44ede47747629901b40debf9c8e72064_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

44ede47747629901b40debf9c8e72064_JaffaCakes118
Size

426KB
MD5

44ede47747629901b40debf9c8e72064
SHA1

8df2eecb1b036bb5ca88667a1e5ef9c162a89ce8
SHA256

a09af5166d0932fcb7053e52fc2f72af95d306b09367a2019be6641e05bc4af3
SHA512

626404fd98901b6c21fcde495bc8f5222d1a97bafa7c73bd93f7216f6863375598d167848222d715640df49e38ce01e504d6d56528307a55f5589a4f2b87c428
SSDEEP

6144:BeSok/nxO1VhLiV43CEpr53cgBz+5D1ZHG5FKVTi1SbkbTSHu0ety46lZRgTjzA3:BelEwLiO39Vz2hQB1SbkqHu0eGlZRGz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44ede47747629901b40debf9c8e72064_JaffaCakes118

Files

44ede47747629901b40debf9c8e72064_JaffaCakes118
.dll windows:4 windows x86 arch:x86

be23ef8c266fa29cb5fd66fb81a94bf3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msasn1

ASN1_CreateEncoder
ASN1ztcharstring_free
ASN1BERDecU32Val
ASN1utf8string_free
ASN1_FreeEncoded
ASN1BEREncU32
ASN1Free
ASN1BEREncUTF8String
ASN1_SetEncoderOption
ASN1BEREncObjectIdentifier2
ASN1DecSetError
ASN1BERDecOpenType
ASN1intx_free
ASN1BERDecEndOfContents
ASN1BERDecUTCTime
ASN1BEREncBitString
ASN1BERDecChar32String
ASN1BERDecMultibyteString
ASN1CEREncGeneralizedTime
ASN1BERDecGeneralizedTime
ASN1BEREncOpenType
ASN1BEREncCharString
ASN1BERDecOctetString2
ASN1BEREncExplicitTag
ASN1BEREncOctetString
ASN1BERDecBitString
ASN1EncSetError
ASN1BERDecUTF8String
ASN1CEREncNewBlkElement
ASN1BERDecZeroCharString
ASN1BERDecChar16String
ASN1BEREncS32
ASN1_CreateDecoder
ASN1octetstring_free
ASN1_CreateModule
ASN1BEREncMultibyteString
ASN1BEREncChar32String
ASN1DecRealloc
ASN1_FreeDecoded
ASN1open_free
ASN1BEREncEndOfContents
ASN1charstring_free
ASN1char16string_free
ASN1BERDecCharString
ASN1_CloseModule
ASN1BEREoid2DotVal
ASN1char32string_free
ASN1BEREncSX
ASN1BERDecExplicitTag
ASN1BERDecBool
ASN1BEREoid_free
ASN1_Decode
ASN1CEREncBeginBlk
ASN1CEREncFlushBlkElement
ASN1BERDecOctetString
ASN1bitstring_free
ASN1objectidentifier2_cmp
ASN1BERDotVal2Eoid
ASN1BERDecOpenType2
ASN1BERDecPeekTag
ASN1BERDecEoid
ASN1BEREncBool
ASN1CEREncEndBlk
ASN1BEREncChar16String
ASN1_CloseEncoder
ASN1BEREncEoid
ASN1BERDecS32Val
ASN1_Encode
ASN1_CloseDecoder
ASN1BERDecNotEndOfContents
ASN1BERDecBitString2
ASN1BERDecSXVal
ASN1CEREncUTCTime
ASN1BERDecObjectIdentifier2

user32

GetProcessDefaultLayout
wsprintfW
MessageBoxA
MessageBoxW
LoadStringW
LoadStringA
GetSystemMetrics
wsprintfA

ntdll

LdrGetDllHandle
RtlUshortByteSwap
NtAllocateVirtualMemory

rpcrt4

UuidCreate
RpcRevertToSelf
RpcStringBindingComposeA
RpcBindingFromStringBindingA
RpcStringFreeA
RpcBindingFree
UuidToStringA
RpcBindingFromStringBindingW
RpcImpersonateClient
RpcStringFreeW
RpcStringBindingComposeW
NdrClientCall2

