c1b8f6a78fc633051a4d98d55fed2a00_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c1b8f6a78fc633051a4d98d55fed2a00_JaffaCakes118
Size

445KB
MD5

c1b8f6a78fc633051a4d98d55fed2a00
SHA1

6ceb55fdf56723486ebc9abde861cc68ef868cf6
SHA256

23b1cd69cf7c251ddea53a02a65f09655e1cd23a65fda6aeeee00cb44c1efdce
SHA512

b6cff41af852cf0a1c440c1a9d6adf715f7d8889330dfeb25318af7bc9cd2bc0c0946504cbbd0ac0144ababa54e44ad3b3d65c68d53f51923861a39ec0c10376
SSDEEP

12288:LIxmWuj1LdBIExPj02Ra3ssFAPBY4nDqdQZL:Lsm13TxPj024csJY1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1b8f6a78fc633051a4d98d55fed2a00_JaffaCakes118

Files

c1b8f6a78fc633051a4d98d55fed2a00_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3a3b071401eb6220c41f83d271ef7678

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_adjust_fdiv
malloc
_initterm
free
wcsrchr
_wcsicmp
wcscpy
wcscat
wcslen
_except_handler3

wintrust

CryptCATAdminCalcHashFromFileHandle

rpcrt4

RpcRevertToSelfEx
I_RpcBindingIsClientLocal
RpcServerUnregisterIf
RpcServerRegisterAuthInfoW
RpcServerInqDefaultPrincNameW
RpcStringFreeW
RpcServerRegisterIfEx
RpcServerUseProtseqEpW
RpcImpersonateClient
RpcRevertToSelf
NdrServerCall2

user32

wsprintfW
wsprintfA

kernel32

FindNextFileW
GetACP
WideCharToMultiByte
GetSystemDirectoryW
GetSystemDirectoryA
MultiByteToWideChar
lstrlenW
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
LeaveCriticalSection
SetLastError
GetCurrentThread
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryW
GetProcAddress
FreeLibrary
CreateEventA
RegisterWaitForSingleObject
UnregisterWaitEx
CloseHandle
LocalReAlloc
LocalSize
LocalFree
DeleteFileW
SetEvent
GetLastError
DisableThreadLibraryCalls
FindFirstFileW
GetFileAttributesW
CreateFileW
MoveFileW
GetTempFileNameW
DelayLoadFailureHook
CreateFileA
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
UnregisterWait
InterlockedExchange
DuplicateHandle
ReadFile
SystemTimeToFileTime
GetLocalTime
GetTimeFormatA
GetDateFormatA
OutputDebugStringA
SetFilePointer
SetEndOfFile
WriteFile
GetFileSize
CreateFileMappingA
MapViewOfFile
GetVersionExA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
LoadLibraryA
CopyFileW
SetFileAttributesW
UnmapViewOfFile
CreateEventW
DeleteFileA
InterlockedCompareExchange
GetTickCount
OpenProcess
LocalAlloc
GetCurrentProcess

advapi32

RegCloseKey
RegEnumValueW
RegEnumValueA
RegCreateKeyExA
CryptAcquireContextA
RegQueryValueExW
RegQueryInfoKeyW
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegCreateKeyW
CryptSetProviderExW
CryptGetDefaultProviderW
CryptGetProvParam
CryptEnumProviderTypesW
CryptEnumProvidersW
LsaOpenPolicy
LsaRetrievePrivateData
LogonUserW
LsaFreeMemory
LsaClose
ImpersonateLoggedOnUser
RegOpenKeyExW
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
GetLengthSid
CopySid
CryptReleaseContext
SystemFunction036
RevertToSelf
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
OpenThreadToken
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegisterServiceCtrlHandlerW
SetServiceStatus
RegisterEventSourceW
ReportEventW
DeregisterEventSource

certcli

CACertTypeAccessCheck
CAGetCertTypeProperty
CACountCertTypes
CAFreeCertTypeProperty
CAEnumNextCertType
CAEnumCertTypes
CACloseCA
CAEnumNextCA
CAFreeCAProperty
CAAccessCheck
CAGetCAProperty
CACountCAs
CAEnumFirstCA
CACloseCertType

crypt32

CertFreeCTLContext
CertFreeCertificateContext
CertAddCertificateContextToStore
CertFindCertificateInStore
CertOpenStore
CertEnumCertificatesInStore
PFXExportCertStore
PFXImportCertStore
CertCreateContext
CertCloseStore
CryptDecodeObject

esent

JetTerm
JetUpdate
JetSetColumn
JetPrepareUpdate
JetDelete
JetMove
JetMakeKey
JetRetrieveColumn
JetSetSystemParameter
JetCloseTable
JetGetColumnInfo
JetOpenTable
JetRollback
JetCommitTransaction
JetCreateIndex
JetAddColumn
JetCreateTable
JetBeginTransaction
JetOpenDatabase
JetCloseDatabase
JetCreateDatabase
JetSetCurrentIndex
JetAttachDatabase
JetBeginSession
JetInit
JetDetachDatabase
JetEndSession
JetSeek

Exports

Exports

?tamtamtomtom@@YGXH@Z

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.asas
Size: 416KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a3b071401eb6220c41f83d271ef7678

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

wintrust

rpcrt4

user32

kernel32

advapi32

certcli

crypt32

esent

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 7KB - Virtual size: 8KB

.data Size: 2KB - Virtual size: 4KB

.asas Size: 416KB - Virtual size: 416KB

.rsrc Size: 11KB - Virtual size: 48KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 7KB - Virtual size: 8KB

.data
Size: 2KB - Virtual size: 4KB

.asas
Size: 416KB - Virtual size: 416KB

.rsrc
Size: 11KB - Virtual size: 48KB