8c67ef4acd0d029d636199caec593252_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8c67ef4acd0d029d636199caec593252_JaffaCakes118
Size

149KB
MD5

8c67ef4acd0d029d636199caec593252
SHA1

50ba838f1b8bff40b7153274d762c1485cefb98f
SHA256

2494f8a01c7ed7005d7133b8686125d8f2d6fc4b45f7c935bbee27e6a3187c2b
SHA512

423f409d0d93f7e42b067f6643636616c0ef8fc4d75c72a24f9b822a07181b6c26c3507d46d8fd9b96fa2a6b8bdaaceed77af3c4d3e3b60b4f72533828bf15d0
SSDEEP

3072:d+hxTUGtiPVWU2H8AAlLhdiKUjEOQXqAkEuocVP4Qe:d+3iV32H8HLhdiKU+Xj5uocmH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8c67ef4acd0d029d636199caec593252_JaffaCakes118

Files

8c67ef4acd0d029d636199caec593252_JaffaCakes118
.dll windows:5 windows x86 arch:x86

35cfaa8073a9097c0e3a144c60688b01

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mqsec.pdb

Imports

mqutil

?GetFalconKey@@YGJPBGPAPAUHKEY__@@@Z
SetFalconKeyValue
?DeleteFalconKeyValue@@YGJPBG@Z
?ReportMsg@COutputReport@@QAEXKKPAXGPAPBGG@Z
?Report@@3VCOutputReport@@A
?GetThreadUserSid@@YGJPAPAEPAK@Z
?GetComputerNameInternal@@YGJPAGPAK@Z
GetFalconKeyValue

msvcrt

wcscpy
wcscat
_except_handler3
__CxxFrameHandler
wcstombs
_CxxThrowException
??0exception@@QAE@ABV0@@Z
swprintf
malloc
wcslen
_wcsicmp
_initterm
?what@exception@@UBEPBDXZ
_purecall
??1exception@@UAE@XZ
??0exception@@QAE@XZ
wcsncmp
wcscmp
_adjust_fdiv
??1type_info@@UAE@XZ
__dllonexit
_onexit
free
?terminate@@YAXXZ

msvcp60

??0bad_alloc@std@@QAE@PBD@Z
??1bad_alloc@std@@UAE@XZ
??0bad_alloc@std@@QAE@ABV01@@Z

netapi32

NetUserModalsGet
DsGetDcNameW
NetApiBufferFree

crypt32

CertGetCertificateContextProperty
CertFreeCertificateContext
CertAddCertificateContextToStore
CryptHashCertificate
CertSetCertificateContextProperty
CertCreateCertificateContext
CertEnumCertificatesInStore
CertFindCertificateInStore
CertOpenStore
CertOpenSystemStoreA
CryptSignAndEncodeCertificate
CertAddEncodedCertificateToStore
CertDeleteCertificateFromStore
CertRDNValueToStrW
CryptDecodeObject
CryptExportPublicKeyInfo
CryptImportPublicKeyInfo
CertVerifySubjectCertificateContext
CryptEncodeObject
CertVerifyTimeValidity
CertCloseStore

security

DeleteSecurityContext
QueryContextAttributesA
FreeContextBuffer
InitSecurityInterfaceW
AcquireCredentialsHandleA
InitializeSecurityContextA
QuerySecurityPackageInfoA
AcceptSecurityContext

