bd16c0f1ac0e1c42408371727a46a59c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bd16c0f1ac0e1c42408371727a46a59c_JaffaCakes118
Size

329KB
MD5

bd16c0f1ac0e1c42408371727a46a59c
SHA1

f29003a743739c8676114efe4324231e10107417
SHA256

cbd267386c68239a8c7c3810de2e8669dbf09e2e79da06d130bd57b491cad9af
SHA512

ee6cca811108b3fc50b882446ce2f2243a9d77b5320e59bb4da4a8a1e5674450643ee2866f8bb39072a47366fba88687b7a7c5150010401bbf1e39e6d2532cc0
SSDEEP

6144:z48Go2V00A3rivVxa48+78i13apGbJbw8iEccPhZXP/WMpfmo/:9dO092vVg4d713gGbxwo5p+o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd16c0f1ac0e1c42408371727a46a59c_JaffaCakes118

Files

bd16c0f1ac0e1c42408371727a46a59c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

41bf37d62a23d3340089016f009aed01

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

cryptdll

CDGenerateRandomBits
CDFindCommonCSystemWithKey
MD5Update
CDLocateCSystem
CDBuildIntegrityVect
MD5Init
CDLocateCheckSum
MD5Final

user32

wsprintfW
CharLowerBuffW

advapi32

QueryServiceConfigW
CryptAcquireContextW
OpenProcessToken
CryptDestroyHash
GetTokenInformation
CredUnmarshalCredentialW
RegQueryInfoKeyW
RegOpenKeyExW
RevertToSelf
AllocateAndInitializeSid
CryptSetProvParam
RegQueryValueExW
ReportEventW
CloseServiceHandle
CryptCreateHash
CryptReleaseContext
CryptGetHashParam
RegNotifyChangeKeyValue
FreeSid
OpenThreadToken
SetThreadToken
QueryServiceStatus
GetTraceLoggerHandle
RegCloseKey
RegisterEventSourceW
RegEnumKeyExW
DeregisterEventSource
LookupAccountSidW
RegDeleteValueW
CryptHashData
TraceEvent
CredFree
RegCreateKeyExW
CryptGetProvParam
SystemFunction006
RegSetValueExW
RegConnectRegistryW
OpenSCManagerW
RegOpenKeyW
SystemFunction007
RegisterTraceGuidsW
OpenServiceW

msvcrt

_wcsicmp
wcscmp
_vsnprintf
_adjust_fdiv
_wcsnicmp
wcsspn
wcstoul
_initterm
sscanf
_stricmp
_except_handler3
strrchr
_ultoa
wcscpy
_strnicmp
swprintf
wcsrchr
qsort
free
_strcmpi
wcscat
sprintf
strchr
malloc
wcslen

msasn1

ASN1BEREncBool
ASN1BEREncOpenType
ASN1_Encode
ASN1BEREncOctetString
ASN1BERDecPeekTag
ASN1_FreeEncoded
ASN1_Decode
ASN1intxisuint32
ASN1BERDecExplicitTag
ASN1BERDecS32Val
ASN1BEREncSX
ASN1BEREncExplicitTag
ASN1_CloseEncoder
ASN1intx_setuint32
ASN1objectidentifier_free
ASN1_FreeDecoded
ASN1bitstring_free
ASN1BERDecOctetString
ASN1BERDecSkip
ASN1octetstring_free
ASN1EncSetError
ASN1BERDecNotEndOfContents
ASN1_CloseDecoder
ASN1BERDecZeroCharString
ASN1BEREncS32
ASN1DecSetError
ASN1BERDecCharString
ASN1ztcharstring_free
ASN1CEREncGeneralizedTime
ASN1BEREncObjectIdentifier
ASN1charstring_free
ASN1BERDecBool
ASN1intx2int32
ASN1BEREncBitString
ASN1BERDecBitString
ASN1BERDecSXVal
ASN1_CreateEncoder
ASN1BERDecEndOfContents
ASN1_CreateModule
ASN1BEREncU32
ASN1Free
ASN1DecAlloc
ASN1BERDecObjectIdentifier
ASN1BERDecGeneralizedTime
ASN1intx_free
ASN1BERDecU32Val
ASN1intx2uint32
ASN1BEREncCharString
ASN1_CreateDecoder
ASN1BEREncEndOfContents
ASN1BERDecOpenType2

secur32

CredMarshalTargetInfo
CredUnmarshalTargetInfo
FreeContextBuffer
LsaGetLogonSessionData
LsaFreeReturnBuffer

