bf1235e2effc18625751068fa447ea1c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bf1235e2effc18625751068fa447ea1c_JaffaCakes118
Size

329KB
MD5

bf1235e2effc18625751068fa447ea1c
SHA1

31c0c82833d470c76588695bb734d58076c95134
SHA256

c38e42bc7f9fab798aab548ce15f13d75a21d41284276dff8b07ea7e2bff29cd
SHA512

b6a819723a38b907d1e989e9dcbb8a3d1b1da525f57bbc78ceb4926aab59bce9f263e35df79db8376c2c081ae535c91f2375421aa8d95a9a096d57313a2c24c9
SSDEEP

6144:YhCj6ZoM9ehdoqwAt4JWjiakjosNRjSdHYY9GfBQHYwZzjMkFne:A+fDoqwYl7kssAx9GAh5Fe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf1235e2effc18625751068fa447ea1c_JaffaCakes118

Files

bf1235e2effc18625751068fa447ea1c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2f66a95a5a909f17c97dd4fbca45b2f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wcstoul
_wcsnicmp
_strcmpi
swprintf
wcscat
_ultoa
wcsrchr
malloc
_initterm
_strnicmp
wcscmp
strrchr
strchr
wcsspn
free
sprintf
wcslen
_adjust_fdiv
_except_handler3
wcscpy
_vsnprintf
_wcsicmp
qsort
sscanf
_stricmp

kernel32

GetProfileStringA
GetCurrentProcessId
MapViewOfFileEx
GetProcAddress
LocalAlloc
InterlockedCompareExchange
InterlockedDecrement
lstrcpyW
VirtualAlloc
UnhandledExceptionFilter
WideCharToMultiByte
GetACP
LeaveCriticalSection
CreateFileA
lstrcmpiA
CloseHandle
FileTimeToSystemTime
FreeLibrary
ExpandEnvironmentStringsW
GetTickCount
FormatMessageW
GetModuleFileNameW
DeleteCriticalSection
SetUnhandledExceptionFilter
OutputDebugStringA
GetComputerNameW
InterlockedExchange
TerminateProcess
LocalFree
LoadLibraryW
RegisterWaitForSingleObjectEx
lstrlenA
GetCurrentProcess
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
WriteFile
InitializeCriticalSection
CreateFileW
GetSystemInfo
CreateEventW
SetEvent
GetModuleHandleW
GetEnvironmentVariableW
GetLastError
GetModuleFileNameA
OpenFileMappingW
RaiseException
UnmapViewOfFile
QueryPerformanceCounter
EnterCriticalSection
CreateFileMappingW
OpenEventW
GetComputerNameExW
InterlockedIncrement
GetCurrentThreadId
DebugBreak
UnregisterWait
lstrlenW
InterlockedExchangeAdd
lstrcmpW
GetLocalTime
MultiByteToWideChar
LoadLibraryA
GetCurrentThread
Sleep

ntdll

RtlCopyUnicodeString
NtOpenThreadToken
RtlUnicodeStringToAnsiString
RtlAcquireResourceShared
RtlCreateTimer
NtWaitForSingleObject
NtOpenEvent
RtlFreeUnicodeString
RtlNtStatusToDosError
RtlLeaveCriticalSection
RtlFreeSid
VerSetConditionMask
NtAllocateVirtualMemory
RtlSetDaclSecurityDescriptor
RtlTimeToTimeFields
RtlAcquireResourceExclusive
RtlCompareMemory
RtlRegisterWait
RtlRunDecodeUnicodeString
RtlSubAuthoritySid
NtOpenProcessToken
RtlEqualSid
RtlCompareUnicodeString
RtlInitializeGenericTable
RtlFreeAnsiString
RtlDeleteElementGenericTable
RtlInitializeSid
RtlAnsiStringToUnicodeString
RtlInitializeResource
RtlInitializeGenericTableAvl
RtlInsertElementGenericTableAvl
RtlEnterCriticalSection
RtlAddAccessAllowedAce
RtlReleaseResource
RtlLookupElementGenericTableAvl
RtlEqualDomainName
NtClose
RtlPrefixUnicodeString
RtlSubAuthorityCountSid
RtlInitUnicodeString
RtlUniform
NtAllocateLocallyUniqueId
RtlLengthRequiredSid
RtlSystemTimeToLocalTime
RtlLengthSid
RtlDeleteResource
DbgPrint
RtlUpcaseUnicodeString
RtlAllocateAndInitializeSid
NtDuplicateObject
RtlConvertSidToUnicodeString
RtlVerifyVersionInfo
RtlDeleteCriticalSection
RtlLookupElementGenericTable
RtlValidSid
RtlCopySid
RtlIntegerToUnicodeString
RtlEraseUnicodeString
RtlDeregisterWait
RtlOemStringToUnicodeString
NtQueryInformationToken
RtlAppendUnicodeStringToString
RtlInitAnsiString
RtlEqualUnicodeString
NtQuerySystemInformation
RtlInsertElementGenericTable
NtSetSecurityObject
RtlCreateAcl
RtlDowncaseUnicodeString
RtlDeleteTimerQueue
RtlGetElementGenericTable
RtlConvertSharedToExclusive
NtQuerySystemTime
RtlInitializeCriticalSection
NtCreateEvent
RtlTimeFieldsToTime
RtlCreateSecurityDescriptor
RtlCopyLuid

