85cd8fd9767d4e7317f7e12c1a42ce43_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

85cd8fd9767d4e7317f7e12c1a42ce43_JaffaCakes118
Size

329KB
MD5

85cd8fd9767d4e7317f7e12c1a42ce43
SHA1

98d15edc6c6d80bee819fcce7813fc236c1fd90e
SHA256

7e1e1bf2dfbd3e8ae2d6e97a96f32436fcd26bbd4661d26d83499dab73fad98c
SHA512

ca72e82c31ea99425b4b7fc93a3fb2920dddc798cefdd556a5a91efe35a86d35117e334e29b41d44f7868a896eba835a8259cece841b6bc8e11e6bc9e4bf9a29
SSDEEP

6144:DIBOOoQO8d+2d3k0ZS5MUsJJGAJTSrDulnCuW5czoWsWPxG3p8usjUA0ZvpgISLm:aOlQOep03MUirZ4DulnCuYcz4WPNh0ZL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85cd8fd9767d4e7317f7e12c1a42ce43_JaffaCakes118

Files

85cd8fd9767d4e7317f7e12c1a42ce43_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8994223e7e93e9af9cdff5242de930b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

qsort
sscanf
swprintf
_vsnprintf
_stricmp
_strcmpi
_except_handler3
wcscpy
wcsspn
strrchr
wcstoul
_wcsnicmp
_initterm
wcscat
free
_adjust_fdiv
malloc
_ultoa
wcslen
strchr
wcscmp
_wcsicmp
wcsrchr
sprintf
_strnicmp

kernel32

GetEnvironmentVariableW
GetCurrentProcessId
GetSystemInfo
lstrcmpW
OutputDebugStringA
Sleep
OpenFileMappingW
GetProcAddress
lstrcpyW
GetLocalTime
InitializeCriticalSection
FreeLibrary
QueryPerformanceCounter
SetUnhandledExceptionFilter
InterlockedExchange
LocalFree
GetModuleFileNameA
OpenEventW
lstrlenW
GetCurrentProcess
LoadLibraryA
LeaveCriticalSection
WideCharToMultiByte
GetModuleHandleW
UnhandledExceptionFilter
lstrcmpiA
GetACP
EnterCriticalSection
VirtualAlloc
LocalAlloc
GetModuleFileNameW
MultiByteToWideChar
CreateFileA
GetComputerNameW
GetComputerNameExW
DebugBreak
GetProfileStringA
ExpandEnvironmentStringsW
CreateFileW
RaiseException
lstrlenA
DeleteCriticalSection
WriteFile
CloseHandle
GetCurrentThread
InterlockedIncrement
GetTickCount
InterlockedExchangeAdd
InterlockedCompareExchange
SetEvent
GetSystemTimeAsFileTime
RegisterWaitForSingleObjectEx
CreateFileMappingW
GetCurrentThreadId
DisableThreadLibraryCalls
MapViewOfFileEx
CreateEventW
LoadLibraryW
GetLastError
FormatMessageW
UnregisterWait
InterlockedDecrement
UnmapViewOfFile
TerminateProcess
FileTimeToSystemTime

advapi32

RegOpenKeyExW
RegConnectRegistryW
RegisterTraceGuidsW
RegNotifyChangeKeyValue
CryptGetHashParam
CryptAcquireContextW
RegDeleteValueW
RegCreateKeyExW
CryptReleaseContext
OpenSCManagerW
GetTraceLoggerHandle
FreeSid
RegisterEventSourceW
TraceEvent
CryptSetProvParam
RegCloseKey
CryptDestroyHash
QueryServiceStatus
CredFree
ReportEventW
OpenServiceW
GetTokenInformation
LookupAccountSidW
CredUnmarshalCredentialW
SystemFunction006
AllocateAndInitializeSid
CloseServiceHandle
SystemFunction007
RegSetValueExW
RegOpenKeyW
RevertToSelf
CryptCreateHash
SetThreadToken
QueryServiceConfigW
CryptHashData
OpenThreadToken
RegQueryInfoKeyW
OpenProcessToken
RegEnumKeyExW
CryptGetProvParam
RegQueryValueExW
DeregisterEventSource

cryptdll

CDLocateCheckSum
MD5Init
MD5Final
CDLocateCSystem
CDGenerateRandomBits
CDBuildIntegrityVect
MD5Update
CDFindCommonCSystemWithKey

