41e02a6ab054fb4ecf5b0cdc87c91fce_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

41e02a6ab054fb4ecf5b0cdc87c91fce_JaffaCakes118
Size

30KB
MD5

41e02a6ab054fb4ecf5b0cdc87c91fce
SHA1

8de02c7548f2af41d487387b858a8f2ec9a795f1
SHA256

70f9f631b5679ca35c97b03b2a4cef4202d401c9eed6674b044efdb13f38b22d
SHA512

9e0ed44e2e650366aa7cb9edf1be2ced812e00a7dc66ebd63cb1f93d9a967f784f569194526fa63c17d16dd85199bb6efa8a0593d021ff1cc0919ab54c5c4c9f
SSDEEP

768:HAc5A8en3RN4QMjXckOHHKjlrF6QBAsrg:jA8en3RO+H8lrF6Q2l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41e02a6ab054fb4ecf5b0cdc87c91fce_JaffaCakes118

Files

41e02a6ab054fb4ecf5b0cdc87c91fce_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0eeb49d5326087574798e071745b54af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msasn1

ASN1bitstring_free
ASN1CEREncFlushBlkElement
ASN1BERDecBitString
ASN1_FreeEncoded
ASN1BERDecCharString
ASN1BERDotVal2Eoid
ASN1BEREncU32
ASN1BEREncChar32String
ASN1CEREncUTCTime
ASN1CEREncGeneralizedTime
ASN1_CreateModule
ASN1char16string_free
ASN1BERDecSXVal
ASN1objectidentifier2_cmp
ASN1BERDecEndOfContents
ASN1octetstring_free
ASN1BERDecPeekTag
ASN1BEREoid2DotVal
ASN1BERDecBitString2
ASN1BEREncOpenType
ASN1BERDecUTCTime
ASN1_CloseEncoder
ASN1BEREncBool
ASN1BEREncMultibyteString
ASN1BERDecOpenType
ASN1BEREncSX
ASN1BEREncEoid
ASN1BERDecUTF8String
ASN1BEREncBitString
ASN1BERDecS32Val
ASN1BERDecObjectIdentifier2
ASN1BEREncOctetString
ASN1intx_free
ASN1_CreateDecoder
ASN1BERDecU32Val
ASN1BERDecEoid
ASN1BERDecExplicitTag
ASN1BEREncExplicitTag
ASN1BERDecGeneralizedTime
ASN1BEREncChar16String
ASN1BERDecChar16String
ASN1CEREncEndBlk
ASN1BEREncUTF8String
ASN1BERDecChar32String
ASN1BERDecNotEndOfContents
ASN1_Encode
ASN1char32string_free
ASN1DecSetError
ASN1BERDecZeroCharString
ASN1charstring_free
ASN1_CloseDecoder
ASN1BEREncObjectIdentifier2
ASN1BERDecOctetString
ASN1CEREncNewBlkElement
ASN1DecRealloc
ASN1BERDecOctetString2
ASN1EncSetError
ASN1BEREoid_free
ASN1BEREncCharString
ASN1BERDecOpenType2
ASN1open_free
ASN1BERDecMultibyteString
ASN1BEREncS32
ASN1utf8string_free
ASN1_CloseModule
ASN1BERDecBool
ASN1_FreeDecoded
ASN1ztcharstring_free
ASN1BEREncEndOfContents
ASN1CEREncBeginBlk
ASN1_CreateEncoder
ASN1_SetEncoderOption
ASN1_Decode
ASN1Free

adsldpc

ADsFreeColumn

msvcrt

strncmp
_ltow
_except_handler3
free
wcscmp
_snprintf
wcschr
_initterm
__dllonexit
_itow
_snwprintf
memmove
atol
malloc
wcscat
qsort
sprintf
_wcsnicmp
_ltoa
wcslen
isdigit
_ultoa
_adjust_fdiv
bsearch
strtoul
_onexit
isxdigit
isupper
wcscpy
_wcsicmp
memcpy
strncpy

rpcrt4

UuidToStringA
UuidCreate
NdrClientCall2
RpcBindingSetAuthInfoExW
RpcStringFreeW
RpcBindingFree
RpcBindingFromStringBindingA
RpcStringFreeA
RpcRevertToSelf
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcEpResolveBinding
RpcImpersonateClient
RpcStringBindingComposeA

user32

LoadStringA
wsprintfW
GetSystemMetrics
LoadStringW
MessageBoxW
wsprintfA
GetProcessDefaultLayout
MessageBoxA

