41fe20110c98217d7265d3e9dba51a95_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

41fe20110c98217d7265d3e9dba51a95_JaffaCakes118
Size

55KB
MD5

41fe20110c98217d7265d3e9dba51a95
SHA1

7bce3d8f9af76d6fb1dcc4c2dad781ad09586fa9
SHA256

642c6263f331764ad33a40a65b5c438ed74d980a77121a0fbf09e1fe549db43d
SHA512

21cb0a29a6182c20c8177362636df7fc7a54d52c7cece3368c13ff66a9f5444d6ff3d4462c538f6183c4c6a60c6e4d750815c5bb17c151bdc355f8b12d1335cc
SSDEEP

1536:H0O6dEQbn/aqlhO2yxCYbwN8FG5ipwd+dQjN/KmS72B:H0EQbn/aqlhLyxvkgOkwEuF5S7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41fe20110c98217d7265d3e9dba51a95_JaffaCakes118

Files

41fe20110c98217d7265d3e9dba51a95_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cffde550e16f1c2f93aed4ee6150e72c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

qsort
_snwprintf
strncmp
strtoul
_except_handler3
wcscat
malloc
_ltow
wcschr
_ultoa
atol
free
_snprintf
_initterm
memcpy
_ltoa
_onexit
memmove
_itow
wcslen
__dllonexit
wcscpy
isupper
isdigit
sprintf
wcscmp
_wcsnicmp
_wcsicmp
isxdigit
_adjust_fdiv
strncpy
bsearch

advapi32

ControlService
StartServiceA
OpenProcessToken
LockServiceDatabase
CryptGetDefaultProviderW
CryptDecrypt
CryptSignHashA
IsValidSid
RegOpenKeyExA
CryptVerifySignatureA
ChangeServiceConfigA
RegCloseKey
RegDeleteKeyW
QueryServiceConfigA
RegEnumValueW
RegGetKeySecurity
RegSetKeySecurity
CryptExportKey
EqualSid
RegConnectRegistryA
MD5Init
GetSidSubAuthority
LsaNtStatusToWinError
CryptHashData
CryptImportKey
GetSecurityDescriptorOwner
SetSecurityDescriptorOwner
InitializeAcl
CryptSetProvParam
RegNotifyChangeKeyValue
RegDeleteKeyA
LookupPrivilegeValueA
FreeSid
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
CryptDeriveKey
RegQueryInfoKeyA
QueryServiceStatus
A_SHAFinal
RegQueryInfoKeyW
AdjustTokenPrivileges
SystemFunction040
RegEnumValueA
CryptDestroyKey
StartServiceW
SystemFunction041
MD5Update
UnlockServiceDatabase
RegCreateKeyExA
MD5Final
LookupAccountSidW
CryptSetKeyParam
RegSetValueExW
RegQueryValueExA
AllocateAndInitializeSid
OpenSCManagerW
RegDeleteValueW
RegDeleteValueA
RegEnumKeyExW
OpenThreadToken
CryptSetProviderA
InitializeSecurityDescriptor
RegQueryValueExW
GetLengthSid
RegCreateKeyExW
CryptGetHashParam
SetSecurityDescriptorGroup
GetTokenInformation
CryptGenKey
GetAce
CryptGenRandom
CryptDestroyHash
GetUserNameW
AddAccessAllowedAce
A_SHAUpdate
OpenServiceW
RegOpenKeyExW
CopySid
RegEnumKeyA
RegEnumKeyExA
GetSidIdentifierAuthority
CryptGetUserKey
A_SHAInit
CryptCreateHash
CryptReleaseContext
CloseServiceHandle
CryptGetKeyParam
CryptGetProvParam
RegSetValueExA
CryptSetHashParam
CryptEncrypt
CryptAcquireContextA
GetUserNameA
RegConnectRegistryW
GetSidSubAuthorityCount

user32

wsprintfA
GetProcessDefaultLayout
wsprintfW
GetSystemMetrics
MessageBoxA
LoadStringW
MessageBoxW
LoadStringA

rpcrt4

UuidCreate
RpcStringBindingComposeW
RpcBindingFromStringBindingA
RpcStringFreeW
RpcBindingFree
RpcImpersonateClient
RpcRevertToSelf
RpcStringBindingComposeA
RpcBindingSetAuthInfoExW
NdrClientCall2
RpcEpResolveBinding
RpcStringFreeA
UuidToStringA
RpcBindingFromStringBindingW

