bde4eefb4f6d9e385d8493f527381702_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

bde4eefb4f6d9e385d8493f527381702_JaffaCakes118
Size

444KB
MD5

bde4eefb4f6d9e385d8493f527381702
SHA1

60564e6d67aa28333acf5c1ed266bcfa0976ec51
SHA256

39dd8ed55980c08b025c57778912350df155e7a3e2bbe542864fe05d0fda3fa1
SHA512

1248557ebc195960291e40e25a842a97877b387dfcf3322eb1a548f5ef3a875389424afabaaf08d6ada7fd5a26f30f0018e05e4c15ce7ca3dd8ded31059fb498
SSDEEP

6144:RgFdG9kocYkAuWm9vdbi1Vgkuk/FsGxHXWgIuWa6jV5p3GKHvwg87WU:Nk6k+x1VgkuI3IuWBjV5p3HHvi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bde4eefb4f6d9e385d8493f527381702_JaffaCakes118

Files

bde4eefb4f6d9e385d8493f527381702_JaffaCakes118
.exe windows:5 windows x86 arch:x86

94eb55b5b89c67415157f56ba7ae1b9f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

secur32

ApplyControlToken
LsaCallAuthenticationPackage
LsaFreeReturnBuffer
LsaConnectUntrusted
LsaLookupAuthenticationPackage

msvcrt

wcschr
_except_handler3
wcslen
wcscat
iswctype
memmove
wcscpy
_ltow
wcscmp
time
free
_initterm
malloc
_adjust_fdiv
_ultoa
_ltoa

msasn1

ASN1CEREncNewBlkElement
ASN1_FreeDecoded
ASN1CEREncBeginBlk
ASN1CEREncFlushBlkElement
ASN1CEREncEndBlk
ASN1_FreeEncoded
ASN1_SetEncoderOption
ASN1_Decode
ASN1_Encode
ASN1octetstring_free
ASN1BERDecOctetString
ASN1intx_free
ASN1BERDecS32Val
ASN1BERDecSXVal
ASN1BEREncS32
ASN1BEREncSX
ASN1BERDecObjectIdentifier2
ASN1BEREncObjectIdentifier2
ASN1open_free
ASN1Free
ASN1BERDecExplicitTag
ASN1BERDecNotEndOfContents
ASN1BERDecPeekTag
ASN1DecRealloc
ASN1BERDecOpenType
ASN1BERDecEndOfContents
ASN1BEREncExplicitTag
ASN1BEREncOpenType
ASN1BEREncEndOfContents
ASN1BERDecBitString2
ASN1_CloseModule
ASN1_CreateModule
ASN1BEREncOctetString
ASN1BEREncBitString

crypt32

CryptSignAndEncodeCertificate
CertFindChainInStore
CryptEncodeObject
CryptDecodeObject
I_CryptUninstallAsn1Module
I_CryptInstallAsn1Module
CryptInstallOIDFunctionAddress
I_CryptGetAsn1Decoder
I_CryptGetAsn1Encoder
CertDuplicateCertificateContext
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertGetEnhancedKeyUsage
CertVerifyCertificateChainPolicy
CertOpenSystemStoreA
CertAddStoreToCollection
CertEnumCTLsInStore
CertAddEncodedCertificateToStore
CertGetCertificateContextProperty
CertSerializeCertificateStoreElement
CertSaveStore
CertFreeCertificateChain
CertCompareCertificateName
CertGetCertificateChain
CryptDecodeObjectEx
CertGetNameStringW
CertFindCertificateInStore
CertOpenStore
CertAddSerializedElementToStore
CertCloseStore
CertNameToStrW
CertCreateCertificateContext
CertNameToStrA
CertFreeCertificateContext
CertDuplicateStore
CertControlStore

