cf3128de151ba57dfef13c8657fcbd3b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cf3128de151ba57dfef13c8657fcbd3b_JaffaCakes118
Size

97KB
MD5

cf3128de151ba57dfef13c8657fcbd3b
SHA1

09575cc3ea7bdff79113bd2eb1bacdfd97be0534
SHA256

265f4fac65274b7998030760d8ffe6b378815ba07a2d40e825806013edb9e19a
SHA512

cb416e582b53f0ad66f56dd4b8229485773c90a7a35fd9273983482bc3a18157f8a38f733060647c21c98e0631ef6dafd18c67bb38918c1ec682a3253335cdfa
SSDEEP

1536:0KMKfQWxogyiFYTVgzLEqN3xAgzKvU0rs/2wQYFpBb1Zpm55Gq:0KMmQWygylQpVz8xrS25cm55f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf3128de151ba57dfef13c8657fcbd3b_JaffaCakes118

Files

cf3128de151ba57dfef13c8657fcbd3b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

65f706c57ee5f219dbddf1a04f3d9b15

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msasn1

ASN1BERDecS32Val
ASN1_CreateEncoder
ASN1_CreateModule
ASN1BEREncCharString
ASN1BEREncExplicitTag
ASN1BERDecExplicitTag
ASN1BERDecNotEndOfContents
ASN1intx2int32
ASN1BERDecBitString
ASN1EncSetError
ASN1BERDecGeneralizedTime
ASN1BERDecOctetString
ASN1objectidentifier_free
ASN1BERDecOpenType2
ASN1Free
ASN1_CloseEncoder
ASN1BEREncS32
ASN1BEREncOpenType
ASN1BERDecSkip
ASN1_Decode
ASN1_CloseDecoder
ASN1intx_setuint32
ASN1BERDecPeekTag
ASN1DecSetError
ASN1BERDecEndOfContents
ASN1charstring_free
ASN1bitstring_free
ASN1_Encode
ASN1BERDecSXVal
ASN1BEREncSX
ASN1BERDecObjectIdentifier
ASN1BEREncEndOfContents
ASN1BEREncObjectIdentifier
ASN1_FreeDecoded
ASN1DecAlloc
ASN1BERDecCharString
ASN1BEREncOctetString
ASN1octetstring_free
ASN1BEREncU32
ASN1_FreeEncoded
ASN1BERDecBool
ASN1BEREncBool
ASN1ztcharstring_free
ASN1CEREncGeneralizedTime
ASN1BEREncBitString
ASN1intxisuint32
ASN1intx_free
ASN1BERDecZeroCharString
ASN1BERDecU32Val
ASN1_CreateDecoder
ASN1intx2uint32

ntdll

RtlInitUnicodeString
RtlUniform
RtlSetDaclSecurityDescriptor
NtDuplicateObject
RtlCopyLuid
NtCreateEvent
RtlInsertElementGenericTable
RtlDeregisterWait
RtlOemStringToUnicodeString
RtlInitAnsiString
RtlTimeToTimeFields
RtlSubAuthorityCountSid
NtClose
RtlDeleteCriticalSection
RtlInitializeSid
RtlLookupElementGenericTable
RtlLengthSid
NtAllocateVirtualMemory
RtlCreateSecurityDescriptor
NtOpenThreadToken
RtlLeaveCriticalSection
RtlFreeUnicodeString
RtlRegisterWait
RtlTimeFieldsToTime
NtSetSecurityObject
RtlFreeSid
RtlGetElementGenericTable
RtlDeleteTimerQueue
DbgPrint
RtlVerifyVersionInfo
RtlCreateTimerQueue
RtlCompareMemory
RtlAcquireResourceExclusive
NtOpenEvent
RtlEqualUnicodeString
NtCreateDebugObject
RtlEqualSid
RtlRunDecodeUnicodeString
RtlAppendUnicodeStringToString
RtlInitializeResource
RtlIntegerToUnicodeString
RtlDeleteResource
RtlCopySid
RtlEqualDomainName
RtlEraseUnicodeString
RtlInitializeGenericTableAvl
RtlAllocateAndInitializeSid
RtlAcquireResourceShared
NtQuerySystemTime
RtlValidSid
RtlInsertElementGenericTableAvl
RtlCompareUnicodeString
RtlPrefixUnicodeString
RtlSystemTimeToLocalTime
NtQuerySystemInformation
RtlUpcaseUnicodeString
RtlEnterCriticalSection
RtlInitializeCriticalSection
RtlSubAuthoritySid
NtQueryInformationToken
RtlCreateTimer
NtOpenProcessToken
RtlCopyUnicodeString
RtlDowncaseUnicodeString
RtlLookupElementGenericTableAvl
RtlUnicodeStringToAnsiString
RtlDeleteElementGenericTable
RtlFreeAnsiString
RtlCreateAcl
NtAllocateLocallyUniqueId
RtlNtStatusToDosError
NtWaitForSingleObject
RtlAddAccessAllowedAce
RtlUlongByteSwap
RtlConvertSidToUnicodeString
RtlInitializeGenericTable
RtlReleaseResource
VerSetConditionMask

