b16dd6543e2e4cdc1271056777441a28_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b16dd6543e2e4cdc1271056777441a28_JaffaCakes118
Size

329KB
MD5

b16dd6543e2e4cdc1271056777441a28
SHA1

21464cddcc309d0611ada20b3eb8905c90db828f
SHA256

e0348450a5bdbce2a7f42d46d842d513d350b9ea71a6242aaa83d263aef8e440
SHA512

fa7231fe85dc4401ed374d7e3315ef955cca4f04593880cf67cb275dd628460f669e4d61a79c1d464b16a7bc6e0a998b77deccb9f6c69e8d026d1adc92fdf4a2
SSDEEP

6144:ORpwKaog11plmyXKjRCv32Wtmwi+yia2Fvsn1OiUyKm8s8:lKBjGv32ymJiHFg7nh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b16dd6543e2e4cdc1271056777441a28_JaffaCakes118

Files

b16dd6543e2e4cdc1271056777441a28_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2ee73419280cb9de993241270f28ff8e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

secur32

LsaFreeReturnBuffer
CredMarshalTargetInfo
FreeContextBuffer
LsaGetLogonSessionData
CredUnmarshalTargetInfo

user32

wsprintfW
CharLowerBuffW

kernel32

TerminateProcess
DebugBreak
RegisterWaitForSingleObjectEx
LoadLibraryA
LocalFree
GetComputerNameW
lstrcmpiA
SetUnhandledExceptionFilter
GetComputerNameExW
CreateEventW
GetLocalTime
InitializeCriticalSection
SetEvent
InterlockedExchange
GetCurrentThread
OpenEventW
GetModuleHandleW
MapViewOfFileEx
InterlockedExchangeAdd
UnregisterWait
GetCurrentThreadId
lstrcpyW
OutputDebugStringA
RaiseException
CreateFileA
GetLastError
DeleteCriticalSection
VirtualAlloc
UnhandledExceptionFilter
ExpandEnvironmentStringsW
GetModuleFileNameW
FreeLibrary
CloseHandle
lstrlenA
OpenFileMappingW
LeaveCriticalSection
EnterCriticalSection
LocalAlloc
QueryPerformanceCounter
DisableThreadLibraryCalls
FileTimeToSystemTime
UnmapViewOfFile
LoadLibraryW
InterlockedDecrement
GetModuleFileNameA
GetCurrentProcessId
lstrlenW
MultiByteToWideChar
CreateFileMappingW
GetSystemTimeAsFileTime
FormatMessageW
GetACP
InterlockedCompareExchange
lstrcmpW
WriteFile
Sleep
GetProcAddress
GetTickCount
CreateFileW
GetEnvironmentVariableW
InterlockedIncrement
WideCharToMultiByte
GetCurrentProcess
GetProfileStringA
GetSystemInfo

cryptdll

CDFindCommonCSystemWithKey
CDGenerateRandomBits
MD5Final
MD5Update
MD5Init
CDBuildIntegrityVect
CDLocateCheckSum
CDLocateCSystem

msvcrt

wcslen
wcstoul
qsort
strrchr
wcscpy
_wcsicmp
strchr
_adjust_fdiv
wcscmp
_strnicmp
_vsnprintf
wcsspn
sprintf
_stricmp
wcscat
malloc
swprintf
_ultoa
_initterm
sscanf
_wcsnicmp
free
wcsrchr
_except_handler3
_strcmpi

advapi32

RegDeleteValueW
CryptCreateHash
TraceEvent
RegEnumKeyExW
DeregisterEventSource
RegCloseKey
RegisterEventSourceW
OpenProcessToken
RevertToSelf
CryptDestroyHash
CryptHashData
RegQueryValueExW
GetTokenInformation
CryptSetProvParam
CryptReleaseContext
OpenThreadToken
GetTraceLoggerHandle
CryptAcquireContextW
SystemFunction007
RegOpenKeyW
QueryServiceStatus
SetThreadToken
RegOpenKeyExW
RegNotifyChangeKeyValue
CryptGetHashParam
CredFree
FreeSid
CryptGetProvParam
RegCreateKeyExW
OpenSCManagerW
LookupAccountSidW
CredUnmarshalCredentialW
CloseServiceHandle
RegConnectRegistryW
RegisterTraceGuidsW
RegSetValueExW
ReportEventW
RegQueryInfoKeyW
OpenServiceW
AllocateAndInitializeSid
SystemFunction006
QueryServiceConfigW

