a4b9938905ab25279382b25d7d67952e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a4b9938905ab25279382b25d7d67952e_JaffaCakes118
Size

329KB
MD5

a4b9938905ab25279382b25d7d67952e
SHA1

ee2949b1cf363d35c1b3e9e4de1e2b8deed6f115
SHA256

04d0dde8f960e10c1eb943e08adc5c4137de7bb8937d6ca596643b7fb031c6ca
SHA512

44dd71cd6f6ac9cebc20521cfad833ba72dacfcdb4cd8662e0b748204ab0b7a01ec0c704b2a9d42a7c21a2e85b6aaee10a865468632c932b3b7f034b2dcbfc1f
SSDEEP

6144:hUhi5LoE8Duapo0XzzFazOWJWrXoM7M4fgd0uZ5rsEosEEt0f:/5ME8DuaHXlLWKXV77c1bosEf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a4b9938905ab25279382b25d7d67952e_JaffaCakes118

Files

a4b9938905ab25279382b25d7d67952e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8d2b42c112a232bf4a212fa120b1dc91

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msasn1

ASN1intx2uint32
ASN1CEREncGeneralizedTime
ASN1BERDecCharString
ASN1BERDecSXVal
ASN1BEREncEndOfContents
ASN1charstring_free
ASN1BERDecU32Val
ASN1BERDecExplicitTag
ASN1_FreeDecoded
ASN1objectidentifier_free
ASN1BERDecBool
ASN1_CloseDecoder
ASN1BERDecZeroCharString
ASN1intxisuint32
ASN1BEREncU32
ASN1_CreateDecoder
ASN1BEREncObjectIdentifier
ASN1EncSetError
ASN1ztcharstring_free
ASN1BEREncExplicitTag
ASN1_CreateEncoder
ASN1BEREncOctetString
ASN1_CreateModule
ASN1BERDecOpenType2
ASN1BERDecS32Val
ASN1BERDecSkip
ASN1DecSetError
ASN1BEREncBool
ASN1DecAlloc
ASN1_CloseEncoder
ASN1Free
ASN1BERDecGeneralizedTime
ASN1BERDecPeekTag
ASN1bitstring_free
ASN1BEREncCharString
ASN1BEREncOpenType
ASN1_FreeEncoded
ASN1intx_setuint32
ASN1intx2int32
ASN1BERDecEndOfContents
ASN1BERDecBitString
ASN1BERDecObjectIdentifier
ASN1octetstring_free
ASN1BEREncBitString
ASN1intx_free
ASN1BERDecOctetString
ASN1_Decode
ASN1BEREncS32
ASN1BEREncSX
ASN1BERDecNotEndOfContents
ASN1_Encode

msvcrt

wcscpy
wcscat
free
_vsnprintf
_ultoa
strrchr
wcsspn
strchr
_stricmp
_strcmpi
wcsrchr
_adjust_fdiv
wcstoul
sscanf
wcscmp
_except_handler3
_wcsnicmp
wcslen
_initterm
qsort
_wcsicmp
swprintf
sprintf
malloc
_strnicmp

ntdll

RtlIntegerToUnicodeString
NtOpenProcessToken
NtOpenEvent
RtlInitializeGenericTableAvl
RtlLookupElementGenericTableAvl
RtlCompareUnicodeString
RtlSubAuthoritySid
RtlConvertSharedToExclusive
RtlFreeSid
RtlDeleteElementGenericTable
RtlEqualUnicodeString
RtlCopyUnicodeString
RtlEraseUnicodeString
RtlSubAuthorityCountSid
RtlLengthRequiredSid
RtlAddAccessAllowedAce
RtlCreateTimer
NtSetSecurityObject
RtlCopySid
RtlTimeToTimeFields
RtlDeleteResource
NtDuplicateObject
RtlAcquireResourceShared
RtlOemStringToUnicodeString
RtlLookupElementGenericTable
RtlCreateSecurityDescriptor
RtlCreateTimerQueue
NtQuerySystemTime
RtlCopyLuid
RtlAllocateAndInitializeSid
RtlDeleteCriticalSection
RtlReleaseResource
RtlPrefixUnicodeString
RtlUnicodeStringToAnsiString
NtOpenThreadToken
RtlFreeUnicodeString
RtlSetDaclSecurityDescriptor
NtQuerySystemInformation
NtWaitForSingleObject
RtlUniform
RtlRegisterWait
RtlCreateAcl
RtlEqualSid
RtlAppendUnicodeStringToString
RtlSystemTimeToLocalTime
RtlCompareMemory
RtlConvertSidToUnicodeString
RtlFreeAnsiString
RtlDowncaseUnicodeString
RtlVerifyVersionInfo
RtlInitAnsiString
RtlGetElementGenericTable
NtAllocateVirtualMemory
RtlDeregisterWait
RtlTimeFieldsToTime
RtlInitUnicodeString
RtlLeaveCriticalSection
RtlInitializeGenericTable
RtlRunDecodeUnicodeString
RtlInitializeSid
RtlLengthSid
NtCreateEvent
RtlDeleteTimerQueue
RtlAcquireResourceExclusive
RtlValidSid
RtlInitializeCriticalSection
RtlEnterCriticalSection
RtlNtStatusToDosError
RtlInsertElementGenericTableAvl
DbgPrint
RtlUpcaseUnicodeString
RtlInitializeResource
RtlInsertElementGenericTable
RtlEqualDomainName
RtlAnsiStringToUnicodeString
NtAllocateLocallyUniqueId
NtClose
NtQueryInformationToken

