4bd15335233db886a67db49a20e53297_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4bd15335233db886a67db49a20e53297_JaffaCakes118
Size

36KB
MD5

4bd15335233db886a67db49a20e53297
SHA1

dce9fe170cd384bd48d5edcef24bfe78cc5f7693
SHA256

1931f58b615941e5dbf4cfb382d6e23de0152a75ba8be1b7ffd677c658b72be9
SHA512

3dab556099a7bc9defec64f90e621ee04b939d5735b8cd1031df3189dc78d88ed288f3fddf55d74aaaaa9bbde6d6986fb1a9d52f5b8e1a5d2ec3d31b672d8313
SSDEEP

768:d+E/yV/PG5ov+YLcHHeaB8PYZlbEcgUfnniENqOAEIQhkCs:sLV/+ldea6AZucfiziIdCs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4bd15335233db886a67db49a20e53297_JaffaCakes118

Files

4bd15335233db886a67db49a20e53297_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ec4eac7a735f63ff46bbbf485d081801

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

cryptdll

CDFindCommonCSystemWithKey
MD5Update
CDLocateCheckSum
CDLocateCSystem
CDBuildIntegrityVect
MD5Init
MD5Final
CDGenerateRandomBits

ntdll

RtlInitializeSid
RtlConvertSharedToExclusive
RtlUniform
RtlPrefixUnicodeString
RtlInitializeGenericTableAvl
NtAllocateVirtualMemory
RtlAddAccessAllowedAce
RtlInitUnicodeString
RtlFreeAnsiString
NtCreateEvent
RtlAllocateAndInitializeSid
NtOpenProcessToken
RtlUnicodeStringToAnsiString
RtlCreateTimer
RtlInitAnsiString
RtlDeleteCriticalSection
NtSetSecurityObject
RtlAnsiStringToUnicodeString
RtlRegisterWait
RtlEqualDomainName
RtlDowncaseUnicodeString
RtlLengthRequiredSid
RtlInsertElementGenericTable
NtQuerySystemTime
RtlFreeUnicodeString
RtlTimeToTimeFields
RtlCopyLuid
RtlCreateTimerQueue
RtlSetDaclSecurityDescriptor
RtlEnterCriticalSection
RtlGetElementGenericTable
RtlInitializeGenericTable
RtlAcquireResourceExclusive
RtlLookupElementGenericTableAvl
RtlEqualUnicodeString
NtDuplicateObject
RtlOemStringToUnicodeString
RtlDeleteElementGenericTable
NtOpenEvent
RtlCreateSecurityDescriptor
NtClose
RtlTimeFieldsToTime
VerSetConditionMask
RtlVerifyVersionInfo
RtlIntegerToUnicodeString
RtlInitializeCriticalSection
RtlInsertElementGenericTableAvl
RtlUpcaseUnicodeString
RtlLengthSid
RtlSubAuthoritySid
NtQuerySystemInformation
RtlNtStatusToDosError
NtOpenThreadToken
RtlInitializeResource
RtlLookupElementGenericTable
RtlSystemTimeToLocalTime
RtlValidSid
RtlConvertSidToUnicodeString
RtlCompareMemory
RtlCompareUnicodeString
RtlCreateAcl
RtlLeaveCriticalSection
RtlEqualSid
RtlEraseUnicodeString
DbgPrint
RtlDeleteResource
RtlReleaseResource
RtlCopyUnicodeString
NtAllocateLocallyUniqueId
RtlSubAuthorityCountSid
RtlAcquireResourceShared
NtQueryInformationToken
RtlAppendUnicodeStringToString
RtlCopySid
RtlDeleteTimerQueue
RtlRunDecodeUnicodeString
RtlFreeSid
RtlDeregisterWait

msvcrt

_vsnprintf
_initterm
strrchr
qsort
_wcsnicmp
_stricmp
_ultoa
wcscpy
wcscmp
wcsrchr
sprintf
wcscat
_strnicmp
swprintf
wcslen
free
wcsspn
wcstoul
strchr
sscanf
_adjust_fdiv
malloc
_wcsicmp
_strcmpi
_except_handler3

