6eed3bb731d7fafc6564a82d36e7d4f7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6eed3bb731d7fafc6564a82d36e7d4f7_JaffaCakes118
Size

30KB
MD5

6eed3bb731d7fafc6564a82d36e7d4f7
SHA1

94c4829454760bc7a84c3d1caec9c2a3c363554b
SHA256

0fcc8ec62ab1ce7c7f7835da76eeb6a16554c3243dfeb760cbe72f4cef634015
SHA512

76d0e33200799807593cb9bf803fbedd6d4ef765cbe19a12048f5f5472edff0f2fc6286435b73f5a6d0da21c0b9c19788668c3caf24bb6cce0d0c49fdabc264b
SSDEEP

768:o9wUMrsubOJVj4TYHVjSvht8eFGUMo74e3qs134moEilu0:okOJVj4TYAGUB4F23Pp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6eed3bb731d7fafc6564a82d36e7d4f7_JaffaCakes118

Files

6eed3bb731d7fafc6564a82d36e7d4f7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5059b88e59a725157fb48c91db0cbd87

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcStringFreeW
UuidToStringA
RpcStringBindingComposeA
RpcBindingSetAuthInfoExW
RpcBindingFree
UuidCreate
RpcBindingFromStringBindingW
RpcStringFreeA
RpcStringBindingComposeW
RpcBindingFromStringBindingA
RpcRevertToSelf
RpcEpResolveBinding
RpcImpersonateClient
NdrClientCall2

adsldpc

ADsFreeColumn

kernel32

CreateFileA
FindNextChangeNotification
lstrlenW
FindFirstChangeNotificationW
CreateFileMappingA
CreateFileMappingW
LoadLibraryExA
SetUnhandledExceptionFilter
SetFilePointer
InterlockedDecrement
OutputDebugStringA
CompareStringW
WriteFile
UnmapViewOfFile
CompareStringA
GetCurrentThread
GetVersionExA
OpenFileMappingW
SetEvent
GetProcAddress
GetSystemDefaultLangID
OpenMutexW
GetDateFormatW
LocalSize
GetLastError
DuplicateHandle
lstrcpyA
CloseHandle
LocalFree
GetFileSize
PulseEvent
GetSystemTime
GetDateFormatA
GetModuleFileNameW
InterlockedCompareExchange
lstrcmpA
LocalReAlloc
lstrcatA
WaitForSingleObject
FormatMessageW
SetLastError
GetTickCount
WideCharToMultiByte
FileTimeToLocalFileTime
WaitForSingleObjectEx
Sleep
LoadLibraryA
FindFirstFileA
FindNextFileA
EnterCriticalSection
SetFileAttributesW
lstrlenA
FreeLibrary
ExpandEnvironmentStringsW
InterlockedIncrement
InterlockedExchange
MapViewOfFile
GetTimeFormatA
GetModuleHandleA
GetTimeFormatW
ExitThread
GetComputerNameW
GetTempFileNameA
SystemTimeToFileTime
LeaveCriticalSection
FindFirstChangeNotificationA
GetUserDefaultLCID
DelayLoadFailureHook
GetSystemTimeAsFileTime
FindCloseChangeNotification
ExpandEnvironmentStringsA
GetEnvironmentVariableA
InitializeCriticalSection
GetLocalTime
WaitForMultipleObjectsEx
GetFileAttributesExW
GetACP
SetFileAttributesA
CreateFileW
FileTimeToSystemTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
TlsAlloc
OpenEventA
FindNextFileW
OpenMutexA
GetComputerNameA
QueryPerformanceCounter
CreateDirectoryA
LocalAlloc
ReleaseMutex
CreateDirectoryW
TlsFree
DeleteCriticalSection
GetFileAttributesA
DeleteFileW
VirtualAlloc
CompareFileTime
CreateMutexA
GetModuleFileNameA
GetTempPathA
CreateMutexW
LoadLibraryExW
GetCurrentThreadId
DeleteFileA
FormatMessageA
TlsGetValue
TlsSetValue
ReadFile
CreateEventA
MultiByteToWideChar
GetCurrentProcessId
FindFirstFileW
FreeLibraryAndExitThread
GetFileAttributesW
SetEndOfFile
CreateThread

