bd753e816af18012aaf31bfd5d75ff47_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bd753e816af18012aaf31bfd5d75ff47_JaffaCakes118
Size

329KB
MD5

bd753e816af18012aaf31bfd5d75ff47
SHA1

769e3421d31a3f9a6ba1443d7f465cc8171dc9ee
SHA256

695db407735505951921d064d0955cb046ba128947b97de935b5b5613258a963
SHA512

9d4e662b3d188563e8893eb927f38bd5e4af98b17bc1af1465ca52c2176c5c1f9190a56027b566a43fd788bbb40375812ea16683a506b5f5c9e2a5d3b53b8a5d
SSDEEP

6144:4b6oos8llUbkRCuITZOs6AFwNSjfE9eKTmdq7hWkgAUGiKXRR2NPTG:ios8l9RCR6+i9eKT99WkfvXL2N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd753e816af18012aaf31bfd5d75ff47_JaffaCakes118

Files

bd753e816af18012aaf31bfd5d75ff47_JaffaCakes118
.exe windows:5 windows x86 arch:x86

86446c5efd44413b625e047d20d1b12c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptAcquireContextW
QueryServiceConfigW
CryptHashData
QueryServiceStatus
CryptSetProvParam
OpenProcessToken
SetThreadToken
CredUnmarshalCredentialW
RegisterEventSourceW
CryptGetProvParam
CryptReleaseContext
SystemFunction007
RegSetValueExW
CryptGetHashParam
CryptCreateHash
GetTokenInformation
RegOpenKeyW
RegConnectRegistryW
DeregisterEventSource
RegDeleteValueW
OpenThreadToken
TraceEvent
ReportEventW
CredFree
RegisterTraceGuidsW
RegOpenKeyExW
RegEnumKeyExW
AllocateAndInitializeSid
RevertToSelf
FreeSid
GetTraceLoggerHandle
RegCloseKey
LookupAccountSidW
RegNotifyChangeKeyValue
OpenSCManagerW
CryptDestroyHash
RegCreateKeyExW
RegQueryValueExW
RegQueryInfoKeyW
SystemFunction006
CloseServiceHandle
OpenServiceW

msasn1

ASN1EncSetError
ASN1BEREncOpenType
ASN1bitstring_free
ASN1BERDecSXVal
ASN1ztcharstring_free
ASN1BERDecNotEndOfContents
ASN1_CreateModule
ASN1BERDecBool
ASN1BEREncS32
ASN1DecAlloc
ASN1_FreeDecoded
ASN1charstring_free
ASN1BERDecOctetString
ASN1_CloseDecoder
ASN1BERDecU32Val
ASN1BEREncCharString
ASN1DecSetError
ASN1_Encode
ASN1intx_free
ASN1BERDecExplicitTag
ASN1objectidentifier_free
ASN1BERDecBitString
ASN1BEREncOctetString
ASN1BERDecZeroCharString
ASN1BERDecEndOfContents
ASN1Free
ASN1_CreateEncoder
ASN1BERDecS32Val
ASN1_FreeEncoded
ASN1BEREncObjectIdentifier
ASN1BEREncU32
ASN1intxisuint32
ASN1BERDecObjectIdentifier
ASN1BERDecGeneralizedTime
ASN1_Decode
ASN1CEREncGeneralizedTime
ASN1BERDecPeekTag
ASN1intx_setuint32
ASN1intx2int32
ASN1BEREncBitString
ASN1BERDecOpenType2
ASN1_CloseEncoder
ASN1BEREncEndOfContents
ASN1BEREncExplicitTag
ASN1BERDecSkip
ASN1intx2uint32
ASN1BEREncSX
ASN1BERDecCharString
ASN1octetstring_free
ASN1BEREncBool
ASN1_CreateDecoder

cryptdll

CDLocateCSystem
MD5Update
MD5Final
CDFindCommonCSystemWithKey
CDLocateCheckSum
CDGenerateRandomBits
CDBuildIntegrityVect
MD5Init

secur32

FreeContextBuffer
LsaGetLogonSessionData
CredUnmarshalTargetInfo
LsaFreeReturnBuffer
CredMarshalTargetInfo