adsldpc

ADsFreeColumn

msasn1

ASN1BEREncBool
ASN1BERDecObjectIdentifier2
ASN1BERDecChar16String
ASN1BERDecEoid
ASN1BERDecS32Val
ASN1BEREncBitString
ASN1CEREncBeginBlk
ASN1BEREncChar16String
ASN1CEREncFlushBlkElement
ASN1intx_free
ASN1BEREncU32
ASN1_CreateEncoder
ASN1BERDecChar32String
ASN1BEREncSX
ASN1BERDecU32Val
ASN1BERDecMultibyteString
ASN1CEREncNewBlkElement
ASN1CEREncGeneralizedTime
ASN1BEREncEoid
ASN1utf8string_free
ASN1BERDecOctetString2
ASN1_Decode
ASN1CEREncEndBlk
ASN1_FreeEncoded
ASN1_FreeDecoded
ASN1CEREncUTCTime
ASN1_Encode
ASN1BERDecBool
ASN1BERDecCharString
ASN1_CloseModule
ASN1_CloseDecoder
ASN1ztcharstring_free
ASN1BEREncS32
ASN1BERDecGeneralizedTime
ASN1Free
ASN1BERDecBitString2
ASN1BEREncChar32String
ASN1_SetEncoderOption
ASN1octetstring_free
ASN1char32string_free
ASN1BEREoid2DotVal
ASN1BEREoid_free
ASN1DecRealloc
ASN1BEREncEndOfContents
ASN1BERDecEndOfContents
ASN1BERDotVal2Eoid
ASN1EncSetError
ASN1BEREncCharString
ASN1BEREncUTF8String
ASN1BERDecExplicitTag
ASN1BERDecSXVal
ASN1BERDecOpenType2
ASN1BERDecUTCTime
ASN1charstring_free
ASN1BERDecNotEndOfContents
ASN1_CreateDecoder
ASN1_CloseEncoder
ASN1BEREncOctetString
ASN1open_free
ASN1bitstring_free
ASN1BEREncExplicitTag
ASN1BERDecPeekTag
ASN1char16string_free
ASN1BEREncObjectIdentifier2
ASN1DecSetError
ASN1BERDecZeroCharString
ASN1BERDecOpenType
ASN1BEREncMultibyteString
ASN1BERDecUTF8String
ASN1BERDecBitString
ASN1objectidentifier2_cmp
ASN1BERDecOctetString
ASN1BEREncOpenType
ASN1_CreateModule

kernel32

VirtualAlloc
GetTimeFormatA
GetCurrentProcess
InterlockedIncrement
GetLocalTime
SystemTimeToFileTime
FindNextFileA
FindFirstChangeNotificationA
ExitThread
FindNextChangeNotification
GetDateFormatW
CreateDirectoryW
DeleteFileA
CreateMutexW
OutputDebugStringA
TlsAlloc
WriteFile
GetTickCount
CompareFileTime
lstrlenW
GetSystemDefaultLangID
CreateMutexA
ExpandEnvironmentStringsW
FindFirstChangeNotificationW
FindClose
GetCurrentThread
GetSystemTimeAsFileTime
InterlockedExchange
WideCharToMultiByte
TlsGetValue
GetFileSize
MapViewOfFile
CompareStringW
LoadLibraryExW
lstrcpyA
Sleep
GetLastError
FindNextFileW
DelayLoadFailureHook
FileTimeToLocalFileTime
OpenMutexA
GetModuleFileNameW
SetUnhandledExceptionFilter
GetFileAttributesW
CreateThread
GetEnvironmentVariableA
GetACP
MultiByteToWideChar
lstrcmpA
PulseEvent
GetVersionExA
CreateEventA
GetCurrentThreadId
GetFileAttributesA
FindFirstFileA
OpenMutexW
DeleteCriticalSection
QueryPerformanceCounter
CreateFileA
SetFileAttributesW
ReadFile
GetUserDefaultLCID
OpenFileMappingW
GetSystemTime
WaitForSingleObjectEx
ReleaseMutex
WaitForMultipleObjectsEx
SetFilePointer
lstrcatA
SetEndOfFile
FormatMessageW
GetTimeFormatW
SetEvent
InitializeCriticalSection
LeaveCriticalSection
CreateFileMappingA
GetProcAddress
LocalAlloc
GetTempPathA
FormatMessageA
CloseHandle
LocalSize
FreeLibrary
FindCloseChangeNotification
TlsSetValue
FileTimeToSystemTime
CompareStringA
GetCurrentProcessId
LocalFree
DeleteFileW
UnhandledExceptionFilter
GetModuleHandleA
CreateFileMappingW
CreateDirectoryA
TlsFree
InterlockedCompareExchange
DuplicateHandle
CreateFileW
GetComputerNameW
GetModuleFileNameA
SetLastError
lstrlenA
GetComputerNameA
GetDateFormatA
SetFileAttributesA
EnterCriticalSection
FindFirstFileW
ExpandEnvironmentStringsA
TerminateProcess
LocalReAlloc
WaitForSingleObject
OpenEventA
GetTempFileNameA
UnmapViewOfFile
LoadLibraryExA
FreeLibraryAndExitThread
InterlockedDecrement
LoadLibraryA

Sections

.textbss
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cffde550e16f1c2f93aed4ee6150e72c

Headers

File Characteristics

Imports

msvcrt

advapi32

user32

rpcrt4

adsldpc

msasn1

kernel32

Sections

.textbss Size: - Virtual size: 1.3MB

.text Size: 512B - Virtual size: 412B

.rdata Size: 512B - Virtual size: 32B

.reloc Size: 512B - Virtual size: 448B

.idata Size: 52KB - Virtual size: 52KB

.textbss
Size: - Virtual size: 1.3MB

.text
Size: 512B - Virtual size: 412B

.rdata
Size: 512B - Virtual size: 32B

.reloc
Size: 512B - Virtual size: 448B

.idata
Size: 52KB - Virtual size: 52KB