772504ec6c918db310bc5d214041f00e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

772504ec6c918db310bc5d214041f00e_JaffaCakes118
Size

329KB
MD5

772504ec6c918db310bc5d214041f00e
SHA1

97a2a71e920495bc3ba7f1cde4df8c2f2a6f74ac
SHA256

4887daaf488a2a8d1cc08ecc077ffb991304865ef836dc3500fbf7ffb0aa349c
SHA512

0ee0de242e9ce81b4da27ed83ea9c63ed4c82e6bdaa02fb901c8d2b4e28e1caf21e4bdb1d0f4b9dfd8837594135f9a62852b88c64bfd56819d3de2618b4d7f7b
SSDEEP

6144:TuzoiBrttAsmh9ykcVFfjbJjzrcjnu8t6h6KXui/OeMjsKOljRinuQ:VotklQffJ/rcju8t6h6EuaOeE6JRiP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
772504ec6c918db310bc5d214041f00e_JaffaCakes118

Files

772504ec6c918db310bc5d214041f00e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8620392bd48a9aa243be2ac91aa52d54

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptGetHashParam
CryptAcquireContextW
AllocateAndInitializeSid
OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyExW
CryptHashData
CryptSetProvParam
CredUnmarshalCredentialW
LookupAccountSidW
GetTraceLoggerHandle
CredFree
OpenServiceW
OpenSCManagerW
CryptCreateHash
DeregisterEventSource
SetThreadToken
RegOpenKeyW
SystemFunction007
ReportEventW
SystemFunction006
CryptDestroyHash
QueryServiceConfigW
RegConnectRegistryW
RegisterEventSourceW
RegDeleteValueW
RegQueryInfoKeyW
RevertToSelf
RegSetValueExW
RegisterTraceGuidsW
FreeSid
OpenThreadToken
GetTokenInformation
TraceEvent
RegQueryValueExW
QueryServiceStatus
RegCloseKey
CloseServiceHandle
CryptReleaseContext
CryptGetProvParam
RegNotifyChangeKeyValue

secur32

LsaFreeReturnBuffer
CredMarshalTargetInfo
FreeContextBuffer
CredUnmarshalTargetInfo
LsaGetLogonSessionData

user32

CharLowerBuffW
wsprintfW

msvcrt

free
wcsspn
_wcsicmp
qsort
_adjust_fdiv
_except_handler3
wcsrchr
swprintf
wcslen
sprintf
_strnicmp
_stricmp
wcscpy
strchr
wcstoul
_vsnprintf
malloc
_strcmpi
strrchr
wcscat
_ultoa
wcscmp
_wcsnicmp
_initterm
sscanf

kernel32

UnhandledExceptionFilter
WriteFile
RegisterWaitForSingleObjectEx
GetLastError
lstrlenW
InterlockedIncrement
OpenEventW
CreateFileW
Sleep
CreateFileMappingW
LoadLibraryW
RaiseException
VirtualAlloc
GetCurrentProcessId
GetModuleHandleW
GetCurrentProcess
CloseHandle
GetModuleFileNameW
GetTickCount
lstrcmpW
lstrcmpiA
GetLocalTime
DeleteCriticalSection
FormatMessageW
lstrlenA
LoadLibraryA
FreeLibrary
InterlockedDecrement
GetCurrentThreadId
ExpandEnvironmentStringsW
GetCurrentThread
GetProcAddress
SetUnhandledExceptionFilter
QueryPerformanceCounter
MapViewOfFileEx
LocalAlloc
GetSystemInfo
GetSystemTimeAsFileTime
UnmapViewOfFile
OpenFileMappingW
FileTimeToSystemTime
LocalFree
GetEnvironmentVariableW
InterlockedExchange
CreateFileA
InterlockedExchangeAdd
DebugBreak
OutputDebugStringA
EnterCriticalSection
TerminateProcess
GetComputerNameExW
InterlockedCompareExchange
CreateEventW
WideCharToMultiByte
GetComputerNameW
MultiByteToWideChar
GetProfileStringA
InitializeCriticalSection
LeaveCriticalSection
SetEvent
DisableThreadLibraryCalls
GetACP
lstrcpyW
UnregisterWait
GetModuleFileNameA

