279491e9c8838e6fedd78f03c777a4de82a4e9a227268b5a27733c6a1fa769881e2b82c8c635734374d8c1b79cd338021f9e0a595
SSDEEP

3072:kvTsXEKZYXELdGSxUIqQ+nes2Ysf+0YOv:mDXEgzIqQa2YIv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d7f58c1807870990942665708b05e9a_JaffaCakes118

Files

3d7f58c1807870990942665708b05e9a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a80e35ba0182241957e73d08ad2673c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfW
CharLowerBuffW

msvcrt

_except_handler3
_strcmpi
_stricmp
sscanf
_adjust_fdiv
wcscmp
free
malloc
wcscpy
_ultoa
wcscat
wcslen
wcstoul
wcsspn
swprintf
_strnicmp
sprintf
strchr
wcsrchr
qsort
strrchr
_wcsicmp
_wcsnicmp
_initterm
_vsnprintf

cryptdll

MD5Update
MD5Init
CDLocateCheckSum
CDLocateCSystem
MD5Final
CDGenerateRandomBits
CDBuildIntegrityVect
CDFindCommonCSystemWithKey

advapi32

OpenSCManagerW
OpenThreadToken
CryptReleaseContext
LookupAccountSidW
CryptCreateHash
GetTokenInformation
CryptHashData
QueryServiceConfigW
RegSetValueExW
CryptDestroyHash
SystemFunction006
RegOpenKeyExW
DeregisterEventSource
RegQueryValueExW
SystemFunction007
ReportEventW
CloseServiceHandle
FreeSid
CryptGetProvParam
RegCloseKey
CryptGetHashParam
CredUnmarshalCredentialW
QueryServiceStatus
RegCreateKeyExW
RegNotifyChangeKeyValue
TraceEvent
RegOpenKeyW
CredFree
RevertToSelf
AllocateAndInitializeSid
GetTraceLoggerHandle
RegDeleteValueW
OpenServiceW
SetThreadToken
RegConnectRegistryW
RegisterEventSourceW
RegEnumKeyExW
CryptSetProvParam
OpenProcessToken
RegisterTraceGuidsW
CryptAcquireContextW
RegQueryInfoKeyW

msasn1

ASN1BERDecPeekTag
ASN1BEREncBitString
ASN1BEREncEndOfContents
ASN1BEREncS32
ASN1BERDecEndOfContents
ASN1Free
ASN1BEREncOpenType
ASN1octetstring_free
ASN1BERDecBitString
ASN1DecSetError
ASN1BERDecSkip
ASN1_CloseEncoder
ASN1BEREncOctetString
ASN1BEREncBool
ASN1BERDecSXVal
ASN1intx2int32
ASN1BEREncSX
ASN1DecAlloc
ASN1BERDecExplicitTag
ASN1_FreeDecoded
ASN1charstring_free
ASN1_CreateEncoder
ASN1ztcharstring_free
ASN1BERDecCharString
ASN1_CreateModule
ASN1BERDecU32Val
ASN1_Decode
ASN1BERDecNotEndOfContents
ASN1BERDecZeroCharString
ASN1BERDecObjectIdentifier
ASN1BEREncCharString
ASN1bitstring_free
ASN1intx2uint32
ASN1BEREncExplicitTag
ASN1objectidentifier_free
ASN1_CloseDecoder
ASN1BERDecGeneralizedTime
ASN1CEREncGeneralizedTime
ASN1BEREncU32
ASN1BERDecBool
ASN1intx_free
ASN1BERDecS32Val
ASN1_FreeEncoded
ASN1intxisuint32
ASN1BERDecOctetString
ASN1_CreateDecoder
ASN1BEREncObjectIdentifier
ASN1EncSetError
ASN1BERDecOpenType2
ASN1_Encode
ASN1intx_setuint32

secur32

FreeContextBuffer
LsaFreeReturnBuffer
CredMarshalTargetInfo
CredUnmarshalTargetInfo
LsaGetLogonSessionData