advapi32

AllocateLocallyUniqueId
CryptAcquireContextA
CryptAcquireContextW
CryptReleaseContext
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CryptDestroyHash
CryptSetHashParam
CryptCreateHash
RevertToSelf
CredFree
CredUnmarshalCredentialW
CredIsMarshaledCredentialW
CryptSignHashW
CryptHashData
RegSetValueExW
RegQueryValueExW
RegCreateKeyExA
RegCreateKeyExW
RegOpenKeyExW
RegNotifyChangeKeyValue
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegFlushKey
CryptGenRandom
CryptExportKey
CryptDestroyKey
CryptImportKey
MD5Final
MD5Update
MD5Init
CryptGenKey
CryptGetKeyParam
CryptDuplicateKey
A_SHAFinal
A_SHAUpdate
A_SHAInit
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenThreadToken
CryptGetProvParam
CryptDecrypt
CryptDeriveKey
CryptDuplicateHash
CryptEncrypt
CryptGetUserKey
CryptHashSessionKey
CryptSetKeyParam
CryptSignHashA
CryptVerifySignatureA
CryptGetHashParam

kernel32

LocalReAlloc
InitializeCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
EnterCriticalSection
DeleteCriticalSection
lstrcmpiA
lstrlenA
CreateEventA
RegisterWaitForSingleObject
UnregisterWaitEx
SetEvent
ResetEvent
GetTickCount
FormatMessageW
CreateEventW
OpenProcess
GetCurrentProcess
VirtualAlloc
InterlockedDecrement
lstrcpyW
DisableThreadLibraryCalls
FreeLibrary
LoadLibraryW
GetProcAddress
GetSystemDefaultLCID
GetLocaleInfoA
InterlockedIncrement
SetLastError
GetCurrentThread
GetComputerNameW
GetComputerNameExW
GetSystemWow64DirectoryA
lstrlenW
lstrcmpW
CloseHandle
GetLastError
LocalFree
GetCurrentProcessId
GetCurrentThreadId
WaitForSingleObjectEx
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter
InterlockedExchange
LoadLibraryA
LocalAlloc

userenv

RegisterGPNotification
UnregisterGPNotification

Sections

.text
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.uuup
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.kuup
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ouup
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.duup
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.auuu
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qiii
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gooo
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.raaa
Size: 137KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rerq
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.huuu
Size: 137KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hauu
Size: 137KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

94eb55b5b89c67415157f56ba7ae1b9f

Headers

File Characteristics

Imports

secur32

msvcrt

msasn1

crypt32

advapi32

kernel32

userenv

Sections

.text Size: 7KB - Virtual size: 8KB

.rdata Size: 7KB - Virtual size: 8KB

.data Size: 1KB - Virtual size: 4KB

.uuup Size: 512B - Virtual size: 4KB

.kuup Size: 512B - Virtual size: 4KB

.ouup Size: 512B - Virtual size: 4KB

.duup Size: 512B - Virtual size: 4KB

.auuu Size: 512B - Virtual size: 4KB

.qiii Size: 512B - Virtual size: 4KB

.gooo Size: 512B - Virtual size: 4KB

.raaa Size: 137KB - Virtual size: 140KB

.rerq Size: 512B - Virtual size: 4KB

.huuu Size: 137KB - Virtual size: 140KB

.hauu Size: 137KB - Virtual size: 140KB

.rsrc Size: 11KB - Virtual size: 16KB

.text
Size: 7KB - Virtual size: 8KB

.rdata
Size: 7KB - Virtual size: 8KB

.data
Size: 1KB - Virtual size: 4KB

.uuup
Size: 512B - Virtual size: 4KB

.kuup
Size: 512B - Virtual size: 4KB

.ouup
Size: 512B - Virtual size: 4KB

.duup
Size: 512B - Virtual size: 4KB

.auuu
Size: 512B - Virtual size: 4KB

.qiii
Size: 512B - Virtual size: 4KB

.gooo
Size: 512B - Virtual size: 4KB

.raaa
Size: 137KB - Virtual size: 140KB

.rerq
Size: 512B - Virtual size: 4KB

.huuu
Size: 137KB - Virtual size: 140KB

.hauu
Size: 137KB - Virtual size: 140KB

.rsrc
Size: 11KB - Virtual size: 16KB