d26c2f4d7c97822b436846b3c1f6c314_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d26c2f4d7c97822b436846b3c1f6c314_JaffaCakes118
Size

30KB
MD5

d26c2f4d7c97822b436846b3c1f6c314
SHA1

3fab7eca6a1ffc39ec5a74bd5ecd6812ab104c0e
SHA256

647dbab713b1d2e06ff949a8da0e5c8b7df54d342925768a40d748836ba9230a
SHA512

bf3bf48bea60b43621ba15d9d68ccd62d35329147b9d6d3ef18e0bcc5172e5619d78de85f41dc1625b7c0a78f227b0f600066fed818c83161fcab2d24546e68f
SSDEEP

768:DNz1vFrOwQ8fXIvjdrX88nSvx7kuYiCy3+rHm/h:DNz1vFrNQ8Q6x7Ui73+rG/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d26c2f4d7c97822b436846b3c1f6c314_JaffaCakes118

Files

d26c2f4d7c97822b436846b3c1f6c314_JaffaCakes118
.exe windows:5 windows x86 arch:x86

535e897cd52be6e48f8ecf088428fe76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

adsldpc

ADsFreeColumn

msasn1

ASN1bitstring_free
ASN1BERDecBitString
ASN1char32string_free
ASN1BERDecEoid
ASN1CEREncBeginBlk
ASN1_CreateEncoder
ASN1BERDecNotEndOfContents
ASN1BEREoid2DotVal
ASN1_Encode
ASN1_CreateModule
ASN1_FreeEncoded
ASN1BERDecChar16String
ASN1octetstring_free
ASN1CEREncFlushBlkElement
ASN1CEREncNewBlkElement
ASN1_SetEncoderOption
ASN1BEREncU32
ASN1_CloseEncoder
ASN1CEREncGeneralizedTime
ASN1CEREncUTCTime
ASN1CEREncEndBlk
ASN1BEREncBool
ASN1BEREncS32
ASN1BEREncMultibyteString
ASN1intx_free
ASN1BERDecEndOfContents
ASN1BEREncChar16String
ASN1BERDecObjectIdentifier2
ASN1EncSetError
ASN1BERDecZeroCharString
ASN1DecRealloc
ASN1utf8string_free
ASN1BEREncSX
ASN1BEREncBitString
ASN1BERDecMultibyteString
ASN1BERDecOctetString
ASN1BEREncChar32String
ASN1BERDecS32Val
ASN1BERDecOctetString2
ASN1objectidentifier2_cmp
ASN1BEREncEoid
ASN1_CreateDecoder
ASN1BEREncObjectIdentifier2
ASN1BEREncUTF8String
ASN1BEREncExplicitTag
ASN1BERDecCharString
ASN1BERDecOpenType2
ASN1BEREoid_free
ASN1BERDecUTCTime
ASN1Free
ASN1charstring_free
ASN1_Decode
ASN1char16string_free
ASN1_FreeDecoded
ASN1BERDecPeekTag
ASN1_CloseModule
ASN1_CloseDecoder
ASN1BERDecChar32String
ASN1BEREncOpenType
ASN1BERDecU32Val
ASN1BERDecExplicitTag
ASN1BEREncEndOfContents
ASN1BERDecOpenType
ASN1BEREncCharString
ASN1BERDecBitString2
ASN1BERDecSXVal
ASN1BERDecUTF8String
ASN1BERDotVal2Eoid
ASN1DecSetError
ASN1BEREncOctetString
ASN1open_free
ASN1BERDecBool
ASN1BERDecGeneralizedTime
ASN1ztcharstring_free