ntdll

RtlCreateTimer
RtlFreeSid
RtlInitializeResource
NtWaitForSingleObject
RtlSystemTimeToLocalTime
RtlInitializeGenericTable
RtlPrefixUnicodeString
RtlSubAuthoritySid
NtClose
RtlUniform
RtlCompareMemory
RtlNtStatusToDosError
RtlAppendUnicodeStringToString
RtlReleaseResource
NtQueryInformationToken
RtlDeleteResource
NtOpenThreadToken
RtlLengthRequiredSid
RtlDeleteCriticalSection
RtlEqualUnicodeString
RtlInsertElementGenericTable
RtlCopyUnicodeString
RtlEqualSid
NtOpenProcessToken
NtOpenEvent
RtlAcquireResourceExclusive
RtlInitializeSid
RtlUlongByteSwap
NtAllocateVirtualMemory
RtlTimeFieldsToTime
RtlLengthSid
RtlDeleteTimerQueue
RtlLookupElementGenericTableAvl
RtlDowncaseUnicodeString
NtAllocateLocallyUniqueId
RtlValidSid
RtlConvertSidToUnicodeString
NtQuerySystemTime
RtlIntegerToUnicodeString
RtlUpcaseUnicodeString
RtlInitAnsiString
RtlCopyLuid
VerSetConditionMask
RtlEqualDomainName
RtlDeregisterWait
RtlVerifyVersionInfo
RtlFreeUnicodeString
RtlOemStringToUnicodeString
RtlInitUnicodeString
RtlGetElementGenericTable
RtlFreeAnsiString
NtDuplicateObject
RtlInitializeCriticalSection
RtlCreateAcl
RtlInitializeGenericTableAvl
RtlCompareUnicodeString
RtlConvertSharedToExclusive
RtlEnterCriticalSection
NtCreateDebugObject
RtlUnicodeStringToAnsiString
NtCreateEvent
RtlLookupElementGenericTable
RtlAddAccessAllowedAce
RtlAllocateAndInitializeSid
RtlCreateSecurityDescriptor
RtlEraseUnicodeString
RtlInsertElementGenericTableAvl
RtlAcquireResourceShared
RtlAnsiStringToUnicodeString
RtlCreateTimerQueue
RtlCopySid
RtlSetDaclSecurityDescriptor
NtQuerySystemInformation
RtlDeleteElementGenericTable
RtlLeaveCriticalSection
DbgPrint
RtlTimeToTimeFields
NtSetSecurityObject

kernel32

GetSystemTimeAsFileTime
lstrcmpiA
UnmapViewOfFile
EnterCriticalSection
GetComputerNameExW
SetEvent
DebugBreak
LeaveCriticalSection
OpenFileMappingW
MultiByteToWideChar
GetLastError
LoadLibraryA
GetACP
CreateEventW
CreateFileMappingW
ExpandEnvironmentStringsW
QueryPerformanceCounter
GetLocalTime
GetModuleFileNameW
VirtualAlloc
DisableThreadLibraryCalls
ExitProcess
GetCurrentProcess
GetComputerNameW
GetTickCount
UnregisterWait
InterlockedExchangeAdd
FileTimeToSystemTime
GetEnvironmentVariableW
UnhandledExceptionFilter
GetSystemInfo
InterlockedCompareExchange
lstrlenA
RegisterWaitForSingleObjectEx
LocalFree
SetUnhandledExceptionFilter
WriteFile
FreeLibrary
Sleep
GetProfileStringA
GetModuleHandleW
GetCurrentThreadId
WideCharToMultiByte
GetModuleFileNameA
OutputDebugStringA
InterlockedIncrement
TerminateProcess
CreateFileW
LoadLibraryW
CreateFileA
OpenEventW
lstrlenW
InterlockedDecrement
RaiseException
InterlockedExchange
FormatMessageW
MapViewOfFileEx
DeleteCriticalSection
CloseHandle
GetCurrentProcessId
GetCurrentThread
lstrcmpW
InitializeCriticalSection
LocalAlloc
lstrcpyW

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 160KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a80e35ba0182241957e73d08ad2673c0

Headers

DLL Characteristics

File Characteristics

Imports

user32

msvcrt

cryptdll

advapi32

msasn1

secur32

ntdll

kernel32

Sections

.text Size: 12KB - Virtual size: 11KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 144KB - Virtual size: 143KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 160KB - Virtual size: 1.4MB

.text
Size: 12KB - Virtual size: 11KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 144KB - Virtual size: 143KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 160KB - Virtual size: 1.4MB