76a863e9334688e1b52b8f591477e9a0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

76a863e9334688e1b52b8f591477e9a0_JaffaCakes118
Size

330KB
MD5

76a863e9334688e1b52b8f591477e9a0
SHA1

c8574db01a9e2ba99966680843f81982b783c2a7
SHA256

9f7f16d689656b0f89d533a869c76fbfeedb167e919548d37b501c0eb6155bc8
SHA512

a70feb80579a31517e1254c6e21a951417e29935b0e128dc3dcb047a63e7630b264694cf9568dd9c58f25559a9283474a56cfb2366935ba0f84006008a3db6bc
SSDEEP

6144:8Lxyvc7Vm1R8w5uWbzQta3ccO/OAEbqYlLXTTg7SXtg7:yEJDbs4szOAENhXg7r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
76a863e9334688e1b52b8f591477e9a0_JaffaCakes118

Files

76a863e9334688e1b52b8f591477e9a0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

506a13aa8a9f2eb351d8afd0d96197bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnmapViewOfFile
CreateEventW
ExitProcess
CloseHandle
lstrcmpW
GetCurrentProcess
LoadLibraryW
GetLocalTime
InterlockedExchange
GetComputerNameW
CreateFileW
UnhandledExceptionFilter
RegisterWaitForSingleObjectEx
OutputDebugStringA
InitializeCriticalSection
WriteFile
InterlockedCompareExchange
GetProfileStringA
lstrlenA
UnregisterWait
LeaveCriticalSection
LocalFree
LocalAlloc
WideCharToMultiByte
GetProcAddress
OpenEventW
EnterCriticalSection
InterlockedExchangeAdd
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcessId
GetTickCount
FormatMessageW
TerminateProcess
SetUnhandledExceptionFilter
GetEnvironmentVariableW
VirtualAlloc
GetCurrentThread
RaiseException
CreateFileMappingW
ExpandEnvironmentStringsW
MultiByteToWideChar
DisableThreadLibraryCalls
DeleteCriticalSection
LoadLibraryA
Sleep
SetEvent
lstrlenW
GetModuleFileNameW
lstrcpyW
InterlockedIncrement
GetComputerNameExW
GetSystemInfo
GetModuleFileNameA
GetACP
FileTimeToSystemTime
OpenFileMappingW
FreeLibrary
DebugBreak
GetLastError
GetModuleHandleW
lstrcmpiA
MapViewOfFileEx
CreateFileA
GetSystemTimeAsFileTime

cryptdll

MD5Init
MD5Final
CDLocateCSystem
MD5Update
CDLocateCheckSum
CDBuildIntegrityVect
CDFindCommonCSystemWithKey
CDGenerateRandomBits

user32

wsprintfW
CharLowerBuffW

advapi32

QueryServiceStatus
RegSetValueExW
RegCreateKeyExW
RegNotifyChangeKeyValue
OpenServiceW
RegDeleteValueW
GetTokenInformation
CloseServiceHandle
RevertToSelf
RegOpenKeyExW
SetThreadToken
CryptGetProvParam
RegisterEventSourceW
SystemFunction007
CredFree
RegCloseKey
RegOpenKeyW
OpenProcessToken
FreeSid
DeregisterEventSource
RegEnumKeyExW
OpenThreadToken
CryptGetHashParam
CryptHashData
ReportEventW
QueryServiceConfigW
OpenSCManagerW
LookupAccountSidW
RegConnectRegistryW
CryptDestroyHash
GetTraceLoggerHandle
CryptSetProvParam
CredUnmarshalCredentialW
CryptAcquireContextW
SystemFunction006
RegQueryInfoKeyW
CryptCreateHash
RegisterTraceGuidsW
RegQueryValueExW
TraceEvent
CryptReleaseContext
AllocateAndInitializeSid

