8667d16c316c18bfe482b64d1c41d6dd_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8667d16c316c18bfe482b64d1c41d6dd_JaffaCakes118
Size

144KB
MD5

8667d16c316c18bfe482b64d1c41d6dd
SHA1

f91e9e104a6b9aac5b7fdb0e7d03e8627a23bbd5
SHA256

d86d86d13beb0b709ab8d4dd4e07fa86a3b47fe2384a6b8fce219bf4d30286c7
SHA512

8ccb93afa48665ee7c3e3720ef7f3daa678b9e88ab8c58ed2a1844931e1b31514b4524a84e637901831fe0f752db3e3db49a651195fb3eccfda1cad261e77549
SSDEEP

3072:H8yPr+kVi3KJ8a1P83WV7VicV3AVuTz++L/lr+zTY1w:NrzQ62aZ7h+VOSy/p1w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8667d16c316c18bfe482b64d1c41d6dd_JaffaCakes118

Files

8667d16c316c18bfe482b64d1c41d6dd_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3a6a8c8b082713d065aaf2c59ca69461

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoTaskMemAlloc
CoCreateInstanceEx
CoSetProxyBlanket
CoTaskMemFree
StringFromCLSID
CoUninitialize
CoInitialize
CoCreateInstance

cryptui

CryptUIDlgSelectCA
CryptUIDlgFreeCAContext

netapi32

DsGetDcNameW
DsRoleGetPrimaryDomainInformation
NetShareGetInfo
DsRoleFreeMemory
NetShareAdd
NetShareDel
NetApiBufferFree

rpcrt4

RpcMgmtInqServerPrincNameW
NdrOleAllocate
RpcStringFreeW
IUnknown_AddRef_Proxy
RpcNetworkIsProtseqValidW
NdrDllCanUnloadNow
NdrClientCall2
RpcBindingFree
NdrDllGetClassObject
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
RpcEpResolveBinding
NdrDllRegisterProxy
NdrDllUnregisterProxy
CStdStubBuffer_AddRef
CStdStubBuffer_CountRefs
RpcCancelThreadEx
NdrCStdStubBuffer_Release
CStdStubBuffer_Connect
CStdStubBuffer_QueryInterface
NdrOleFree
RpcBindingSetAuthInfoW
IUnknown_Release_Proxy
IUnknown_QueryInterface_Proxy
RpcBindingFromStringBindingW
RpcStringBindingComposeW
CStdStubBuffer_DebugServerQueryInterface

msvcrt

wcsncpy
_errno
_iob
_wcsicmp
wcsrchr
strcspn
isupper
_wtol
vfwprintf
wcstol
wcstoul
_initterm
getenv
wcsstr
wcscmp
free
ftell
isxdigit
_adjust_fdiv
wcslen
swprintf
malloc
wcscat
fopen
wcstok
__isascii
fprintf
fflush
wcschr
fclose
_snprintf
fwprintf
_wtoi
swscanf
fseek
_snwprintf
strncmp
_wcsnicmp
memmove
isdigit
fputs
sprintf
strchr
wcscpy
_vsnprintf
atoi
_except_handler3

user32

LoadStringW
wsprintfW
GetDesktopWindow

advapi32

RegQueryValueExW
RegEnumKeyExW
GetSecurityDescriptorLength
RegCreateKeyW
CryptGenRandom
RegOpenCurrentUser
MakeSelfRelativeSD
CryptAcquireContextA
RegConnectRegistryW
LsaClose
AccessCheckByType
CopySid
RegDeleteValueW
GetLengthSid
RegCreateKeyExW
MakeAbsoluteSD
RegCloseKey
DuplicateToken
LsaOpenPolicy
RegDeleteKeyW
OpenProcessToken
RegOpenKeyW
AllocateAndInitializeSid
RegQueryInfoKeyW
CryptReleaseContext
RegOpenKeyExW
LsaNtStatusToWinError
LsaFreeMemory
FreeSid
EqualSid
SetSecurityDescriptorOwner
RegSetValueExW
RegEnumValueW
LsaQueryInformationPolicy
OpenThreadToken
GetTokenInformation
IsValidSecurityDescriptor

kernel32

GetCurrentThreadId
WaitForSingleObject
WriteConsoleW
LoadLibraryW
lstrcmpiW
FileTimeToLocalFileTime
InterlockedIncrement
GetVersionExW
UnhandledExceptionFilter
RegisterWaitForSingleObject
WideCharToMultiByte
CloseHandle
GetModuleFileNameW
SetUnhandledExceptionFilter
MultiByteToWideChar
TerminateProcess
GetConsoleOutputCP
GetFileSize
FormatMessageW
GetModuleHandleW
InitializeCriticalSection
GetTickCount
GetLastError
GetSystemTime
lstrcmpW
GetDateFormatW
QueryPerformanceCounter
SetLastError
GetCurrentProcessId
GetTimeFormatW
DebugBreak
DeleteCriticalSection
GetComputerNameW
GetSystemTimeAsFileTime
GetComputerNameExW
LocalReAlloc
GetCurrentThread
CreateFileW
GetACP
DuplicateHandle
GetSystemDirectoryW
InterlockedDecrement
LocalFree
FreeLibrary
GetProcAddress
GetFileType
GetEnvironmentVariableA
GetStdHandle
CreateEventW
FileTimeToSystemTime
GetWindowsDirectoryA
EnterCriticalSection
CompareFileTime
LeaveCriticalSection
CreateThread
SystemTimeToFileTime
OutputDebugStringA
LocalAlloc
Sleep
IsDebuggerPresent
GetExitCodeThread
GetEnvironmentVariableW
ReadFile
lstrlenW
UnregisterWait
DisableThreadLibraryCalls
WriteFile
GetCurrentProcess

ntdll

qsort
NtAllocateVirtualMemory
strlen

crypt32

CertCreateCertificateContext
CryptHashCertificate
CertGetNameStringW
CryptMsgOpenToDecode
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CryptMsgClose
CertFindCertificateInStore
CertFreeCertificateChain
CryptMsgUpdate
CryptEncodeObject
CryptSignMessage
CryptMsgEncodeAndSignCTL
CertDeleteCTLFromStore
CertFreeCertificateContext
CertFindExtension
CertStrToNameW
CertCloseStore
CertVerifyCertificateChainPolicy
CertNameToStrW
CertOpenStore
CertAddEncodedCTLToStore
CryptFindOIDInfo
CertFindCTLInStore
CryptMsgGetParam
CryptDecodeObjectEx
CertGetCertificateChain
CryptDecodeObject
CryptEncodeObjectEx

secur32

FreeContextBuffer
QueryCredentialsAttributesW
AcceptSecurityContext
AcquireCredentialsHandleW
DeleteSecurityContext
InitializeSecurityContextW
FreeCredentialsHandle
QuerySecurityContextToken
EnumerateSecurityPackagesW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3a6a8c8b082713d065aaf2c59ca69461

Headers

DLL Characteristics

File Characteristics

Imports

ole32

cryptui

netapi32

rpcrt4

msvcrt

user32

advapi32

kernel32

ntdll

crypt32

secur32

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 163KB - Virtual size: 162KB

.rsrc Size: 98KB - Virtual size: 97KB

.data Size: 40KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 163KB - Virtual size: 162KB

.rsrc
Size: 98KB - Virtual size: 97KB

.data
Size: 40KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB