ce3be89980c2211163a825893bbc3f8e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ce3be89980c2211163a825893bbc3f8e_JaffaCakes118
Size

258KB
MD5

ce3be89980c2211163a825893bbc3f8e
SHA1

0a41e94a309781081aa7b6be024df1bdd518dd70
SHA256

3d3480ddeeba8665f75faf75bd1b63272962bc261ae593cf511e6f6162d80889
SHA512

13747eb33016f101bcd8907fd6550276b9e4c190cb6b2d0653f63eef4200d85213cdc15ba497065a10a0162d2046438f5ee703353d2c1530c37b1d7882caf1d4
SSDEEP

6144:5F/TR5riixfNvEEQZpEe8P8jL5ka7XkYOgHmFK:5VxFMEQHLU8jLb7XCK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ce3be89980c2211163a825893bbc3f8e_JaffaCakes118

Files

ce3be89980c2211163a825893bbc3f8e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0be84a7282ded7e372cbd050df196294

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

t:\exchcsp\x86\ship\0\exchcsp.pdb

Imports

msvcr80

?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__clean_type_info_names_internal
_crt_debugger_hook
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
calloc
fgetc
getc
ungetc
fprintf
_errno
fopen_s
??3@YAXPAX@Z
__CxxFrameHandler3
memcpy
??2@YAPAXI@Z
free
_strdup
vswprintf_s
malloc
atoi
strcpy_s
_wcsnicmp
strcat_s
_strlwr_s
_except_handler3
atol
realloc
_stricmp
memset
memmove
isdigit
isupper
strncmp
fclose
_ltoa_s
vsprintf_s
isspace
strchr
isxdigit
toupper
isalpha

kernel32

LocalFree
LocalAlloc
RtlMoveMemory
DeviceIoControl
HeapFree
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetDiskFreeSpaceA
SetLastError
IsBadWritePtr
IsBadReadPtr
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
GetVersionExA
GetTickCount
GetLastError
GlobalMemoryStatus
WideCharToMultiByte
LoadLibraryW
GetModuleFileNameW
OutputDebugStringA
GetACP
GetLocaleInfoA
LoadLibraryA
GetModuleFileNameA
IsBadStringPtrA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrlenA
lstrcmpiA
IsBadStringPtrW
MultiByteToWideChar
lstrcpyW
lstrlenW
GetSystemDefaultLCID
GetUserDefaultLCID
lstrcmpA
CloseHandle
CreateFileA
Sleep
RaiseException
LockResource
LoadResource
FindResourceA
IsValidCodePage
GetFileAttributesA
GetProcessHeap
GetFullPathNameA
GetFullPathNameW
LoadLibraryExA
LoadLibraryExW
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
lstrcpynA
lstrcpyA
VirtualProtect
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
InterlockedExchange
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLocalTime
HeapAlloc
FreeLibrary

advapi32

RegSetValueExA
CryptGetProvParam
CryptReleaseContext
CryptAcquireContextA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
CryptDestroyKey
CryptDestroyHash
CryptVerifySignatureA
CryptHashData
CryptCreateHash
RegDeleteKeyA
RegEnumKeyExA
RegEnumValueA
RegQueryValueExW
RegQueryInfoKeyA
RegOpenKeyExW

user32

SetDlgItemTextA
MessageBoxW
GetActiveWindow
IsDlgButtonChecked
GetDlgItem
EnableWindow
SetWindowTextA
SetWindowTextW
DialogBoxParamW
WinHelpA
GetDlgItemTextA
GetDlgItemInt
EndDialog
SetDlgItemTextW
SetFocus
SetWindowLongA
SetDlgItemInt
ShowWindow
SendMessageA
IsWindow
GetWindowLongA

crypt32

CertFindCertificateInStore
CertCloseStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertSetCertificateContextProperty
CertOpenStore
CertAddEncodedCertificateToStore
CertGetIssuerCertificateFromStore
CertCompareCertificateName
CertAddCertificateContextToStore
CertDeleteCertificateFromStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CryptImportPublicKeyInfo
CertCreateCertificateContext
CertSaveStore
CertGetSubjectCertificateFromStore
CertCompareCertificate
CryptDecodeObject
CryptEncodeObject
CertStrToNameA
CertNameToStrW

ole32

CoTaskMemFree
CoTaskMemAlloc

Exports

Exports

BuildEnrollmentMessage
BuildRenewalMessage
CPAcquireContext
CPCreateHash
CPDecrypt
CPDeriveKey
CPDestroyHash
CPDestroyKey
CPEncrypt
CPExportKey
CPGenKey
CPGenRandom
CPGetHashParam
CPGetKeyParam
CPGetProvParam
CPGetUserKey
CPHashData
CPHashSessionKey
CPImportKey
CPReleaseContext
CPSetHashParam
CPSetKeyParam
CPSetProvParam
CPSignHash
CPVerifySignature
ChangeStorePassword
PStoreToEPF
ProcessEnrollmentResponse
UpgradeEpfToPstore

Sections

.text
Size: 242KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0be84a7282ded7e372cbd050df196294

Headers

File Characteristics

PDB Paths

Imports

msvcr80

kernel32

advapi32

user32

crypt32

ole32

Exports

Exports

Sections

.text Size: 242KB - Virtual size: 242KB

.data Size: 1024B - Virtual size: 7KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 242KB - Virtual size: 242KB

.data
Size: 1024B - Virtual size: 7KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 10KB - Virtual size: 10KB