advapi32

RegEnumKeyExA
SystemFunction041
CryptExportKey
EqualSid
GetSidSubAuthorityCount
CryptImportKey
RegSetValueExA
FreeSid
CryptGenKey
RegEnumValueW
RegDeleteKeyA
GetAce
CryptHashData
CryptDecrypt
CopySid
IsValidSid
RegQueryValueExA
CryptDestroyKey
CryptGetProvParam
RegDeleteValueW
CryptGetUserKey
GetSecurityDescriptorOwner
UnlockServiceDatabase
GetUserNameW
RegQueryValueExW
CryptGenRandom
AdjustTokenPrivileges
GetLengthSid
LookupAccountSidW
LookupPrivilegeValueA
CryptEncrypt
GetSidSubAuthority
CryptSetHashParam
CryptGetDefaultProviderW
CryptSetProvParam
RegEnumKeyA
ControlService
A_SHAInit
OpenSCManagerW
CryptDeriveKey
AddAccessAllowedAce
RegCreateKeyExA
RegSetValueExW
RegCloseKey
ChangeServiceConfigA
RegCreateKeyExW
CryptSetProviderA
GetUserNameA
CryptReleaseContext
CryptSignHashA
QueryServiceStatus
OpenThreadToken
CryptGetKeyParam
RegOpenKeyExA
RegOpenKeyExW
CryptGetHashParam
RegNotifyChangeKeyValue
SetSecurityDescriptorOwner
RegEnumKeyExW
LockServiceDatabase
CloseServiceHandle
RegDeleteValueA
MD5Update
RegQueryInfoKeyW
OpenServiceW
SetSecurityDescriptorGroup
CryptDestroyHash
StartServiceW
CryptCreateHash
SetSecurityDescriptorDacl
CryptAcquireContextA
MD5Init
RegConnectRegistryW
SystemFunction040
GetSecurityDescriptorDacl
GetTokenInformation
CryptSetKeyParam
InitializeAcl
QueryServiceConfigA
RegSetKeySecurity
AllocateAndInitializeSid
A_SHAFinal
A_SHAUpdate
RegEnumValueA
OpenProcessToken
RegQueryInfoKeyA
StartServiceA
InitializeSecurityDescriptor
CryptVerifySignatureA
RegGetKeySecurity
RegConnectRegistryA
GetSidIdentifierAuthority
RegDeleteKeyW
MD5Final
LsaNtStatusToWinError

kernel32

DelayLoadFailureHook
GetTimeFormatW
SetFileAttributesA
InterlockedExchange
CreateFileMappingW
TerminateProcess
FindFirstFileW
UnmapViewOfFile
GetSystemTime
GetFileAttributesExW
PulseEvent
GetLastError
GetDateFormatA
LocalFree
SystemTimeToFileTime
GetFileSize
FindNextChangeNotification
GetACP
WaitForMultipleObjectsEx
GetComputerNameW
EnterCriticalSection
CreateDirectoryA
OpenFileMappingW
GetCurrentProcess
GetFileAttributesW
OpenMutexW
DeleteFileA
lstrcmpA
GetVersionExA
MultiByteToWideChar
SetEvent
GetLocalTime
lstrcpyA
InterlockedDecrement
GetDateFormatW
FreeLibrary
FindClose
GetCurrentProcessId
GetProcAddress
CreateFileMappingA
GetUserDefaultLCID
FormatMessageW
OpenEventA
GetTempPathA
WideCharToMultiByte
ExpandEnvironmentStringsW
LocalReAlloc
LocalAlloc
GetTickCount
DeleteFileW
InterlockedIncrement
SetFilePointer
LocalSize
LoadLibraryExA
TlsSetValue
OutputDebugStringA
lstrcatA
UnhandledExceptionFilter
CreateMutexA
GetModuleHandleA
CreateDirectoryW
WaitForSingleObjectEx
SetEndOfFile
GetEnvironmentVariableA
InterlockedCompareExchange
CompareStringA
GetSystemDefaultLangID
DuplicateHandle
FindFirstFileA
SetLastError
GetTimeFormatA
GetComputerNameA
GetCurrentThread
FileTimeToSystemTime
FormatMessageA
QueryPerformanceCounter
GetFileAttributesA
CompareFileTime
SetFileAttributesW
FileTimeToLocalFileTime
GetTempFileNameA
CreateMutexW
VirtualAlloc
CreateFileA
lstrlenW
GetModuleFileNameW
ReleaseMutex
FindCloseChangeNotification
FindFirstChangeNotificationA
FindFirstChangeNotificationW
GetCurrentThreadId
FindNextFileW
ReadFile
ExitThread
FreeLibraryAndExitThread
LoadLibraryExW
Sleep
GetSystemTimeAsFileTime
GetModuleFileNameA
InitializeCriticalSection
DeleteCriticalSection
TlsFree
MapViewOfFile
LeaveCriticalSection
CloseHandle
WaitForSingleObject
WriteFile
SetUnhandledExceptionFilter
CreateFileW
CreateEventA
OpenMutexA
TlsAlloc
FindNextFileA
ExpandEnvironmentStringsA
TlsGetValue
CompareStringW
LoadLibraryA
lstrlenA

Sections

.textbss
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0eeb49d5326087574798e071745b54af

Headers

DLL Characteristics

File Characteristics

Imports

msasn1

adsldpc

msvcrt

rpcrt4

user32

advapi32

kernel32

Sections

.textbss Size: - Virtual size: 80KB

.text Size: 512B - Virtual size: 412B

.rdata Size: 512B - Virtual size: 32B

.reloc Size: 512B - Virtual size: 196B

.idata Size: 28KB - Virtual size: 27KB

.textbss
Size: - Virtual size: 80KB

.text
Size: 512B - Virtual size: 412B

.rdata
Size: 512B - Virtual size: 32B

.reloc
Size: 512B - Virtual size: 196B

.idata
Size: 28KB - Virtual size: 27KB