rpcrt4

RpcRevertToSelf
RpcImpersonateClient
UuidFromStringW

advapi32

CryptGetUserKey
CryptExportKey
CryptSetProvParam
CryptAcquireContextW
AdjustTokenPrivileges
EqualPrefixSid
ImpersonateAnonymousToken
RevertToSelf
ImpersonateSelf
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
AllocateAndInitializeSid
FreeSid
MakeAbsoluteSD
SetSecurityDescriptorControl
AddAccessDeniedAce
AddAccessAllowedObjectAce
AddAuditAccessObjectAce
AddAccessDeniedObjectAce
FindFirstFreeAce
IsValidSecurityDescriptor
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
SetSecurityDescriptorOwner
GetSecurityDescriptorGroup
SetSecurityDescriptorGroup
SetSecurityDescriptorSacl
MakeSelfRelativeSD
AddAuditAccessAce
GetLengthSid
CopySid
GetSecurityDescriptorSacl
InitializeSecurityDescriptor
AccessCheckByTypeResultList
AccessCheckAndAuditAlarmW
ObjectCloseAuditAlarmW
AccessCheck
AreAllAccessesGranted
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
GetTokenInformation
GetSecurityDescriptorDacl
InitializeAcl
GetAce
EqualSid
AddAccessAllowedAce
AddAccessDeniedAceEx
SetSecurityDescriptorDacl
CryptGenKey
CryptDestroyKey
RegOpenKeyExA
RegCreateKeyExA
CryptCreateHash
CryptGetHashParam
CryptDestroyHash
CryptHashData
RegDeleteKeyW
CryptAcquireContextA
RegQueryInfoKeyA
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
CryptReleaseContext
RegOpenKeyA
RegQueryValueExA
RegisterTraceGuidsW
RegCreateKeyExW
TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
RegCloseKey
RegSetValueExW

kernel32

QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
LeaveCriticalSection
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSection
DeleteCriticalSection
InterlockedExchange
InterlockedCompareExchange
SetLastError
GetModuleHandleW
CloseHandle
GetSystemTime
SystemTimeToFileTime
lstrcmpiA
GetProcAddress
LoadLibraryA
TlsSetValue
TlsGetValue
TlsFree
FreeLibrary
TlsAlloc
EnterCriticalSection
LoadLibraryW
MultiByteToWideChar
GetLastError
GetCurrentThread

Exports

Exports

CheckContextCredStatus
ClientInitSecCtx
FreeContextHandle
GetCertificateNames
GetClientCredHandleAndInitSecCtx
GetSchannelCaCert
GetSizes
MQSealBuffer
MQSec_AccessCheck
MQSec_AccessCheckForSelf
MQSec_AcquireCryptoProvider
MQSec_CanGenerateAudit
MQSec_ConvertSDToNT4Format
MQSec_ConvertSDToNT5Format
MQSec_CopySecurityDescriptor
MQSec_GetAnonymousSid
MQSec_GetCryptoProvProperty
MQSec_GetDefaultSecDescriptor
MQSec_GetImpersonationObject
MQSec_GetLocalMachineSid
MQSec_GetLocalSystemSid
MQSec_GetProcessSid
MQSec_GetProcessUserSid
MQSec_GetPubKeysFromDS
MQSec_GetThreadUserSid
MQSec_GetUserType
MQSec_GetWorldSid
MQSec_IsAnonymusSid
MQSec_IsGuestSid
MQSec_IsSystemSid
MQSec_IsUnAuthenticatedUser
MQSec_MakeAbsoluteSD
MQSec_MakeSelfRelative
MQSec_MergeSecurityDescriptors
MQSec_PackPublicKey
MQSec_SetPrivilegeInThread
MQSec_SetSecurityDescriptorDacl
MQSec_StorePubKeys
MQSec_StorePubKeysInDS
MQSec_UnpackPublicKey
MQSigCloneCertFromReg
MQSigCloneCertFromSysStore
MQSigCreateCertificate
MQSigHashMessageProperties
MQSigOpenUserCertStore
MQUnsealBuffer
MQsspi_GetCaCert
MQsspi_GetNames
MQsspi_InitServerAuthntication
MQsspi_IsSecuredServerConn
MQsspi_MigrateSecureCommFlag
MQsspi_SetSecuredServerConn
MQsspi_UpdateCaConfig
ServerAcceptSecCtx

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

35cfaa8073a9097c0e3a144c60688b01

Headers

File Characteristics

PDB Paths

Imports

mqutil

msvcrt

msvcp60

netapi32

crypt32

security

rpcrt4

advapi32

kernel32

Exports

Exports

Sections

.text Size: 83KB - Virtual size: 82KB

.data Size: 58KB - Virtual size: 58KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 83KB - Virtual size: 82KB

.data
Size: 58KB - Virtual size: 58KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB