4b14d686509a27f63c9816c3bd8845b7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4b14d686509a27f63c9816c3bd8845b7_JaffaCakes118
Size

329KB
MD5

4b14d686509a27f63c9816c3bd8845b7
SHA1

6cb0984d2d7eafd12f93b089c90aa66cc786b308
SHA256

de186db64cdaf8c95d89062d5360769855c513f346cda10cea099387363b38e0
SHA512

96f39f1d7039be31f5bbb6779ad0843374e7df35013643823a6eb01cc58aad537730b16d0ccc25b91d28145fe450b0a4d5b44b1dc896a6e92244b935da8e2c16
SSDEEP

6144:7KSEfoa7O13IcrJSxDjSr9NV5w59h5ELgNkA9Lylx49hHKurBAvFPqVdxeiBVh0I:7Yga7i4cs+wh5EGkPlxW7BiPqVdkK07E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b14d686509a27f63c9816c3bd8845b7_JaffaCakes118

Files

4b14d686509a27f63c9816c3bd8845b7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2b60f8a5d9c49ebce6fe3f99a0cf8e9a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptHashData
QueryServiceStatus
RegConnectRegistryW
GetTokenInformation
GetTraceLoggerHandle
RegisterEventSourceW
CryptAcquireContextW
CryptDestroyHash
SetThreadToken
RevertToSelf
RegOpenKeyExW
OpenProcessToken
OpenSCManagerW
SystemFunction007
CredFree
CryptGetProvParam
RegDeleteValueW
RegSetValueExW
OpenThreadToken
RegOpenKeyW
CryptCreateHash
TraceEvent
LookupAccountSidW
RegCloseKey
CredUnmarshalCredentialW
RegEnumKeyExW
ReportEventW
AllocateAndInitializeSid
RegQueryValueExW
QueryServiceConfigW
OpenServiceW
CloseServiceHandle
FreeSid
RegCreateKeyExW
RegNotifyChangeKeyValue
RegisterTraceGuidsW
CryptGetHashParam
SystemFunction006
RegQueryInfoKeyW
DeregisterEventSource
CryptReleaseContext
CryptSetProvParam

msasn1

ASN1EncSetError
ASN1BERDecEndOfContents
ASN1BEREncBitString
ASN1DecSetError
ASN1octetstring_free
ASN1BEREncCharString
ASN1intx_free
ASN1BEREncObjectIdentifier
ASN1BERDecZeroCharString
ASN1BERDecU32Val
ASN1BEREncExplicitTag
ASN1BERDecNotEndOfContents
ASN1BERDecExplicitTag
ASN1Free
ASN1BEREncOctetString
ASN1_Decode
ASN1BERDecPeekTag
ASN1intx2uint32
ASN1intxisuint32
ASN1BERDecBool
ASN1_CreateModule
ASN1intx2int32
ASN1BERDecSkip
ASN1BEREncBool
ASN1BEREncEndOfContents
ASN1_CreateDecoder
ASN1objectidentifier_free
ASN1_CreateEncoder
ASN1_CloseDecoder
ASN1_FreeEncoded
ASN1BERDecCharString
ASN1BERDecBitString
ASN1BERDecObjectIdentifier
ASN1BERDecGeneralizedTime
ASN1BERDecSXVal
ASN1_FreeDecoded
ASN1_CloseEncoder
ASN1BERDecS32Val
ASN1DecAlloc
ASN1BEREncOpenType
ASN1BEREncSX
ASN1BERDecOctetString
ASN1BEREncS32
ASN1intx_setuint32
ASN1_Encode
ASN1BERDecOpenType2
ASN1charstring_free
ASN1CEREncGeneralizedTime
ASN1BEREncU32
ASN1ztcharstring_free
ASN1bitstring_free

msvcrt

malloc
wcslen
strrchr
_vsnprintf
wcscmp
_strcmpi
wcsspn
_initterm
wcstoul
wcscpy
wcscat
_strnicmp
swprintf
_except_handler3
_wcsnicmp
_stricmp
free
_wcsicmp
_ultoa
strchr
sscanf
_adjust_fdiv
wcsrchr
sprintf
qsort