ntdll

RtlLookupElementGenericTable
RtlCreateAcl
RtlSubAuthoritySid
RtlGetElementGenericTable
NtQueryInformationToken
NtAllocateVirtualMemory
RtlDeleteResource
RtlTimeFieldsToTime
RtlAllocateAndInitializeSid
RtlReleaseResource
RtlLengthRequiredSid
RtlLookupElementGenericTableAvl
RtlAddAccessAllowedAce
RtlEqualSid
RtlInitializeResource
RtlFreeUnicodeString
RtlDeleteTimerQueue
RtlInitUnicodeString
NtDuplicateObject
NtOpenProcessToken
RtlUpcaseUnicodeString
NtOpenEvent
RtlConvertSharedToExclusive
NtQuerySystemTime
RtlEqualDomainName
RtlConvertSidToUnicodeString
RtlCreateTimer
RtlOemStringToUnicodeString
RtlUniform
RtlDeleteCriticalSection
VerSetConditionMask
RtlVerifyVersionInfo
RtlCompareUnicodeString
NtOpenThreadToken
RtlAcquireResourceShared
RtlValidSid
RtlUnicodeStringToAnsiString
RtlDowncaseUnicodeString
RtlCopyUnicodeString
RtlCopyLuid
RtlFreeAnsiString
NtWaitForSingleObject
RtlAcquireResourceExclusive
NtCreateEvent
RtlEnterCriticalSection
RtlInsertElementGenericTableAvl
RtlDeregisterWait
RtlCreateSecurityDescriptor
RtlInitializeCriticalSection
RtlRunDecodeUnicodeString
RtlCopySid
RtlInitializeSid
NtSetSecurityObject
NtQuerySystemInformation
RtlSubAuthorityCountSid
RtlEqualUnicodeString
RtlLengthSid
RtlInsertElementGenericTable
RtlInitAnsiString
RtlInitializeGenericTable
RtlAppendUnicodeStringToString
RtlSystemTimeToLocalTime
RtlSetDaclSecurityDescriptor
RtlIntegerToUnicodeString
RtlTimeToTimeFields
RtlPrefixUnicodeString
NtAllocateLocallyUniqueId
RtlLeaveCriticalSection
DbgPrint
RtlAnsiStringToUnicodeString
RtlRegisterWait
RtlEraseUnicodeString
NtClose
RtlDeleteElementGenericTable
RtlFreeSid
RtlCompareMemory
RtlInitializeGenericTableAvl
RtlCreateTimerQueue

secur32

LsaGetLogonSessionData
CredUnmarshalTargetInfo
LsaFreeReturnBuffer
FreeContextBuffer
CredMarshalTargetInfo

msasn1

ASN1_CreateEncoder
ASN1intx2int32
ASN1BERDecSXVal
ASN1_CloseEncoder
ASN1Free
ASN1BEREncObjectIdentifier
ASN1charstring_free
ASN1BEREncU32
ASN1BERDecOpenType2
ASN1CEREncGeneralizedTime
ASN1BEREncEndOfContents
ASN1intx_setuint32
ASN1BERDecObjectIdentifier
ASN1BEREncOpenType
ASN1_FreeDecoded
ASN1BERDecExplicitTag
ASN1_FreeEncoded
ASN1DecAlloc
ASN1BEREncOctetString
ASN1BERDecBitString
ASN1BERDecCharString
ASN1_Encode
ASN1BERDecS32Val
ASN1ztcharstring_free
ASN1BERDecGeneralizedTime
ASN1BERDecEndOfContents
ASN1_CreateModule
ASN1DecSetError
ASN1BERDecSkip
ASN1octetstring_free
ASN1intxisuint32
ASN1BERDecZeroCharString
ASN1BERDecOctetString
ASN1BEREncS32
ASN1_CreateDecoder
ASN1objectidentifier_free
ASN1_CloseDecoder
ASN1BERDecBool
ASN1_Decode
ASN1EncSetError
ASN1bitstring_free
ASN1BERDecU32Val
ASN1BERDecNotEndOfContents
ASN1BEREncSX
ASN1BEREncCharString
ASN1BEREncBitString
ASN1intx_free
ASN1BEREncBool
ASN1intx2uint32
ASN1BERDecPeekTag
ASN1BEREncExplicitTag

user32

CharLowerBuffW
wsprintfW

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8994223e7e93e9af9cdff5242de930b4

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

advapi32

cryptdll

ntdll

secur32

msasn1

user32

Sections

.text Size: 18KB - Virtual size: 17KB

.data Size: 9KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 36KB - Virtual size: 36KB

.rdata Size: 264KB - Virtual size: 263KB

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 9KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 36KB - Virtual size: 36KB

.rdata
Size: 264KB - Virtual size: 263KB