kernel32

GetComputerNameExW
GetProfileStringA
ExpandEnvironmentStringsW
lstrcmpiA
FreeLibrary
CloseHandle
InterlockedExchangeAdd
InterlockedIncrement
GetProcAddress
lstrlenW
lstrcmpW
SetEvent
InterlockedCompareExchange
RaiseException
GetCurrentProcessId
DebugBreak
GetTickCount
VirtualAlloc
GetLastError
lstrlenA
CreateFileA
WriteFile
FormatMessageW
RegisterWaitForSingleObjectEx
UnregisterWait
LoadLibraryW
LocalFree
CreateEventW
InitializeCriticalSection
GetCurrentProcess
TerminateProcess
InterlockedDecrement
GetCurrentThreadId
Sleep
GetLocalTime
InterlockedExchange
GetComputerNameW
DisableThreadLibraryCalls
OpenEventW
WideCharToMultiByte
GetModuleHandleW
OpenFileMappingW
GetACP
GetEnvironmentVariableW
MapViewOfFileEx
SetUnhandledExceptionFilter
GetModuleFileNameW
LoadLibraryA
LeaveCriticalSection
GetSystemInfo
lstrcpyW
CreateFileMappingW
LocalAlloc
CreateFileW
EnterCriticalSection
QueryPerformanceCounter
GetModuleFileNameA
UnmapViewOfFile
UnhandledExceptionFilter
FileTimeToSystemTime
DeleteCriticalSection
MultiByteToWideChar
GetSystemTimeAsFileTime
OutputDebugStringA
GetCurrentThread

secur32

CredUnmarshalTargetInfo
FreeContextBuffer
CredMarshalTargetInfo
LsaFreeReturnBuffer
LsaGetLogonSessionData

user32

wsprintfW
CharLowerBuffW

cryptdll

MD5Init
CDLocateCheckSum
CDGenerateRandomBits
MD5Update
MD5Final
CDFindCommonCSystemWithKey
CDBuildIntegrityVect
CDLocateCSystem

advapi32

TraceEvent
ReportEventW
RegConnectRegistryW
RegCreateKeyExW
OpenServiceW
RevertToSelf
RegEnumKeyExW
CredUnmarshalCredentialW
CryptAcquireContextW
SystemFunction007
RegDeleteValueW
GetTokenInformation
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
CryptGetHashParam
RegisterEventSourceW
LookupAccountSidW
SystemFunction006
QueryServiceConfigW
CryptGetProvParam
AllocateAndInitializeSid
RegisterTraceGuidsW
SetThreadToken
GetTraceLoggerHandle
FreeSid
RegNotifyChangeKeyValue
CredFree
OpenSCManagerW
OpenThreadToken
CryptDestroyHash
CryptReleaseContext
RegSetValueExW
CloseServiceHandle
QueryServiceStatus
RegQueryInfoKeyW
RegOpenKeyW
CryptSetProvParam
CryptCreateHash
DeregisterEventSource
RegCloseKey
CryptHashData

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8d2b42c112a232bf4a212fa120b1dc91

Headers

DLL Characteristics

File Characteristics

Imports

msasn1

msvcrt

ntdll

kernel32

secur32

user32

cryptdll

advapi32

Sections

.text Size: 18KB - Virtual size: 17KB

.data Size: 9KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 36KB - Virtual size: 36KB

.rdata Size: 264KB - Virtual size: 263KB

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 9KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 36KB - Virtual size: 36KB

.rdata
Size: 264KB - Virtual size: 263KB