ntdll

RtlDeleteTimerQueue
RtlFreeAnsiString
RtlCompareUnicodeString
RtlDeleteResource
RtlValidSid
RtlConvertSharedToExclusive
RtlAnsiStringToUnicodeString
DbgPrint
RtlLeaveCriticalSection
RtlAcquireResourceShared
VerSetConditionMask
NtCreateEvent
NtOpenThreadToken
RtlCopySid
NtQueryInformationToken
NtAllocateLocallyUniqueId
RtlDeregisterWait
RtlLengthRequiredSid
RtlTimeFieldsToTime
NtDuplicateObject
RtlEnterCriticalSection
RtlRegisterWait
RtlInitializeSid
RtlVerifyVersionInfo
RtlPrefixUnicodeString
RtlCopyLuid
RtlAcquireResourceExclusive
RtlAppendUnicodeStringToString
RtlCreateTimerQueue
RtlDeleteCriticalSection
RtlCreateTimer
RtlInitializeResource
RtlInitializeGenericTableAvl
NtAllocateVirtualMemory
RtlInitAnsiString
NtSetSecurityObject
NtQuerySystemTime
RtlEraseUnicodeString
RtlSystemTimeToLocalTime
RtlAllocateAndInitializeSid
RtlLookupElementGenericTableAvl
NtQuerySystemInformation
RtlTimeToTimeFields
RtlDeleteElementGenericTable
RtlSubAuthorityCountSid
RtlFreeSid
RtlDowncaseUnicodeString
NtClose
RtlLengthSid
RtlCreateSecurityDescriptor
RtlSubAuthoritySid
RtlInitUnicodeString
RtlIntegerToUnicodeString
RtlLookupElementGenericTable
RtlGetElementGenericTable
RtlConvertSidToUnicodeString
RtlInitializeCriticalSection
RtlEqualDomainName
RtlInitializeGenericTable
NtOpenEvent
RtlEqualUnicodeString
RtlCompareMemory
RtlUniform
RtlRunDecodeUnicodeString
RtlEqualSid
RtlUpcaseUnicodeString
RtlUnicodeStringToAnsiString
RtlAddAccessAllowedAce
RtlCopyUnicodeString
RtlFreeUnicodeString
RtlReleaseResource
NtWaitForSingleObject
NtOpenProcessToken
RtlCreateAcl
RtlSetDaclSecurityDescriptor
RtlOemStringToUnicodeString
RtlNtStatusToDosError
RtlInsertElementGenericTable

user32

wsprintfW
CharLowerBuffW

kernel32

FormatMessageW
GetCurrentThread
OutputDebugStringA
lstrlenA
GetTickCount
InterlockedExchangeAdd
Sleep
CreateFileMappingW
MapViewOfFileEx
FileTimeToSystemTime
UnregisterWait
DeleteCriticalSection
LoadLibraryA
GetEnvironmentVariableW
LeaveCriticalSection
UnhandledExceptionFilter
GetProfileStringA
InterlockedIncrement
GetComputerNameExW
RegisterWaitForSingleObjectEx
InterlockedCompareExchange
GetCurrentThreadId
GetModuleFileNameW
MultiByteToWideChar
ExpandEnvironmentStringsW
DebugBreak
FreeLibrary
LocalAlloc
GetSystemInfo
SetUnhandledExceptionFilter
DisableThreadLibraryCalls
TerminateProcess
GetLastError
UnmapViewOfFile
CreateEventW
LoadLibraryW
lstrcmpW
OpenFileMappingW
CloseHandle
GetACP
GetModuleFileNameA
CreateFileW
VirtualAlloc
LocalFree
QueryPerformanceCounter
CreateFileA
InterlockedExchange
GetComputerNameW
EnterCriticalSection
GetModuleHandleW
InitializeCriticalSection
lstrcmpiA
WideCharToMultiByte
OpenEventW
SetEvent
GetCurrentProcessId
GetProcAddress
WriteFile
lstrlenW
InterlockedDecrement
GetCurrentProcess
GetSystemTimeAsFileTime
RaiseException
GetLocalTime
lstrcpyW

msvcrt

_adjust_fdiv
wcsrchr
_wcsicmp
wcscpy
_strcmpi
_stricmp
_vsnprintf
sscanf
wcsspn
_wcsnicmp
swprintf
strchr
wcslen
sprintf
wcstoul
strrchr
wcscat
malloc
_initterm
_except_handler3
_ultoa
qsort
_strnicmp
wcscmp
free

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

86446c5efd44413b625e047d20d1b12c

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

msasn1

cryptdll

secur32

ntdll

user32

kernel32

msvcrt

Sections

.text Size: 18KB - Virtual size: 17KB

.data Size: 9KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 36KB - Virtual size: 36KB

.rdata Size: 264KB - Virtual size: 263KB

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 9KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 36KB - Virtual size: 36KB

.rdata
Size: 264KB - Virtual size: 263KB