msasn1

ASN1BERDecGeneralizedTime
ASN1BERDecSkip
ASN1BEREncEndOfContents
ASN1BERDecZeroCharString
ASN1EncSetError
ASN1BERDecU32Val
ASN1BEREncOpenType
ASN1intx2int32
ASN1intx_free
ASN1BEREncBitString
ASN1BERDecBitString
ASN1BERDecOctetString
ASN1_Encode
ASN1BERDecPeekTag
ASN1BEREncOctetString
ASN1CEREncGeneralizedTime
ASN1BEREncBool
ASN1BEREncExplicitTag
ASN1_FreeDecoded
ASN1_CloseEncoder
ASN1intx2uint32
ASN1BERDecSXVal
ASN1intxisuint32
ASN1BEREncU32
ASN1BERDecBool
ASN1_CreateEncoder
ASN1BEREncSX
ASN1BEREncObjectIdentifier
ASN1DecAlloc
ASN1BEREncS32
ASN1bitstring_free
ASN1_FreeEncoded
ASN1octetstring_free
ASN1_Decode
ASN1charstring_free
ASN1BERDecEndOfContents
ASN1_CloseDecoder
ASN1BERDecS32Val
ASN1Free
ASN1intx_setuint32
ASN1_CreateDecoder
ASN1ztcharstring_free
ASN1_CreateModule
ASN1BERDecExplicitTag
ASN1BERDecNotEndOfContents
ASN1BERDecObjectIdentifier
ASN1BERDecCharString
ASN1BEREncCharString
ASN1BERDecOpenType2
ASN1DecSetError
ASN1objectidentifier_free

ntdll

NtOpenEvent
VerSetConditionMask
RtlEqualUnicodeString
RtlLengthSid
RtlCopyLuid
NtOpenThreadToken
RtlCompareMemory
RtlCompareUnicodeString
NtQuerySystemTime
RtlValidSid
NtQueryInformationToken
RtlReleaseResource
RtlEraseUnicodeString
RtlSystemTimeToLocalTime
RtlVerifyVersionInfo
RtlRegisterWait
RtlDeleteCriticalSection
RtlLookupElementGenericTableAvl
RtlFreeAnsiString
RtlOemStringToUnicodeString
RtlUniform
RtlFreeUnicodeString
RtlSubAuthorityCountSid
RtlEqualSid
RtlConvertSharedToExclusive
RtlDeleteElementGenericTable
RtlUnicodeStringToAnsiString
RtlConvertSidToUnicodeString
NtAllocateVirtualMemory
RtlAddAccessAllowedAce
RtlInitUnicodeString
RtlAllocateAndInitializeSid
RtlInitializeGenericTableAvl
NtQuerySystemInformation
RtlInsertElementGenericTableAvl
NtDuplicateObject
RtlCreateSecurityDescriptor
RtlGetElementGenericTable
RtlInsertElementGenericTable
RtlInitAnsiString
RtlTimeFieldsToTime
RtlDeleteResource
NtAllocateLocallyUniqueId
RtlLengthRequiredSid
RtlCopyUnicodeString
RtlInitializeResource
RtlDeregisterWait
NtCreateEvent
RtlSetDaclSecurityDescriptor
RtlInitializeCriticalSection
RtlAppendUnicodeStringToString
DbgPrint
RtlInitializeSid
RtlAcquireResourceExclusive
RtlIntegerToUnicodeString
RtlDowncaseUnicodeString
RtlTimeToTimeFields
RtlCreateTimerQueue
RtlUpcaseUnicodeString
NtWaitForSingleObject
RtlNtStatusToDosError
NtSetSecurityObject
RtlCopySid
RtlLeaveCriticalSection
RtlCreateTimer
NtClose
RtlEnterCriticalSection
RtlAcquireResourceShared
RtlRunDecodeUnicodeString
NtOpenProcessToken
RtlAnsiStringToUnicodeString
RtlLookupElementGenericTable
RtlDeleteTimerQueue
RtlPrefixUnicodeString
RtlInitializeGenericTable
RtlFreeSid
RtlSubAuthoritySid
RtlEqualDomainName

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2ee73419280cb9de993241270f28ff8e

Headers

DLL Characteristics

File Characteristics

Imports

secur32

user32

kernel32

cryptdll

msvcrt

advapi32

msasn1

ntdll

Sections

.text Size: 18KB - Virtual size: 17KB

.data Size: 9KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 36KB - Virtual size: 36KB

.rdata Size: 264KB - Virtual size: 263KB

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 9KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 36KB - Virtual size: 36KB

.rdata
Size: 264KB - Virtual size: 263KB