msasn1

ASN1BERDecEndOfContents
ASN1BEREncBool
ASN1octetstring_free
ASN1BERDecNotEndOfContents
ASN1_CloseEncoder
ASN1_CreateModule
ASN1BEREncU32
ASN1CEREncGeneralizedTime
ASN1BEREncOctetString
ASN1BERDecZeroCharString
ASN1ztcharstring_free
ASN1BERDecOctetString
ASN1objectidentifier_free
ASN1BERDecU32Val
ASN1_CloseDecoder
ASN1BERDecBool
ASN1bitstring_free
ASN1_Decode
ASN1EncSetError
ASN1BERDecSkip
ASN1BEREncOpenType
ASN1BEREncExplicitTag
ASN1BERDecBitString
ASN1charstring_free
ASN1_FreeEncoded
ASN1_CreateDecoder
ASN1BERDecSXVal
ASN1intx2uint32
ASN1BEREncBitString
ASN1BERDecObjectIdentifier
ASN1_CreateEncoder
ASN1_FreeDecoded
ASN1Free
ASN1BEREncSX
ASN1BERDecOpenType2
ASN1BERDecGeneralizedTime
ASN1BEREncCharString
ASN1BEREncObjectIdentifier
ASN1DecAlloc
ASN1BERDecCharString
ASN1intx2int32
ASN1BERDecS32Val
ASN1DecSetError
ASN1intx_setuint32
ASN1_Encode
ASN1BEREncEndOfContents
ASN1BERDecExplicitTag
ASN1BEREncS32
ASN1intx_free
ASN1intxisuint32
ASN1BERDecPeekTag

ntdll

RtlInitializeGenericTableAvl
RtlUnicodeStringToAnsiString
RtlCompareUnicodeString
RtlDeregisterWait
RtlAcquireResourceExclusive
NtWaitForSingleObject
RtlLeaveCriticalSection
RtlDeleteResource
RtlCompareMemory
RtlFreeSid
RtlGetElementGenericTable
NtQuerySystemTime
RtlEnterCriticalSection
RtlSystemTimeToLocalTime
RtlInitializeCriticalSection
RtlAcquireResourceShared
RtlInitializeResource
NtDuplicateObject
RtlUniform
RtlEqualDomainName
RtlCopySid
RtlRegisterWait
RtlVerifyVersionInfo
RtlDowncaseUnicodeString
RtlConvertSharedToExclusive
RtlValidSid
RtlDeleteCriticalSection
RtlEqualSid
RtlDeleteTimerQueue
RtlNtStatusToDosError
NtCreateEvent
RtlInitAnsiString
RtlEraseUnicodeString
NtSetSecurityObject
RtlCopyLuid
RtlSubAuthorityCountSid
RtlInitializeGenericTable
RtlAppendUnicodeStringToString
RtlRunDecodeUnicodeString
RtlReleaseResource
NtAllocateLocallyUniqueId
RtlLookupElementGenericTable
RtlPrefixUnicodeString
RtlConvertSidToUnicodeString
RtlDeleteElementGenericTable
RtlSubAuthoritySid
RtlTimeFieldsToTime
RtlInsertElementGenericTableAvl
RtlFreeUnicodeString
RtlEqualUnicodeString
VerSetConditionMask
RtlCreateTimer
NtQueryInformationToken
RtlUpcaseUnicodeString
NtQuerySystemInformation
NtOpenEvent
RtlAllocateAndInitializeSid
RtlAnsiStringToUnicodeString
RtlFreeAnsiString
NtAllocateVirtualMemory
NtClose
RtlInsertElementGenericTable
RtlCreateAcl
RtlLookupElementGenericTableAvl
RtlLengthSid
RtlCopyUnicodeString
RtlAddAccessAllowedAce
NtOpenThreadToken
RtlOemStringToUnicodeString
RtlLengthRequiredSid
RtlTimeToTimeFields
RtlCreateTimerQueue
RtlIntegerToUnicodeString
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
DbgPrint
RtlInitializeSid
NtOpenProcessToken

cryptdll

CDGenerateRandomBits
MD5Final
CDBuildIntegrityVect
CDLocateCheckSum
CDLocateCSystem
CDFindCommonCSystemWithKey
MD5Update
MD5Init

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8620392bd48a9aa243be2ac91aa52d54

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

secur32

user32

msvcrt

kernel32

msasn1

ntdll

cryptdll

Sections

.text Size: 18KB - Virtual size: 17KB

.data Size: 9KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 36KB - Virtual size: 36KB

.rdata Size: 264KB - Virtual size: 263KB

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 9KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 36KB - Virtual size: 36KB

.rdata
Size: 264KB - Virtual size: 263KB