msasn1

ASN1BEREncEndOfContents
ASN1intx2uint32
ASN1_CloseEncoder
ASN1BERDecBitString
ASN1_FreeDecoded
ASN1BERDecEndOfContents
ASN1BEREncOpenType
ASN1BERDecSkip
ASN1DecAlloc
ASN1_Encode
ASN1BERDecObjectIdentifier
ASN1_CloseDecoder
ASN1intxisuint32
ASN1_CreateEncoder
ASN1BERDecS32Val
ASN1BERDecOctetString
ASN1BEREncSX
ASN1intx2int32
ASN1Free
ASN1BEREncBitString
ASN1octetstring_free
ASN1_FreeEncoded
ASN1BEREncOctetString
ASN1intx_setuint32
ASN1_Decode
ASN1EncSetError
ASN1BEREncU32
ASN1BERDecBool
ASN1BERDecCharString
ASN1intx_free
ASN1_CreateDecoder
ASN1BERDecGeneralizedTime
ASN1BERDecSXVal
ASN1BEREncBool
ASN1BEREncS32
ASN1BERDecExplicitTag
ASN1BERDecNotEndOfContents
ASN1bitstring_free
ASN1BEREncObjectIdentifier
ASN1BEREncCharString
ASN1charstring_free
ASN1_CreateModule
ASN1objectidentifier_free
ASN1ztcharstring_free
ASN1BERDecZeroCharString
ASN1CEREncGeneralizedTime
ASN1BERDecU32Val
ASN1BEREncExplicitTag
ASN1BERDecPeekTag
ASN1DecSetError
ASN1BERDecOpenType2

secur32

CredUnmarshalTargetInfo
FreeContextBuffer
LsaGetLogonSessionData
CredMarshalTargetInfo
LsaFreeReturnBuffer

msvcrt

wcsspn
_except_handler3
malloc
_strcmpi
_vsnprintf
wcsrchr
_wcsicmp
_stricmp
wcscat
qsort
_initterm
strchr
wcscpy
_adjust_fdiv
_wcsnicmp
wcscmp
_strnicmp
strrchr
sprintf
swprintf
sscanf
free
_ultoa
wcstoul
wcslen

ntdll

RtlPrefixUnicodeString
RtlAppendUnicodeStringToString
NtWaitForSingleObject
NtQuerySystemInformation
RtlRegisterWait
RtlEqualSid
NtSetSecurityObject
NtAllocateLocallyUniqueId
RtlInitializeResource
RtlSystemTimeToLocalTime
RtlValidSid
RtlInsertElementGenericTableAvl
NtCreateDebugObject
DbgPrint
RtlInitializeGenericTable
NtOpenProcessToken
RtlVerifyVersionInfo
RtlNtStatusToDosError
NtCreateEvent
RtlCopyLuid
RtlDowncaseUnicodeString
RtlUniform
RtlSubAuthoritySid
RtlCopyUnicodeString
RtlFreeUnicodeString
RtlLengthSid
RtlDeleteResource
RtlEqualDomainName
RtlAddAccessAllowedAce
RtlCopySid
NtQuerySystemTime
RtlUlongByteSwap
NtQueryInformationToken
RtlAnsiStringToUnicodeString
RtlTimeFieldsToTime
RtlUnicodeStringToAnsiString
RtlDeleteElementGenericTable
RtlRunDecodeUnicodeString
RtlFreeSid
RtlFreeAnsiString
RtlLookupElementGenericTableAvl
RtlCreateAcl
RtlCreateTimer
RtlEnterCriticalSection
RtlConvertSidToUnicodeString
RtlLookupElementGenericTable
NtDuplicateObject
RtlLengthRequiredSid
RtlEqualUnicodeString
RtlCompareMemory
NtOpenEvent
RtlDeleteCriticalSection
RtlDeregisterWait
RtlSubAuthorityCountSid
RtlIntegerToUnicodeString
RtlCreateTimerQueue
NtOpenThreadToken
RtlConvertSharedToExclusive
RtlEraseUnicodeString
RtlAcquireResourceShared
RtlUpcaseUnicodeString
RtlInitializeCriticalSection
RtlGetElementGenericTable
RtlCompareUnicodeString
NtClose
RtlInsertElementGenericTable
RtlReleaseResource
RtlInitUnicodeString
RtlInitAnsiString
NtAllocateVirtualMemory
RtlAllocateAndInitializeSid
RtlOemStringToUnicodeString
RtlTimeToTimeFields
RtlCreateSecurityDescriptor
RtlInitializeSid
RtlSetDaclSecurityDescriptor
RtlDeleteTimerQueue
RtlInitializeGenericTableAvl

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 160KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

506a13aa8a9f2eb351d8afd0d96197bd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

cryptdll

user32

advapi32

msasn1

secur32

msvcrt

ntdll

Sections

.text Size: 12KB - Virtual size: 11KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 144KB - Virtual size: 143KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 160KB - Virtual size: 1.4MB

.text
Size: 12KB - Virtual size: 11KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 144KB - Virtual size: 143KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 160KB - Virtual size: 1.4MB