msasn1

ASN1_CloseEncoder
ASN1CEREncFlushBlkElement
ASN1BERDecBool
ASN1BERDecBitString
ASN1BERDecS32Val
ASN1BEREncBitString
ASN1CEREncGeneralizedTime
ASN1BERDecBitString2
ASN1BEREncUTF8String
ASN1BERDecSXVal
ASN1CEREncNewBlkElement
ASN1BERDecOctetString2
ASN1CEREncUTCTime
ASN1BEREncEoid
ASN1EncSetError
ASN1BEREncBool
ASN1_CreateModule
ASN1utf8string_free
ASN1BEREncOctetString
ASN1BERDecPeekTag
ASN1BERDecZeroCharString
ASN1BERDecNotEndOfContents
ASN1BERDecChar16String
ASN1_Decode
ASN1open_free
ASN1BERDecChar32String
ASN1BERDotVal2Eoid
ASN1_CloseModule
ASN1BEREoid_free
ASN1BERDecEoid
ASN1_CreateDecoder
ASN1BERDecUTF8String
ASN1octetstring_free
ASN1BERDecOpenType2
ASN1_FreeEncoded
ASN1_CreateEncoder
ASN1BEREncEndOfContents
ASN1BEREncU32
ASN1BEREncS32
ASN1BEREncCharString
ASN1BEREncMultibyteString
ASN1BEREncChar16String
ASN1intx_free
ASN1_Encode
ASN1BERDecCharString
ASN1Free
ASN1ztcharstring_free
ASN1BERDecObjectIdentifier2
ASN1BERDecU32Val
ASN1BERDecOctetString
ASN1BERDecGeneralizedTime
ASN1objectidentifier2_cmp
ASN1BEREncChar32String
ASN1DecSetError
ASN1_FreeDecoded
ASN1charstring_free
ASN1char32string_free
ASN1BERDecExplicitTag
ASN1bitstring_free
ASN1CEREncEndBlk
ASN1BEREoid2DotVal
ASN1BERDecUTCTime
ASN1BEREncSX
ASN1_SetEncoderOption
ASN1BERDecEndOfContents
ASN1DecRealloc
ASN1BEREncExplicitTag
ASN1BEREncObjectIdentifier2
ASN1BEREncOpenType
ASN1char16string_free
ASN1_CloseDecoder
ASN1BERDecMultibyteString
ASN1BERDecOpenType
ASN1CEREncBeginBlk

advapi32

RegQueryValueExW
GetUserNameA
CopySid
RegEnumValueW
OpenProcessToken
CryptDestroyHash
UnlockServiceDatabase
CryptDestroyKey
CryptDecrypt
CryptVerifySignatureA
RegQueryInfoKeyA
CryptSetProviderA
A_SHAFinal
CryptEncrypt
FreeSid
CryptGenKey
ChangeServiceConfigA
StartServiceA
CryptSignHashA
AllocateAndInitializeSid
OpenThreadToken
GetSidSubAuthorityCount
CryptDeriveKey
QueryServiceStatus
CryptHashData
CryptGenRandom
GetSidSubAuthority
CryptSetProvParam
RegCreateKeyExA
CloseServiceHandle
LsaNtStatusToWinError
AddAccessAllowedAce
MD5Final
LockServiceDatabase
RegDeleteKeyA
QueryServiceConfigA
RegQueryValueExA
A_SHAInit
LookupAccountSidW
GetLengthSid
RegCreateKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyA
SystemFunction040
CryptExportKey
RegDeleteValueA
CryptGetUserKey
CryptGetDefaultProviderW
GetSecurityDescriptorOwner
GetUserNameW
RegEnumKeyExA
GetSidIdentifierAuthority
RegEnumValueA
A_SHAUpdate
AdjustTokenPrivileges
CryptSetHashParam
RegOpenKeyExA
RegSetKeySecurity
ControlService
OpenSCManagerW
CryptGetKeyParam
RegNotifyChangeKeyValue
GetSecurityDescriptorDacl
CryptImportKey
InitializeAcl
OpenServiceW
RegEnumKeyExW
CryptReleaseContext
RegSetValueExW
IsValidSid
RegSetValueExA
SetSecurityDescriptorDacl
CryptGetProvParam
CryptAcquireContextA
RegCloseKey
RegDeleteValueW
RegConnectRegistryW
CryptCreateHash
LookupPrivilegeValueA
CryptSetKeyParam
MD5Init
SetSecurityDescriptorGroup
InitializeSecurityDescriptor
RegQueryInfoKeyW
SetSecurityDescriptorOwner
SystemFunction041
StartServiceW
RegConnectRegistryA
RegGetKeySecurity
CryptGetHashParam
GetTokenInformation
MD5Update
EqualSid
GetAce

user32

GetProcessDefaultLayout
MessageBoxW
wsprintfW
LoadStringA
GetSystemMetrics
LoadStringW
wsprintfA
MessageBoxA

msvcrt

isupper
_adjust_fdiv
_wcsicmp
memmove
_ultoa
bsearch
_ltow
_snwprintf
strncmp
memcpy
_onexit
_wcsnicmp
atol
_snprintf
_except_handler3
_itow
__dllonexit
isdigit
wcscmp
strncpy
_ltoa
wcslen
malloc
wcscat
sprintf
wcschr
free
qsort
_initterm
strtoul
wcscpy
isxdigit

Sections

.textbss
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 28KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5059b88e59a725157fb48c91db0cbd87

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

adsldpc

kernel32

msasn1

advapi32

user32

msvcrt

Sections

.textbss Size: - Virtual size: 80KB

.text Size: 512B - Virtual size: 416B

.rdata Size: 512B - Virtual size: 32B

.reloc Size: 512B - Virtual size: 196B

.idata Size: 28KB - Virtual size: 108KB

.textbss
Size: - Virtual size: 80KB

.text
Size: 512B - Virtual size: 416B

.rdata
Size: 512B - Virtual size: 32B

.reloc
Size: 512B - Virtual size: 196B

.idata
Size: 28KB - Virtual size: 108KB