cryptdll

MD5Update
CDBuildIntegrityVect
CDFindCommonCSystemWithKey
CDLocateCheckSum
MD5Final
MD5Init
CDLocateCSystem
CDGenerateRandomBits

user32

CharLowerBuffW
wsprintfW

msasn1

ASN1BEREncExplicitTag
ASN1BEREncBool
ASN1BERDecBitString
ASN1_Decode
ASN1_CreateEncoder
ASN1_CloseEncoder
ASN1BERDecU32Val
ASN1BEREncCharString
ASN1intx2uint32
ASN1DecSetError
ASN1BERDecSXVal
ASN1BERDecPeekTag
ASN1BERDecS32Val
ASN1_CloseDecoder
ASN1DecAlloc
ASN1intx_setuint32
ASN1BEREncBitString
ASN1BEREncObjectIdentifier
ASN1CEREncGeneralizedTime
ASN1EncSetError
ASN1intxisuint32
ASN1BERDecGeneralizedTime
ASN1BERDecOctetString
ASN1_FreeEncoded
ASN1_Encode
ASN1_FreeDecoded
ASN1BERDecSkip
ASN1BERDecNotEndOfContents
ASN1charstring_free
ASN1BEREncEndOfContents
ASN1Free
ASN1BERDecExplicitTag
ASN1BEREncOctetString
ASN1_CreateModule
ASN1BERDecObjectIdentifier
ASN1BERDecOpenType2
ASN1BERDecZeroCharString
ASN1BEREncS32
ASN1objectidentifier_free
ASN1BEREncOpenType
ASN1BERDecCharString
ASN1BERDecBool
ASN1_CreateDecoder
ASN1octetstring_free
ASN1ztcharstring_free
ASN1intx_free
ASN1BERDecEndOfContents
ASN1bitstring_free
ASN1intx2int32
ASN1BEREncSX
ASN1BEREncU32

advapi32

CryptReleaseContext
OpenThreadToken
CryptGetProvParam
ReportEventW
CryptGetHashParam
LookupAccountSidW
CloseServiceHandle
CryptAcquireContextW
RegOpenKeyW
SystemFunction006
RegisterEventSourceW
GetTokenInformation
RegisterTraceGuidsW
OpenProcessToken
RegNotifyChangeKeyValue
CryptDestroyHash
CryptCreateHash
RegConnectRegistryW
AllocateAndInitializeSid
GetTraceLoggerHandle
RegCreateKeyExW
SetThreadToken
RegDeleteValueW
OpenServiceW
QueryServiceConfigW
CredFree
OpenSCManagerW
CryptSetProvParam
RevertToSelf
RegSetValueExW
SystemFunction007
RegCloseKey
RegEnumKeyExW
DeregisterEventSource
QueryServiceStatus
FreeSid
RegOpenKeyExW
TraceEvent
CryptHashData
CredUnmarshalCredentialW
RegQueryValueExW
RegQueryInfoKeyW

secur32

CredMarshalTargetInfo
FreeContextBuffer
LsaFreeReturnBuffer
LsaGetLogonSessionData
CredUnmarshalTargetInfo

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2f66a95a5a909f17c97dd4fbca45b2f9

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

ntdll

cryptdll

user32

msasn1

advapi32

secur32

Sections

.text Size: 18KB - Virtual size: 17KB

.data Size: 9KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 36KB - Virtual size: 36KB

.rdata Size: 264KB - Virtual size: 263KB

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 9KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 36KB - Virtual size: 36KB

.rdata
Size: 264KB - Virtual size: 263KB