c2ad84971d0977a58da62da9ebfb514d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c2ad84971d0977a58da62da9ebfb514d_JaffaCakes118
Size

329KB
MD5

c2ad84971d0977a58da62da9ebfb514d
SHA1

7fe8df5456de82b7b6ebbc119159a8eb6ce37685
SHA256

7fb40b6f181c00af277d0aa7c8445ad2f3027f395acc8cd7f11d10baa233d3d5
SHA512

771b3aa4ff4578f2f0363f3530f5ad54e3fdda613c63aaead390f2eb3ee529338efd28cde85f0b5936cb8e7cf26db0fa9404eb66fdf59378fcd9d635616375f5
SSDEEP

6144:VPu3odZbAavEOd709RVS+g1nV9E3QP1SE5IR3FVWJk:dZdZUTOt09+1VpMEGjsk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c2ad84971d0977a58da62da9ebfb514d_JaffaCakes118

Files

c2ad84971d0977a58da62da9ebfb514d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

108c3caeeb36348d902e640357e2ee41

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlReleaseResource
RtlSystemTimeToLocalTime
RtlInitUnicodeString
RtlCreateTimer
RtlInitAnsiString
RtlLookupElementGenericTable
RtlAcquireResourceExclusive
VerSetConditionMask
RtlInitializeSid
RtlUniform
RtlEqualSid
NtQuerySystemTime
RtlLookupElementGenericTableAvl
RtlVerifyVersionInfo
RtlLengthSid
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAce
NtClose
NtQuerySystemInformation
RtlDeleteTimerQueue
RtlValidSid
RtlCompareUnicodeString
RtlSubAuthorityCountSid
NtOpenThreadToken
RtlEraseUnicodeString
RtlFreeSid
NtCreateEvent
RtlConvertSidToUnicodeString
RtlDeregisterWait
RtlCreateTimerQueue
NtOpenEvent
RtlDeleteResource
RtlGetElementGenericTable
RtlEqualUnicodeString
RtlTimeToTimeFields
RtlCreateAcl
RtlFreeAnsiString
RtlSetDaclSecurityDescriptor
RtlNtStatusToDosError
RtlCopySid
RtlInsertElementGenericTable
RtlEqualDomainName
RtlAnsiStringToUnicodeString
DbgPrint
NtQueryInformationToken
RtlAppendUnicodeStringToString
RtlPrefixUnicodeString
NtWaitForSingleObject
RtlTimeFieldsToTime
NtAllocateVirtualMemory
RtlUpcaseUnicodeString
RtlInitializeCriticalSection
NtSetSecurityObject
RtlCopyLuid
RtlFreeUnicodeString
RtlInitializeGenericTableAvl
RtlAllocateAndInitializeSid
RtlDeleteElementGenericTable
NtDuplicateObject
RtlCopyUnicodeString
NtOpenProcessToken
RtlRunDecodeUnicodeString
RtlDowncaseUnicodeString
RtlAcquireResourceShared
RtlCompareMemory
NtAllocateLocallyUniqueId
RtlDeleteCriticalSection
RtlConvertSharedToExclusive
RtlOemStringToUnicodeString
RtlRegisterWait
RtlInsertElementGenericTableAvl
RtlInitializeResource
RtlEnterCriticalSection
RtlLengthRequiredSid
RtlSubAuthoritySid
RtlLeaveCriticalSection
RtlUnicodeStringToAnsiString
RtlIntegerToUnicodeString

msvcrt

wcslen
_vsnprintf
strrchr
wcscmp
_except_handler3
wcsrchr
malloc
_wcsicmp
_strcmpi
_adjust_fdiv
free
wcsspn
qsort
_wcsnicmp
wcscat
_ultoa
_strnicmp
sscanf
_stricmp
strchr
sprintf
swprintf
wcscpy
_initterm
wcstoul

user32

CharLowerBuffW
wsprintfW

cryptdll

MD5Init
CDGenerateRandomBits
CDBuildIntegrityVect
MD5Final
MD5Update
CDLocateCheckSum
CDLocateCSystem
CDFindCommonCSystemWithKey