ntdll

NtDuplicateObject
RtlLengthSid
RtlDeleteElementGenericTable
RtlUniform
RtlFreeUnicodeString
RtlPrefixUnicodeString
RtlCompareMemory
RtlCopyLuid
RtlCreateTimer
NtQuerySystemTime
NtQuerySystemInformation
RtlInitializeGenericTable
RtlCopySid
RtlFreeSid
RtlReleaseResource
RtlSubAuthorityCountSid
RtlDeleteTimerQueue
RtlAppendUnicodeStringToString
RtlGetElementGenericTable
RtlInsertElementGenericTable
RtlEraseUnicodeString
RtlTimeFieldsToTime
RtlLeaveCriticalSection
NtOpenThreadToken
NtSetSecurityObject
RtlValidSid
RtlEqualDomainName
NtOpenProcessToken
RtlRegisterWait
RtlConvertSidToUnicodeString
RtlRunDecodeUnicodeString
RtlEnterCriticalSection
RtlEqualSid
RtlLookupElementGenericTable
RtlAcquireResourceShared
RtlInitializeSid
VerSetConditionMask
RtlAddAccessAllowedAce
RtlOemStringToUnicodeString
NtOpenEvent
RtlAllocateAndInitializeSid
RtlFreeAnsiString
NtQueryInformationToken
RtlConvertSharedToExclusive
RtlEqualUnicodeString
RtlInitAnsiString
RtlUnicodeStringToAnsiString
NtWaitForSingleObject
RtlTimeToTimeFields
RtlUpcaseUnicodeString
RtlDeregisterWait
RtlCreateSecurityDescriptor
RtlSystemTimeToLocalTime
RtlAnsiStringToUnicodeString
NtClose
RtlInitializeResource
RtlIntegerToUnicodeString
RtlLookupElementGenericTableAvl
NtAllocateLocallyUniqueId
RtlVerifyVersionInfo
RtlInitializeGenericTableAvl
RtlDeleteCriticalSection
RtlCompareUnicodeString
RtlCreateAcl
RtlCopyUnicodeString
RtlNtStatusToDosError
RtlDowncaseUnicodeString
DbgPrint
RtlAcquireResourceExclusive
RtlDeleteResource
NtCreateEvent
NtAllocateVirtualMemory
RtlLengthRequiredSid
RtlInitializeCriticalSection
RtlInsertElementGenericTableAvl
RtlSubAuthoritySid
RtlCreateTimerQueue
RtlInitUnicodeString

secur32

CredMarshalTargetInfo
FreeContextBuffer
LsaFreeReturnBuffer
LsaGetLogonSessionData
CredUnmarshalTargetInfo

cryptdll

MD5Update
CDBuildIntegrityVect
CDLocateCSystem
CDGenerateRandomBits
MD5Final
CDLocateCheckSum
MD5Init
CDFindCommonCSystemWithKey

user32

CharLowerBuffW
wsprintfW

kernel32

FileTimeToSystemTime
LocalFree
MapViewOfFileEx
InitializeCriticalSection
InterlockedIncrement
GetComputerNameExW
GetCurrentThread
lstrlenA
GetACP
GetEnvironmentVariableW
FormatMessageW
CreateEventW
LocalAlloc
MultiByteToWideChar
UnregisterWait
DebugBreak
UnhandledExceptionFilter
RaiseException
GetComputerNameW
GetProcAddress
InterlockedExchangeAdd
WriteFile
LoadLibraryA
InterlockedDecrement
UnmapViewOfFile
GetLocalTime
lstrcpyW
GetSystemInfo
CreateFileA
RegisterWaitForSingleObjectEx
WideCharToMultiByte
OpenEventW
GetSystemTimeAsFileTime
GetCurrentProcess
GetProfileStringA
Sleep
OpenFileMappingW
GetModuleFileNameW
GetModuleFileNameA
SetUnhandledExceptionFilter
VirtualAlloc
EnterCriticalSection
OutputDebugStringA
InterlockedCompareExchange
LoadLibraryW
GetCurrentProcessId
LeaveCriticalSection
InterlockedExchange
ExpandEnvironmentStringsW
SetEvent
QueryPerformanceCounter
GetLastError
GetModuleHandleW
lstrcmpiA
GetCurrentThreadId
lstrlenW
DisableThreadLibraryCalls
TerminateProcess
FreeLibrary
DeleteCriticalSection
CloseHandle
CreateFileW
GetTickCount
lstrcmpW
CreateFileMappingW

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2b60f8a5d9c49ebce6fe3f99a0cf8e9a

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

msasn1

msvcrt

ntdll

secur32

cryptdll

user32

kernel32

Sections

.text Size: 18KB - Virtual size: 17KB

.data Size: 9KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 36KB - Virtual size: 36KB

.rdata Size: 264KB - Virtual size: 263KB

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 9KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 36KB - Virtual size: 36KB

.rdata
Size: 264KB - Virtual size: 263KB