kernel32

GetSystemInfo
CreateFileMappingW
SetEvent
MapViewOfFileEx
GetTickCount
lstrcmpW
LoadLibraryW
UnregisterWait
EnterCriticalSection
OpenFileMappingW
InterlockedIncrement
GetSystemTimeAsFileTime
GetModuleFileNameW
ExpandEnvironmentStringsW
GetComputerNameExW
SetUnhandledExceptionFilter
GetProcAddress
lstrlenA
FormatMessageW
TerminateProcess
GetModuleHandleW
GetCurrentThread
RegisterWaitForSingleObjectEx
WideCharToMultiByte
GetProfileStringA
lstrlenW
GetLocalTime
lstrcmpiA
DebugBreak
DisableThreadLibraryCalls
GetLastError
UnhandledExceptionFilter
InitializeCriticalSection
WriteFile
GetModuleFileNameA
OutputDebugStringA
OpenEventW
GetCurrentProcess
UnmapViewOfFile
CreateFileA
LoadLibraryA
VirtualAlloc
DeleteCriticalSection
MultiByteToWideChar
LocalAlloc
FileTimeToSystemTime
GetACP
QueryPerformanceCounter
LeaveCriticalSection
GetEnvironmentVariableW
Sleep
GetComputerNameW
GetCurrentProcessId
CloseHandle
InterlockedCompareExchange
InterlockedDecrement
lstrcpyW
LocalFree
InterlockedExchange
CreateEventW
RaiseException
FreeLibrary
GetCurrentThreadId
InterlockedExchangeAdd
CreateFileW

ntdll

RtlSubAuthorityCountSid
RtlConvertSharedToExclusive
NtAllocateLocallyUniqueId
RtlDeleteTimerQueue
RtlCompareMemory
RtlInitializeGenericTable
RtlUnicodeStringToAnsiString
RtlInitializeGenericTableAvl
RtlGetElementGenericTable
RtlUpcaseUnicodeString
NtOpenThreadToken
RtlInitUnicodeString
RtlDeleteCriticalSection
RtlCopyLuid
RtlLookupElementGenericTable
RtlSystemTimeToLocalTime
RtlInitializeCriticalSection
RtlValidSid
RtlInsertElementGenericTable
RtlDeleteElementGenericTable
RtlCopySid
RtlAllocateAndInitializeSid
NtOpenEvent
NtCreateEvent
RtlEqualDomainName
RtlLengthSid
RtlInitializeSid
RtlRegisterWait
RtlFreeSid
RtlAppendUnicodeStringToString
RtlCreateTimer
RtlEqualSid
RtlCompareUnicodeString
RtlInitializeResource
RtlNtStatusToDosError
RtlDeregisterWait
RtlAcquireResourceExclusive
RtlConvertSidToUnicodeString
RtlAddAccessAllowedAce
NtWaitForSingleObject
RtlSubAuthoritySid
RtlCreateSecurityDescriptor
RtlFreeUnicodeString
RtlLengthRequiredSid
RtlEraseUnicodeString
RtlEqualUnicodeString
RtlFreeAnsiString
NtQuerySystemTime
RtlInitAnsiString
RtlInsertElementGenericTableAvl
RtlSetDaclSecurityDescriptor
NtQueryInformationToken
RtlReleaseResource
RtlOemStringToUnicodeString
RtlLookupElementGenericTableAvl
RtlDowncaseUnicodeString
NtQuerySystemInformation
RtlCreateAcl
RtlCreateTimerQueue
RtlAcquireResourceShared
RtlEnterCriticalSection
RtlVerifyVersionInfo
RtlPrefixUnicodeString
RtlTimeFieldsToTime
NtOpenProcessToken
RtlUniform
RtlRunDecodeUnicodeString
RtlAnsiStringToUnicodeString
RtlTimeToTimeFields
RtlCopyUnicodeString
RtlIntegerToUnicodeString
DbgPrint
RtlDeleteResource
NtDuplicateObject
RtlLeaveCriticalSection
NtAllocateVirtualMemory
NtSetSecurityObject
NtClose

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

41bf37d62a23d3340089016f009aed01

Headers

DLL Characteristics

File Characteristics

Imports

cryptdll

user32

advapi32

msvcrt

msasn1

secur32

kernel32

ntdll

Sections

.text Size: 18KB - Virtual size: 17KB

.data Size: 9KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 36KB - Virtual size: 36KB

.rdata Size: 264KB - Virtual size: 263KB

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 9KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 36KB - Virtual size: 36KB

.rdata
Size: 264KB - Virtual size: 263KB