bd69b2a9f087d465f11c9222cc3b26ad_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bd69b2a9f087d465f11c9222cc3b26ad_JaffaCakes118
Size

107KB
MD5

bd69b2a9f087d465f11c9222cc3b26ad
SHA1

132d768ec6cdd5dc6693bd04260b52b90d275da9
SHA256

724a2b36cf982f47bc29c7f0f3a59ca1d463097ea9677505d6bd2671edf5c701
SHA512

175b27e8eace181969b3ce1ed7ebf95cb0901feca54cc78af8dd2ca064b45e77ac60a5d8416cc576cd27ec333e264d5709e5ebf0badc36dde201fbdc9aa0589f
SSDEEP

3072:ySHnLcBs3B7+Td9uB5C5VtmgNYTxJI2jysFb:1Hys3t+Tr5VtmiirI2Bh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/av/avn.exe

Files

bd69b2a9f087d465f11c9222cc3b26ad_JaffaCakes118
.zip
__MACOSX/av/._.DS_Store
__MACOSX/av/._avn.exe
av/.DS_Store
av/avn.exe
.exe windows:5 windows x86 arch:x86

b25eb6f5f0e96f02056ae1e9b731a25b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegisterServiceCtrlHandlerW
OpenBackupEventLogW
GetAuditedPermissionsFromAclA
CredIsMarshaledCredentialW
GetInheritanceSourceA
RegOpenKeyExA
CommandLineFromMsiDescriptor
RemoveUsersFromEncryptedFile
DeleteAce
LookupPrivilegeValueA
BuildImpersonateExplicitAccessWithNameA
CreateCodeAuthzLevel
A_SHAUpdate
GetSecurityDescriptorOwner
MakeSelfRelativeSD
LsaOpenAccount
CredGetSessionTypes
LsaICLookupNames
CredFree
WriteEncryptedFileRaw
AreAnyAccessesGranted
WmiQuerySingleInstanceMultipleW
LsaSetForestTrustInformation
WmiSetSingleInstanceW
OpenTraceA

kernel32

GetThreadPriorityBoost
DeleteAtom
LockFile
LocalFree
CreateSemaphoreW
UnmapViewOfFile
FoldStringW
WriteProfileSectionA
GetProfileStringW
GetNumaAvailableMemoryNode
Process32Next
GetOEMCP
UnlockFileEx
ConsoleMenuControl
LoadLibraryExW
RegisterConsoleOS2
SetNamedPipeHandleState
PeekNamedPipe
MoveFileWithProgressA
CmdBatNotification
MapViewOfFileEx
HeapReAlloc
WriteConsoleInputVDMA
WritePrivateProfileStructW
CreateTimerQueueTimer
GetStartupInfoW
SetDefaultCommConfigW
EnumResourceTypesA
GetCurrentThread
CreateWaitableTimerA
FindResourceW
CopyFileExW
_hread
MapViewOfFile
ReleaseMutex
GetThreadPriority
FindFirstVolumeMountPointA
GetCommModemStatus
WriteTapemark
VDMOperationStarted
GetConsoleCharType
GetVolumeNameForVolumeMountPointA
SystemTimeToFileTime
CreateActCtxA
FillConsoleOutputCharacterA
CreateProcessInternalW
GetConsoleFontInfo
GetLastError
WaitCommEvent
WriteConsoleOutputW
LoadLibraryA
CreateIoCompletionPort
lstrcmp
GetModuleHandleA
GetMailslotInfo
GetProcAddress
RemoveDirectoryA
CopyLZFile
GetEnvironmentStringsW
VirtualAlloc
IsDebuggerPresent
DosPathToSessionPathW
GetConsoleInputExeNameW
GetConsoleAliasW
SetLocaleInfoA
SystemTimeToTzSpecificLocalTime
ShowConsoleCursor
SetConsoleNumberOfCommandsW
GetConsoleCommandHistoryW
QueryInformationJobObject
GetProcessHeap
GetDriveTypeA
SetConsoleFont
MoveFileExW

msvfw32

ICSendMessage
ICImageCompress
DrawDibStop
DrawDibEnd
ICCompressorFree
VideoForWindowsVersion
DrawDibClose
MCIWndCreate
ICSeqCompressFrameStart
ICImageDecompress
DrawDibStart
MCIWndCreateA
MCIWndRegisterClass
DrawDibGetBuffer
ICRemove
ICDecompress
MCIWndCreateW
DrawDibOpen
DrawDibSetPalette
ICClose
DrawDibProfileDisplay
ICSeqCompressFrameEnd
DrawDibTime
ICSeqCompressFrame
ICLocate
DrawDibChangePalette
GetSaveFileNamePreviewW
DrawDibDraw
ICDrawBegin
DrawDibBegin
ICGetInfo
ICDraw
ICInfo
GetOpenFileNamePreviewW
ICCompress
ICInstall
GetOpenFileNamePreview

msvcrt40

_chsize
?getline@istream@@QAEAAV1@PADHD@Z
_wpopen
?out_waiting@streambuf@@QBEHXZ
getenv
??0strstreambuf@@QAE@PADH0@Z
strftime
?unbuffered@streambuf@@IAEXH@Z
__p__wenviron
_getch
strncpy
iswalnum
_wcsnset
??0ostream@@IAE@XZ
??_Gistream@@UAEPAXI@Z
?fLockcInit@ios@@0HA
??0strstreambuf@@QAE@P6APAXJ@ZP6AXPAX@Z@Z
?is_open@ifstream@@QBEHXZ
mblen
_beginthread
_commode
??_Dofstream@@QAEXXZ
__lconv_init
?sputc@streambuf@@QAEHH@Z
??1istream@@UAE@XZ
__threadid
__pxcptinfoptrs
_cgets
_strset

