46c3b14461d3467800c5bbc777a2d799_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

46c3b14461d3467800c5bbc777a2d799_JaffaCakes118
Size

477KB
MD5

46c3b14461d3467800c5bbc777a2d799
SHA1

440fb3ee70d47a899647c90491aaa16a8a514b20
SHA256

1646352d89f4b3544a6fa858f17eb1c5e06c21be3e0bfca5989c04bb9ee97397
SHA512

54bc419af18139dabbacbb94b7a5052fcd1f233f74e5e9e1fc75a8d07e949b63d75bb1ed07368114699411d6ff56ff9f6e5ec810348d6332bd4a4ef636c55a2f
SSDEEP

12288:2WbA17px6Mz4xpVfbebkc/5cu39Oe1vcIQBBZpb:2Wo4ff2kc/FUl7BBZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46c3b14461d3467800c5bbc777a2d799_JaffaCakes118

Files

46c3b14461d3467800c5bbc777a2d799_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f26e5355d5fad4bef31ca63e4453e0b0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptDecrypt
CryptGetHashParam
GetAce
GetUserNameW
CryptVerifySignatureA
RegEnumKeyExW
CryptGetProvParam
CopySid
RegConnectRegistryW
AddAccessAllowedAce
InitializeSecurityDescriptor
GetSidIdentifierAuthority
CryptDeriveKey
RegDeleteValueW
SetSecurityDescriptorOwner
RegCloseKey
GetSecurityDescriptorDacl
CryptSetProvParam
CryptGenRandom
LookupPrivilegeValueA
RegSetValueExA
CryptGenKey
RegEnumKeyA
CryptEncrypt
UnlockServiceDatabase
CloseServiceHandle
RegDeleteValueA
GetSidSubAuthority
CryptAcquireContextA
StartServiceW
AdjustTokenPrivileges
ChangeServiceConfigA
GetLengthSid
GetTokenInformation
SetSecurityDescriptorSacl
CryptGetDefaultProviderW
EqualSid
RegEnumValueW
OpenThreadToken
RegEnumValueA
CryptImportKey
FreeSid
CryptSetKeyParam
SetSecurityDescriptorDacl
RegDeleteKeyA
RegConnectRegistryA
SystemFunction041
GetUserNameA
AllocateAndInitializeSid
RegQueryValueExA
StartServiceA
OpenSCManagerW
CryptExportKey
GetSecurityDescriptorOwner
RegCreateKeyExA
QueryServiceStatus
RegQueryValueExW
RegQueryInfoKeyA
CryptReleaseContext
CryptCreateHash
CryptSetProviderA
RegDeleteKeyW
RegOpenKeyExA
CryptDestroyHash
IsValidSid
GetSidSubAuthorityCount
CryptSignHashA
CryptHashData
LockServiceDatabase
RegSetValueExW
OpenServiceW
RegSetKeySecurity
CryptGetUserKey
CryptSetHashParam
OpenProcessToken
ControlService
CryptDestroyKey
RegOpenKeyExW
RegGetKeySecurity
QueryServiceConfigA
SetSecurityDescriptorGroup
RegEnumKeyExA
RegQueryInfoKeyW
InitializeAcl
RegNotifyChangeKeyValue
RegCreateKeyExW
CryptGetKeyParam

msasn1

ASN1char32string_free
ASN1BERDecChar32String
ASN1CEREncFlushBlkElement
ASN1BERDecSXVal
ASN1BEREncUTF8String
ASN1BEREncObjectIdentifier2
ASN1BERDecOctetString
ASN1BEREncExplicitTag
ASN1BERDecPeekTag
ASN1BERDecOpenType
ASN1BERDecU32Val
ASN1Free
ASN1CEREncEndBlk
ASN1CEREncNewBlkElement
ASN1BEREoid2DotVal
ASN1BERDotVal2Eoid
ASN1BEREncCharString
ASN1BERDecCharString
ASN1_Decode
ASN1BERDecZeroCharString
ASN1BEREncSX
ASN1DecSetError
ASN1open_free
ASN1BERDecEndOfContents
ASN1_CreateEncoder
ASN1_FreeDecoded
ASN1BEREncEoid
ASN1utf8string_free
ASN1BEREncEndOfContents
ASN1BEREncMultibyteString
ASN1BERDecNotEndOfContents
ASN1DecRealloc
ASN1BERDecOpenType2
ASN1intx_free
ASN1char16string_free
ASN1BERDecGeneralizedTime
ASN1charstring_free
ASN1BERDecExplicitTag
ASN1BERDecUTCTime
ASN1_Encode
ASN1CEREncBeginBlk
ASN1octetstring_free
ASN1BERDecBool
ASN1ztcharstring_free
ASN1BEREncChar32String
ASN1BERDecEoid
ASN1BERDecObjectIdentifier2
ASN1BERDecBitString
ASN1_CreateDecoder
ASN1BEREncOpenType
ASN1_CloseDecoder
ASN1_CloseEncoder
ASN1EncSetError
ASN1BERDecOctetString2
ASN1BERDecBitString2
ASN1BERDecS32Val
ASN1_CreateModule
ASN1BEREncBitString
ASN1BEREncS32
ASN1BEREncOctetString
ASN1CEREncGeneralizedTime
ASN1BEREncChar16String
ASN1objectidentifier2_cmp
ASN1BERDecMultibyteString
ASN1CEREncUTCTime
ASN1BEREncU32
ASN1_FreeEncoded
ASN1_SetEncoderOption
ASN1BEREoid_free
ASN1BERDecUTF8String
ASN1BERDecChar16String
ASN1_CloseModule
ASN1BEREncBool
ASN1bitstring_free

