b7f53a367851fd1ae6e53cc8c1001400_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b7f53a367851fd1ae6e53cc8c1001400_JaffaCakes118
Size

329KB
MD5

b7f53a367851fd1ae6e53cc8c1001400
SHA1

baedd0842f692353c5b3bce7c96c90556a26fdbe
SHA256

90343da17f1f3b1297d5179534eeb036ca70731ac49a64750142a35d0379eff8
SHA512

98603bfa8aa511470178cf0d93604e02025d63d4c9a31dd819ec8204e3d415345645e15ee39fe162efd843f2e66022925270d08cf7d5226631719321fd43f54d
SSDEEP

6144:pP/f+o8scFq+a7IeJtccdL2tGv9jJyCkjJ/q29QpxZQ03BzpnZGlSTawF:z8++a8eJtccdLrvLkjosQpxZQaBzxYlV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7f53a367851fd1ae6e53cc8c1001400_JaffaCakes118

Files

b7f53a367851fd1ae6e53cc8c1001400_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a5ae5da02bdc14f7381179b2b7c888fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

OpenSCManagerW
ReportEventW
RegNotifyChangeKeyValue
DeregisterEventSource
CloseServiceHandle
RegisterTraceGuidsW
RegQueryValueExW
CryptGetHashParam
RegSetValueExW
CryptHashData
SetThreadToken
CryptReleaseContext
CryptGetProvParam
LookupAccountSidW
RegQueryInfoKeyW
RegCreateKeyExW
OpenProcessToken
RegOpenKeyExW
OpenThreadToken
SystemFunction007
RevertToSelf
QueryServiceStatus
CredUnmarshalCredentialW
RegisterEventSourceW
QueryServiceConfigW
AllocateAndInitializeSid
TraceEvent
RegDeleteValueW
GetTraceLoggerHandle
FreeSid
OpenServiceW
RegEnumKeyExW
CryptDestroyHash
RegCloseKey
CryptCreateHash
GetTokenInformation
SystemFunction006
RegOpenKeyW
RegConnectRegistryW
CryptAcquireContextW
CryptSetProvParam
CredFree

msvcrt

wcscpy
wcsspn
_strcmpi
sscanf
_wcsnicmp
sprintf
_vsnprintf
free
wcscmp
wcsrchr
_stricmp
malloc
qsort
wcslen
_ultoa
wcstoul
_strnicmp
strchr
_adjust_fdiv
_initterm
_except_handler3
strrchr
_wcsicmp
swprintf
wcscat

ntdll

NtOpenThreadToken
RtlSystemTimeToLocalTime
RtlLengthSid
RtlInitializeGenericTable
NtSetSecurityObject
RtlCopyUnicodeString
RtlLookupElementGenericTable
RtlNtStatusToDosError
NtQuerySystemInformation
RtlConvertSidToUnicodeString
RtlInitializeCriticalSection
RtlEqualDomainName
RtlInitAnsiString
RtlFreeAnsiString
RtlDeleteCriticalSection
RtlDeleteResource
NtDuplicateObject
RtlSubAuthorityCountSid
RtlTimeFieldsToTime
RtlGetElementGenericTable
NtQueryInformationToken
RtlEraseUnicodeString
RtlEqualSid
RtlDeleteTimerQueue
RtlAnsiStringToUnicodeString
NtAllocateLocallyUniqueId
RtlOemStringToUnicodeString
RtlCreateTimer
RtlAllocateAndInitializeSid
RtlIntegerToUnicodeString
RtlValidSid
RtlAcquireResourceShared
RtlTimeToTimeFields
RtlFreeSid
RtlInsertElementGenericTable
RtlDeleteElementGenericTable
NtQuerySystemTime
NtOpenEvent
RtlRegisterWait
NtClose
RtlDeregisterWait
RtlEnterCriticalSection
RtlSetDaclSecurityDescriptor
RtlCreateAcl
NtCreateEvent
RtlInitializeSid
RtlLengthRequiredSid
RtlConvertSharedToExclusive
RtlUpcaseUnicodeString
RtlCreateTimerQueue
RtlDowncaseUnicodeString
RtlFreeUnicodeString
RtlAddAccessAllowedAce
RtlLeaveCriticalSection
VerSetConditionMask
NtWaitForSingleObject
RtlCompareMemory
NtAllocateVirtualMemory
RtlCompareUnicodeString
RtlRunDecodeUnicodeString
NtOpenProcessToken
RtlUnicodeStringToAnsiString
RtlLookupElementGenericTableAvl
RtlUniform
RtlInitializeResource
RtlAcquireResourceExclusive
RtlPrefixUnicodeString
RtlInsertElementGenericTableAvl
RtlEqualUnicodeString
RtlReleaseResource
RtlInitUnicodeString
RtlVerifyVersionInfo
RtlAppendUnicodeStringToString
RtlCreateSecurityDescriptor
RtlCopySid
DbgPrint
RtlInitializeGenericTableAvl
RtlCopyLuid