msasn1

ASN1BERDecZeroCharString
ASN1BERDecSkip
ASN1_Encode
ASN1BEREncOctetString
ASN1charstring_free
ASN1ztcharstring_free
ASN1BEREncBool
ASN1Free
ASN1_CreateModule
ASN1BEREncSX
ASN1intx2int32
ASN1BERDecEndOfContents
ASN1objectidentifier_free
ASN1intx_setuint32
ASN1BERDecOctetString
ASN1BEREncCharString
ASN1BEREncU32
ASN1BEREncObjectIdentifier
ASN1octetstring_free
ASN1BERDecNotEndOfContents
ASN1BERDecS32Val
ASN1_CreateEncoder
ASN1BERDecU32Val
ASN1BEREncExplicitTag
ASN1BERDecPeekTag
ASN1BEREncOpenType
ASN1intx_free
ASN1_CreateDecoder
ASN1BERDecBitString
ASN1BERDecCharString
ASN1_CloseEncoder
ASN1_FreeDecoded
ASN1BERDecOpenType2
ASN1BEREncBitString
ASN1EncSetError
ASN1BEREncS32
ASN1CEREncGeneralizedTime
ASN1BERDecSXVal
ASN1intx2uint32
ASN1_CloseDecoder
ASN1DecAlloc
ASN1BERDecBool
ASN1bitstring_free
ASN1BERDecExplicitTag
ASN1intxisuint32
ASN1DecSetError
ASN1_Decode
ASN1BERDecGeneralizedTime
ASN1_FreeEncoded
ASN1BERDecObjectIdentifier
ASN1BEREncEndOfContents

kernel32

UnmapViewOfFile
GetComputerNameExW
TerminateProcess
RaiseException
CloseHandle
RegisterWaitForSingleObjectEx
MultiByteToWideChar
EnterCriticalSection
GetModuleFileNameA
GetModuleHandleW
WriteFile
UnhandledExceptionFilter
GetModuleFileNameW
lstrlenW
LeaveCriticalSection
FileTimeToSystemTime
InterlockedDecrement
GetEnvironmentVariableW
GetSystemTimeAsFileTime
GetProfileStringA
OutputDebugStringA
UnregisterWait
SetUnhandledExceptionFilter
OpenEventW
FreeLibrary
InterlockedIncrement
DeleteCriticalSection
LocalFree
QueryPerformanceCounter
GetLastError
OpenFileMappingW
InitializeCriticalSection
GetProcAddress
InterlockedCompareExchange
GetLocalTime
CreateFileMappingW
ExpandEnvironmentStringsW
WideCharToMultiByte
GetComputerNameW
MapViewOfFileEx
CreateFileA
LoadLibraryW
InterlockedExchange
lstrcpyW
GetTickCount
GetCurrentThreadId
LocalAlloc
FormatMessageW
DebugBreak
GetSystemInfo
CreateEventW
Sleep
lstrcmpiA
lstrlenA
InterlockedExchangeAdd
CreateFileW
VirtualAlloc
GetCurrentThread
SetEvent
GetCurrentProcessId
GetCurrentProcess
lstrcmpW
GetACP
DisableThreadLibraryCalls
LoadLibraryA

advapi32

CryptGetProvParam
SetThreadToken
RegQueryValueExW
TraceEvent
RegCloseKey
CredUnmarshalCredentialW
RegisterEventSourceW
SystemFunction007
OpenSCManagerW
RegEnumKeyExW
SystemFunction006
RegNotifyChangeKeyValue
RegDeleteValueW
RegOpenKeyW
CryptAcquireContextW
RegCreateKeyExW
RegSetValueExW
CryptReleaseContext
CredFree
CloseServiceHandle
OpenThreadToken
GetTokenInformation
OpenServiceW
QueryServiceStatus
CryptDestroyHash
AllocateAndInitializeSid
RegisterTraceGuidsW
CryptCreateHash
QueryServiceConfigW
OpenProcessToken
CryptGetHashParam
RegOpenKeyExW
CryptHashData
RegQueryInfoKeyW
RegConnectRegistryW
LookupAccountSidW
DeregisterEventSource
FreeSid
CryptSetProvParam
GetTraceLoggerHandle
RevertToSelf
ReportEventW

secur32

LsaFreeReturnBuffer
FreeContextBuffer
CredUnmarshalTargetInfo
LsaGetLogonSessionData
CredMarshalTargetInfo

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

108c3caeeb36348d902e640357e2ee41

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

msvcrt

user32

cryptdll

msasn1

kernel32

advapi32

secur32

Sections

.text Size: 18KB - Virtual size: 17KB

.data Size: 9KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 36KB - Virtual size: 36KB

.rdata Size: 264KB - Virtual size: 263KB

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 9KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 36KB - Virtual size: 36KB

.rdata
Size: 264KB - Virtual size: 263KB