msvcrt

__p__environ
??_7bad_typeid@@6B@
_assert
??9type_info@@QBEHABV0@@Z
_cwscanf
ldexp
strcoll
__mb_cur_max
_safe_fprem
__set_app_type
_wchdir
??3@YAXPAX@Z
__CxxExceptionFilter
_onexit
strncat
_daylight
_fileinfo
__getmainargs
exit
modf
__p__commode
_mbsspnp
_setsystime
__p__osver
?terminate@@YAXXZ
_cputws
_itow
_setmaxstdio
_ltow

crypt32

CertAddCertificateContextToStore
CryptStringToBinaryW
I_CryptEnableLruOfEntries
CertEnumCTLContextProperties
CertAddEncodedCertificateToStore
CryptVerifyDetachedMessageSignature
CertSetStoreProperty
CertOpenSystemStoreW
CertAddSerializedElementToStore
CryptSIPRemoveSignedDataMsg
CryptHashCertificate
CertRegisterSystemStore
CryptUnregisterOIDInfo
CryptSIPLoad
CryptGetOIDFunctionAddress
CertVerifyCRLTimeValidity
CertAddEncodedCRLToStore
RegSetValueExU
CertCreateCertificateChainEngine
CertGetCertificateContextProperty
CertDuplicateCertificateChain
I_CryptFreeTls
CertIsValidCRLForCertificate
CryptMsgVerifyCountersignatureEncoded
I_CryptCreateLruCache
I_CryptInstallOssGlobal
CryptVerifyMessageHash
CertCloseStore
CertGetEnhancedKeyUsage
CertAddCertificateLinkToStore
CertFindCertificateInCRL
CryptSignHashU
CertAddStoreToCollection
CryptBinaryToStringW
CryptMemRealloc
CryptBinaryToStringA
CryptSetKeyIdentifierProperty
CryptSIPRemoveProvider
CertCreateSelfSignCertificate
CertAlgIdToOID
CryptRegisterOIDInfo
CryptProtectData
CryptMemAlloc
CertGetCertificateChain

ntdll

RtlConvertUlongToLargeInteger
ZwCreatePagingFile
ZwFlushInstructionCache
CsrGetProcessId
ZwGetWriteWatch
RtlDllShutdownInProgress
RtlAddAttributeActionToRXact
DbgBreakPoint
ZwOpenProcess
RtlFindClearRuns
NtSetSecurityObject
RtlPushFrame
NtMapViewOfSection
ZwFsControlFile
RtlDestroyQueryDebugBuffer
NtSecureConnectPort
NtCreateDirectoryObject
NtRaiseException
NtAccessCheckByTypeResultListAndAuditAlarm
_CIpow
RtlpUnWaitCriticalSection
RtlEqualPrefixSid
RtlFreeThreadActivationContextStack
NtOpenObjectAuditAlarm
memcmp
ZwOpenThread
NtDeleteBootEntry
NtCancelIoFile
CsrClientConnectToServer
RtlLargeIntegerToChar
RtlCreateSystemVolumeInformationFolder
RtlUpcaseUnicodeChar
NtSetContextThread
RtlPinAtomInAtomTable

utildll

NetworkDeviceEnumerate
ElapsedTimeString
CachedGetUserFromSid
InstallModem
StrSdClass
TestUserForAdmin
SetupAsyncCdConfig
NetBIOSDeviceEnumerate
CtxGetAnyDCName
GetAssociatedPortName
StrAsyncConnectState
GetUserFromSid
EnumerateMultiUserServers
StandardErrorMessage
GetSystemMessageA
CalculateElapsedTime
QueryCurrentWinStation
GetSystemMessageW
CurrentDateTimeString
CompareElapsedTime
AsyncDeviceEnumerate
InitializeAnonymousUserCompareList
WinEnumerateDevices
HaveAnonymousUsersChanged
ConfigureModem
ParseDecoratedAsyncDeviceName
FormDecoratedAsyncDeviceName
StrSystemWaitReason
IsPartOfDomain
StrConnectState
DateTimeString
StrProcessState

user32

GetClipboardViewer
DdeConnect
DdeFreeDataHandle
MenuWindowProcA
InvalidateRect
GetKeyboardLayoutNameW
MBToWCSEx
SetDeskWallpaper
DialogBoxIndirectParamA
UpdateLayeredWindow
SetProcessWindowStation
MessageBoxExA
CreateDialogParamA
IsDialogMessageW
GetRawInputDeviceInfoW
ShowCaret
RegisterWindowMessageA
GetLastInputInfo
LoadLocalFonts
ChangeMenuW
MonitorFromRect
DrawCaption
OffsetRect
GetRawInputBuffer
IsDialogMessageA
SetUserObjectSecurity

cryptdlg

FormatVerisignExtension
DecodeAttrSequence
CertTrustFinalPolicy
DecodeRecipientID
CertSelectCertificateA
GetFriendlyNameOfCertA
EncodeAttrSequence
GetFriendlyNameOfCertW
CertTrustCleanup
CertConfigureTrustW
CertTrustInit
CertConfigureTrustA
CertTrustCertPolicy
EncodeRecipientID
CertModifyCertificatesToTrust
CertViewPropertiesA
CertSelectCertificateW
CertViewPropertiesW
FormatPKIXEmailProtection

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b25eb6f5f0e96f02056ae1e9b731a25b

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvfw32

msvcrt40

msvcrt

crypt32

ntdll

utildll

user32

cryptdlg

Sections

.text Size: 60KB - Virtual size: 60KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 27KB - Virtual size: 43KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 60KB - Virtual size: 60KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 27KB - Virtual size: 43KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 1024B