msasn1

ASN1_CloseEncoder
ASN1BERDecOctetString
ASN1objectidentifier_free
ASN1ztcharstring_free
ASN1intx_setuint32
ASN1intxisuint32
ASN1_CloseDecoder
ASN1BEREncEndOfContents
ASN1BERDecS32Val
ASN1BEREncS32
ASN1BERDecGeneralizedTime
ASN1DecAlloc
ASN1BEREncCharString
ASN1BEREncSX
ASN1BEREncExplicitTag
ASN1BERDecBitString
ASN1intx2uint32
ASN1_FreeDecoded
ASN1CEREncGeneralizedTime
ASN1BERDecOpenType2
ASN1octetstring_free
ASN1_Decode
ASN1EncSetError
ASN1_CreateModule
ASN1Free
ASN1BERDecExplicitTag
ASN1_CreateEncoder
ASN1BEREncOpenType
ASN1BEREncObjectIdentifier
ASN1BERDecEndOfContents
ASN1BERDecNotEndOfContents
ASN1BERDecZeroCharString
ASN1_FreeEncoded
ASN1charstring_free
ASN1DecSetError
ASN1BERDecSkip
ASN1intx_free
ASN1_CreateDecoder
ASN1BERDecU32Val
ASN1BEREncU32
ASN1BERDecObjectIdentifier
ASN1BERDecSXVal
ASN1bitstring_free
ASN1BEREncOctetString
ASN1BERDecPeekTag
ASN1BERDecCharString
ASN1_Encode
ASN1BERDecBool
ASN1BEREncBool
ASN1BEREncBitString
ASN1intx2int32

secur32

CredUnmarshalTargetInfo
LsaFreeReturnBuffer
LsaGetLogonSessionData
FreeContextBuffer
CredMarshalTargetInfo

kernel32

DisableThreadLibraryCalls
lstrcpyW
FileTimeToSystemTime
SetEvent
EnterCriticalSection
GetComputerNameW
CloseHandle
InterlockedExchangeAdd
GetCurrentProcessId
GetCurrentProcess
Sleep
TerminateProcess
LeaveCriticalSection
RaiseException
LocalAlloc
WideCharToMultiByte
MapViewOfFileEx
VirtualAlloc
UnregisterWait
GetModuleFileNameA
InterlockedCompareExchange
GetTickCount
InterlockedDecrement
InitializeCriticalSection
LoadLibraryW
GetSystemInfo
OpenEventW
GetCurrentThread
GetACP
LoadLibraryA
GetProfileStringA
CreateFileMappingW
OutputDebugStringA
lstrcmpW
LocalFree
QueryPerformanceCounter
CreateEventW
GetCurrentThreadId
MultiByteToWideChar
DebugBreak
CreateFileW
FreeLibrary
InterlockedIncrement
RegisterWaitForSingleObjectEx
GetModuleFileNameW
GetSystemTimeAsFileTime
GetEnvironmentVariableW
ExpandEnvironmentStringsW
lstrlenA
GetModuleHandleW
GetLocalTime
lstrlenW
DeleteCriticalSection
GetProcAddress
GetComputerNameExW
InterlockedExchange
OpenFileMappingW
lstrcmpiA
WriteFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
FormatMessageW
CreateFileA
UnmapViewOfFile

cryptdll

MD5Init
CDBuildIntegrityVect
CDLocateCheckSum
MD5Final
CDLocateCSystem
MD5Update
CDFindCommonCSystemWithKey
CDGenerateRandomBits

user32

CharLowerBuffW
wsprintfW

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a5ae5da02bdc14f7381179b2b7c888fb

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

msvcrt

ntdll

msasn1

secur32

kernel32

cryptdll

user32

Sections

.text Size: 18KB - Virtual size: 17KB

.data Size: 9KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 36KB - Virtual size: 36KB

.rdata Size: 264KB - Virtual size: 263KB

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 9KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 36KB - Virtual size: 36KB

.rdata
Size: 264KB - Virtual size: 263KB