advapi32

RegQueryValueExA
RegQueryInfoKeyA
LockServiceDatabase
RegDeleteKeyW
RegEnumValueW
CryptEncrypt
CryptDecrypt
RegCloseKey
EqualSid
RegDeleteValueA
RegConnectRegistryW
CryptGetProvParam
QueryServiceConfigA
RegSetValueExW
OpenThreadToken
StartServiceA
CopySid
CryptAcquireContextA
CryptSetProviderA
GetSidSubAuthority
OpenProcessToken
SetSecurityDescriptorGroup
CryptSetKeyParam
CryptSetProvParam
SystemFunction041
CryptGetUserKey
InitializeSecurityDescriptor
CryptGetHashParam
QueryServiceStatus
CryptCreateHash
SetSecurityDescriptorDacl
GetSecurityDescriptorOwner
RegOpenKeyExA
GetUserNameA
RegEnumKeyExW
LookupPrivilegeValueA
CloseServiceHandle
CryptDestroyKey
RegQueryInfoKeyW
CryptImportKey
StartServiceW
GetUserNameW
RegQueryValueExW
CryptSetHashParam
CryptGetKeyParam
RegCreateKeyExW
CryptDestroyHash
CryptExportKey
SetSecurityDescriptorSacl
RegConnectRegistryA
GetTokenInformation
FreeSid
CryptGetDefaultProviderW
CryptGenRandom
ChangeServiceConfigA
OpenServiceW
RegNotifyChangeKeyValue
CryptReleaseContext
CryptSignHashA
RegEnumKeyExA
RegSetValueExA
RegSetKeySecurity
GetAce
RegDeleteValueW
AllocateAndInitializeSid
InitializeAcl
UnlockServiceDatabase
CryptGenKey
RegOpenKeyExW
RegDeleteKeyA
AdjustTokenPrivileges
ControlService
CryptDeriveKey
GetLengthSid
RegCreateKeyExA
GetSecurityDescriptorDacl
RegGetKeySecurity
GetSidIdentifierAuthority
CryptVerifySignatureA
SetSecurityDescriptorOwner
IsValidSid
RegEnumValueA
AddAccessAllowedAce
OpenSCManagerW
RegEnumKeyA
CryptHashData
GetSidSubAuthorityCount

msvcrt

atol
wcscmp
isdigit
_ltoa
strncmp
strtoul
strncpy
bsearch
wcschr
_except_handler3
memmove
_initterm
isxdigit
sprintf
isupper
_itow
wcslen
_snwprintf
__dllonexit
_onexit
_wcsnicmp
_wcsicmp
wcscpy
wcscat
qsort
_adjust_fdiv
free
_ultoa
_ltow
malloc

kernel32

WaitForMultipleObjectsEx
GetACP
GetDateFormatW
GetDateFormatA
CompareStringW
GetVersionExA
LocalSize
FormatMessageA
ReleaseMutex
FindClose
InterlockedExchange
CreateFileW
GetModuleFileNameA
SetLastError
CompareFileTime
GetProcAddress
GetModuleFileNameW
InterlockedIncrement
MapViewOfFile
OpenFileMappingW
TlsGetValue
OpenEventA
GetUserDefaultLCID
GetLocalTime
LocalReAlloc
SystemTimeToFileTime
WideCharToMultiByte
LoadLibraryExW
InterlockedDecrement
GetTickCount
ExitThread
FindFirstFileA
GetTempFileNameA
FileTimeToSystemTime
DuplicateHandle
InterlockedCompareExchange
CreateDirectoryA
CreateThread
SetEvent
GetFileAttributesExW
CreateMutexA
CreateFileA
UnmapViewOfFile
Sleep
GetSystemDefaultLangID
GetComputerNameW
GetCurrentProcessId
CreateFileMappingW
GetCurrentProcess
FindFirstChangeNotificationA
ExpandEnvironmentStringsA
lstrlenA
FindNextFileW
DeleteFileW
OutputDebugStringA
GetTimeFormatW
LeaveCriticalSection
ReadFile
FormatMessageW
CreateFileMappingA
LocalAlloc
SetEndOfFile
WaitForSingleObject
InitializeCriticalSection
GetFileAttributesA
lstrcmpA
OpenMutexA
SetFileAttributesW
QueryPerformanceCounter
FileTimeToLocalFileTime
SetFileAttributesA
FreeLibraryAndExitThread
lstrcpyA
FindNextFileA
UnhandledExceptionFilter
OpenMutexW
DeleteFileA
TlsFree
CloseHandle
CreateMutexW
GetFileAttributesW
FindCloseChangeNotification
CreateDirectoryW
PulseEvent
DelayLoadFailureHook
GetCurrentThread
DeleteCriticalSection
FindFirstChangeNotificationW
LoadLibraryA
lstrcatA
GetSystemTime
EnterCriticalSection
GetComputerNameA
TlsSetValue
lstrlenW
SetFilePointer
TerminateProcess
WriteFile
FindFirstFileW
GetFileSize
GetTempPathA
FreeLibrary
FindNextChangeNotification
TlsAlloc
GetEnvironmentVariableA
SetUnhandledExceptionFilter
GetCurrentThreadId
GetSystemTimeAsFileTime
ExpandEnvironmentStringsW
CreateEventA
GetModuleHandleA
MultiByteToWideChar
CompareStringA
GetLastError
LocalFree
LoadLibraryExA
GetTimeFormatA
WaitForSingleObjectEx

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 944KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 238KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be23ef8c266fa29cb5fd66fb81a94bf3

Headers

File Characteristics

Imports

msasn1

user32

ntdll

rpcrt4

advapi32

msvcrt

kernel32

Sections

.text Size: 22KB - Virtual size: 22KB

.reloc Size: 512B - Virtual size: 24B

.data Size: 4KB - Virtual size: 944KB

.rdata Size: 238KB - Virtual size: 237KB

.rsrc Size: 160KB - Virtual size: 159KB

.text
Size: 22KB - Virtual size: 22KB

.reloc
Size: 512B - Virtual size: 24B

.data
Size: 4KB - Virtual size: 944KB

.rdata
Size: 238KB - Virtual size: 237KB

.rsrc
Size: 160KB - Virtual size: 159KB