kernel32

LeaveCriticalSection
UnmapViewOfFile
GetLastError
CreateFileW
DeleteCriticalSection
lstrcmpW
InterlockedExchange
SetEvent
RaiseException
UnregisterWait
CloseHandle
GetProfileStringA
lstrlenA
LoadLibraryW
CreateFileA
RegisterWaitForSingleObjectEx
CreateEventW
ExpandEnvironmentStringsW
lstrcpyW
OutputDebugStringA
UnhandledExceptionFilter
LocalAlloc
FileTimeToSystemTime
InterlockedIncrement
InterlockedCompareExchange
GetTickCount
LoadLibraryA
EnterCriticalSection
MultiByteToWideChar
GetEnvironmentVariableW
lstrcmpiA
SetUnhandledExceptionFilter
FormatMessageW
WideCharToMultiByte
GetCurrentProcess
GetACP
InterlockedDecrement
CreateFileMappingW
OpenFileMappingW
GetCurrentProcessId
QueryPerformanceCounter
GetComputerNameExW
FreeLibrary
WriteFile
DisableThreadLibraryCalls
GetCurrentThreadId
lstrlenW
DebugBreak
GetProcAddress
GetModuleFileNameA
TerminateProcess
InterlockedExchangeAdd
GetModuleFileNameW
GetModuleHandleW
GetCurrentThread
GetComputerNameW
GetSystemInfo
VirtualAlloc
Sleep
LocalFree
GetSystemTimeAsFileTime
MapViewOfFileEx
GetLocalTime
InitializeCriticalSection
OpenEventW

msasn1

ASN1BEREncBitString
ASN1_CloseEncoder
ASN1BEREncEndOfContents
ASN1BERDecPeekTag
ASN1intx2int32
ASN1_FreeEncoded
ASN1intxisuint32
ASN1Free
ASN1BERDecSXVal
ASN1BEREncBool
ASN1BEREncSX
ASN1BERDecEndOfContents
ASN1objectidentifier_free
ASN1_CreateDecoder
ASN1BEREncObjectIdentifier
ASN1BERDecGeneralizedTime
ASN1DecAlloc
ASN1BERDecS32Val
ASN1BEREncS32
ASN1BERDecBitString
ASN1BERDecExplicitTag
ASN1_Decode
ASN1BERDecCharString
ASN1CEREncGeneralizedTime
ASN1EncSetError
ASN1_Encode
ASN1_CreateEncoder
ASN1_CloseDecoder
ASN1ztcharstring_free
ASN1bitstring_free
ASN1_CreateModule
ASN1BERDecU32Val
ASN1BERDecObjectIdentifier
ASN1BERDecBool
ASN1intx_setuint32
ASN1DecSetError
ASN1charstring_free
ASN1BEREncExplicitTag
ASN1intx_free
ASN1BEREncCharString
ASN1intx2uint32
ASN1BERDecOpenType2
ASN1BERDecOctetString
ASN1BERDecZeroCharString
ASN1BEREncOpenType
ASN1BEREncOctetString
ASN1BERDecSkip
ASN1BEREncU32
ASN1octetstring_free
ASN1_FreeDecoded
ASN1BERDecNotEndOfContents

user32

CharLowerBuffW
wsprintfW

advapi32

OpenSCManagerW
FreeSid
CredUnmarshalCredentialW
RegSetValueExW
RegQueryInfoKeyW
CryptHashData
CloseServiceHandle
OpenProcessToken
SetThreadToken
CryptGetHashParam
LookupAccountSidW
DeregisterEventSource
QueryServiceConfigW
CredFree
RegOpenKeyExW
RegCloseKey
TraceEvent
RegEnumKeyExW
OpenThreadToken
SystemFunction006
OpenServiceW
SystemFunction007
AllocateAndInitializeSid
QueryServiceStatus
RegOpenKeyW
CryptReleaseContext
RegConnectRegistryW
ReportEventW
RegDeleteValueW
CryptCreateHash
RegisterTraceGuidsW
CryptDestroyHash
GetTraceLoggerHandle
CryptAcquireContextW
RegQueryValueExW
RegCreateKeyExW
RegisterEventSourceW
GetTokenInformation
CryptGetProvParam
RevertToSelf
CryptSetProvParam
RegNotifyChangeKeyValue

secur32

FreeContextBuffer
LsaGetLogonSessionData
CredMarshalTargetInfo
LsaFreeReturnBuffer
CredUnmarshalTargetInfo

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ec4eac7a735f63ff46bbbf485d081801

Headers

DLL Characteristics

File Characteristics

Imports

cryptdll

ntdll

msvcrt

kernel32

msasn1

user32

advapi32

secur32

Sections

.text Size: 18KB - Virtual size: 17KB

.data Size: 9KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 36KB - Virtual size: 36KB

.rdata Size: 264KB - Virtual size: 263KB

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 9KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 36KB - Virtual size: 36KB

.rdata
Size: 264KB - Virtual size: 263KB