cryptdll

CDGenerateRandomBits
MD5Update
CDLocateCSystem
MD5Init
CDFindCommonCSystemWithKey
CDBuildIntegrityVect
CDLocateCheckSum
MD5Final

advapi32

GetTokenInformation
RegConnectRegistryW
TraceEvent
RegDeleteValueW
RegQueryInfoKeyW
RegisterEventSourceW
RegisterTraceGuidsW
SystemFunction007
RevertToSelf
CryptSetProvParam
OpenProcessToken
CredUnmarshalCredentialW
OpenThreadToken
CloseServiceHandle
RegCloseKey
QueryServiceConfigW
OpenSCManagerW
LookupAccountSidW
DeregisterEventSource
CryptGetHashParam
CryptReleaseContext
RegOpenKeyExW
SystemFunction006
CryptDestroyHash
RegCreateKeyExW
QueryServiceStatus
CryptHashData
CryptGetProvParam
RegEnumKeyExW
GetTraceLoggerHandle
RegNotifyChangeKeyValue
RegSetValueExW
SetThreadToken
RegQueryValueExW
CryptCreateHash
OpenServiceW
FreeSid
ReportEventW
AllocateAndInitializeSid
RegOpenKeyW
CredFree
CryptAcquireContextW

secur32

CredMarshalTargetInfo
LsaFreeReturnBuffer
CredUnmarshalTargetInfo
LsaGetLogonSessionData
FreeContextBuffer

kernel32

RegisterWaitForSingleObjectEx
InterlockedDecrement
GetModuleFileNameA
LocalAlloc
GetModuleFileNameW
FileTimeToSystemTime
GetEnvironmentVariableW
CreateEventW
InterlockedExchangeAdd
Sleep
GetCurrentProcess
TerminateProcess
LocalFree
LoadLibraryA
VirtualAlloc
WriteFile
GetCurrentThreadId
OpenFileMappingW
CreateFileW
SetUnhandledExceptionFilter
MultiByteToWideChar
InterlockedIncrement
InterlockedExchange
UnregisterWait
GetModuleHandleW
InitializeCriticalSection
GetComputerNameExW
lstrlenA
GetCurrentProcessId
CreateFileA
OutputDebugStringA
CreateFileMappingW
GetSystemInfo
SetEvent
lstrlenW
ExitProcess
GetSystemTimeAsFileTime
GetCurrentThread
InterlockedCompareExchange
UnhandledExceptionFilter
GetComputerNameW
lstrcmpW
LoadLibraryW
ExpandEnvironmentStringsW
GetProcAddress
EnterCriticalSection
lstrcmpiA
CloseHandle
WideCharToMultiByte
GetACP
GetTickCount
GetLocalTime
GetLastError
DisableThreadLibraryCalls
LeaveCriticalSection
DebugBreak
DeleteCriticalSection
lstrcpyW
QueryPerformanceCounter
OpenEventW
MapViewOfFileEx
FormatMessageW
UnmapViewOfFile
RaiseException
FreeLibrary

msvcrt

wcstoul
_wcsnicmp
wcslen
wcscpy
_adjust_fdiv
wcscat
_vsnprintf
_except_handler3
_stricmp
sscanf
_strnicmp
_wcsicmp
_initterm
malloc
swprintf
strchr
wcscmp
strrchr
_strcmpi
sprintf
wcsrchr
_ultoa
wcsspn
free
qsort

user32

wsprintfW
CharLowerBuffW

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 160KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

65f706c57ee5f219dbddf1a04f3d9b15

Headers

DLL Characteristics

File Characteristics

Imports

msasn1

ntdll

cryptdll

advapi32

secur32

kernel32

msvcrt

user32

Sections

.text Size: 12KB - Virtual size: 11KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 144KB - Virtual size: 143KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 160KB - Virtual size: 1.4MB

.text
Size: 12KB - Virtual size: 11KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 144KB - Virtual size: 143KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 160KB - Virtual size: 1.4MB