ntdll

RtlUshortByteSwap
LdrGetDllHandle
NtAllocateVirtualMemory

user32

LoadStringW
GetSystemMetrics
GetProcessDefaultLayout
wsprintfW
LoadStringA
wsprintfA
MessageBoxA
MessageBoxW

msvcrt

wcscpy
_wcsicmp
_onexit
_ultoa
atol
_initterm
strtoul
_ltow
_adjust_fdiv
isupper
isdigit
memmove
isxdigit
wcschr
_itow
free
bsearch
_snwprintf
wcscat
strncmp
_wcsnicmp
wcslen
sprintf
qsort
wcscmp
strncpy
malloc
_ltoa
_except_handler3
__dllonexit

kernel32

CreateMutexW
WideCharToMultiByte
SetEvent
GetProcAddress
InterlockedDecrement
GetModuleHandleA
TerminateProcess
DuplicateHandle
GetTimeFormatA
WaitForSingleObjectEx
LocalAlloc
InterlockedCompareExchange
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjectsEx
CreateMutexA
GetComputerNameA
CompareStringW
CreateDirectoryA
InterlockedIncrement
DelayLoadFailureHook
CompareStringA
WaitForSingleObject
UnmapViewOfFile
GetUserDefaultLCID
FreeLibrary
CreateFileMappingA
CloseHandle
CreateEventA
OpenMutexW
FileTimeToSystemTime
SystemTimeToFileTime
lstrcmpA
CreateFileA
GetComputerNameW
LoadLibraryExA
LocalReAlloc
FindFirstFileW
WriteFile
CreateFileW
GetDateFormatA
DeleteFileA
GetSystemTime
ExpandEnvironmentStringsA
LoadLibraryExW
DeleteFileW
CompareFileTime
GetModuleFileNameW
FindNextFileA
FormatMessageW
GetTempPathA
GetLocalTime
FindClose
ExitThread
TlsSetValue
FindNextFileW
OpenFileMappingW
lstrcatA
GetCurrentThreadId
FindFirstChangeNotificationA
OpenEventA
FindFirstFileA
OpenMutexA
GetFileAttributesA
TlsGetValue
InterlockedExchange
QueryPerformanceCounter
MapViewOfFile
Sleep
GetLastError
GetFileSize
FileTimeToLocalFileTime
GetModuleFileNameA
ReleaseMutex
FreeLibraryAndExitThread
FindFirstChangeNotificationW
GetCurrentProcess
SetEndOfFile
InitializeCriticalSection
GetTempFileNameA
GetDateFormatW
SetUnhandledExceptionFilter
SetLastError
SetFilePointer
GetACP
LoadLibraryA
CreateDirectoryW
LocalFree
CreateThread
GetCurrentThread
lstrlenW
GetSystemDefaultLangID
GetFileAttributesW
lstrlenA
GetTimeFormatW
PulseEvent
TlsAlloc
LocalSize
GetCurrentProcessId
FindNextChangeNotification
GetVersionExA
GetTickCount
SetFileAttributesA
ExpandEnvironmentStringsW
CreateFileMappingW
TlsFree
GetFileAttributesExW
DeleteCriticalSection
ReadFile
GetEnvironmentVariableA
FindCloseChangeNotification
UnhandledExceptionFilter
FormatMessageA
OutputDebugStringA
MultiByteToWideChar
GetSystemTimeAsFileTime
lstrcpyA
SetFileAttributesW

rpcrt4

RpcBindingFromStringBindingA
RpcStringBindingComposeW
RpcRevertToSelf
RpcStringFreeW
UuidCreate
RpcBindingFree
RpcStringBindingComposeA
RpcImpersonateClient
NdrClientCall2
UuidToStringA
RpcBindingFromStringBindingW
RpcStringFreeA

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 216KB - Virtual size: 1008KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f26e5355d5fad4bef31ca63e4453e0b0

Headers

File Characteristics

Imports

advapi32

msasn1

ntdll

user32

msvcrt

kernel32

rpcrt4

Sections

.text Size: 14KB - Virtual size: 14KB

.rsrc Size: 37KB - Virtual size: 37KB

.data Size: 216KB - Virtual size: 1008KB

.reloc Size: 512B - Virtual size: 24B

.rdata Size: 207KB - Virtual size: 207KB

.text
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 37KB - Virtual size: 37KB

.data
Size: 216KB - Virtual size: 1008KB

.reloc
Size: 512B - Virtual size: 24B

.rdata
Size: 207KB - Virtual size: 207KB