advapi32

RegEnumValueW
CryptHashData
RegConnectRegistryW
CryptExportKey
CryptDestroyHash
RegDeleteValueW
CryptGetProvParam
AllocateAndInitializeSid
CryptGetDefaultProviderW
ControlService
RegDeleteValueA
RegConnectRegistryA
SystemFunction041
QueryServiceStatus
OpenSCManagerW
OpenProcessToken
FreeSid
CryptGenKey
LookupAccountSidW
InitializeAcl
CopySid
A_SHAUpdate
RegOpenKeyExA
CryptSetProviderA
CryptGetKeyParam
OpenServiceW
CryptCreateHash
SetSecurityDescriptorOwner
RegSetKeySecurity
CryptAcquireContextA
CryptVerifySignatureA
RegOpenKeyExW
RegDeleteKeyA
LockServiceDatabase
RegCloseKey
GetLengthSid
GetTokenInformation
RegDeleteKeyW
CryptSignHashA
IsValidSid
RegQueryInfoKeyW
UnlockServiceDatabase
StartServiceW
GetSecurityDescriptorDacl
GetSecurityDescriptorOwner
CloseServiceHandle
RegEnumKeyExW
CryptGetUserKey
RegEnumKeyA
RegGetKeySecurity
CryptSetKeyParam
MD5Final
RegNotifyChangeKeyValue
CryptDecrypt
AdjustTokenPrivileges
CryptGenRandom
OpenThreadToken
RegEnumKeyExA
RegQueryInfoKeyA
GetUserNameA
EqualSid
RegQueryValueExW
CryptReleaseContext
GetSidSubAuthorityCount
CryptGetHashParam
SystemFunction040
GetAce
QueryServiceConfigA
CryptEncrypt
CryptSetHashParam
StartServiceA
RegEnumValueA
CryptDeriveKey
MD5Update
GetSidSubAuthority
RegSetValueExA
SetSecurityDescriptorDacl
LsaNtStatusToWinError
CryptSetProvParam
RegCreateKeyExA
RegCreateKeyExW
CryptImportKey
CryptDestroyKey
A_SHAInit
MD5Init
AddAccessAllowedAce
RegQueryValueExA
A_SHAFinal
ChangeServiceConfigA
GetUserNameW
SetSecurityDescriptorGroup
InitializeSecurityDescriptor
LookupPrivilegeValueA
RegSetValueExW
GetSidIdentifierAuthority

msvcrt

bsearch
sprintf
qsort
_wcsnicmp
__dllonexit
strncmp
wcscpy
isxdigit
free
_adjust_fdiv
strncpy
_ultoa
_snwprintf
memmove
malloc
isdigit
memcpy
strtoul
isupper
wcscat
_ltow
_onexit
_itow
_except_handler3
wcslen
atol
_snprintf
_initterm
_ltoa
wcschr
wcscmp
_wcsicmp

kernel32

Sleep
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetDateFormatW
FindNextFileW
OpenEventA
CompareStringW
GetModuleFileNameA
MultiByteToWideChar
LocalFree
GetTimeFormatW
GetVersionExA
GetCurrentThreadId
GetSystemDefaultLangID
FormatMessageW
GetSystemTime
CreateDirectoryW
MapViewOfFile
UnhandledExceptionFilter
GetModuleFileNameW
CreateEventA
FindCloseChangeNotification
DeleteFileW
WaitForMultipleObjectsEx
LeaveCriticalSection
DelayLoadFailureHook
CreateFileMappingA
FindFirstChangeNotificationA
FormatMessageA
SetEvent
GetFileAttributesExW
TlsGetValue
CloseHandle
FindClose
GetACP
lstrcatA
TlsFree
FindFirstChangeNotificationW
CreateFileA
GetTimeFormatA
CompareStringA
InterlockedIncrement
GetTickCount
WideCharToMultiByte
CreateMutexW
LoadLibraryA
lstrlenA
OpenMutexA
WaitForSingleObject
GetLocalTime
LocalReAlloc
lstrcmpA
QueryPerformanceCounter
SetEndOfFile
FreeLibraryAndExitThread
GetCurrentThread
SetFileAttributesW
CreateFileMappingW
GetFileAttributesW
FindNextChangeNotification
CreateMutexA
FreeLibrary
InterlockedCompareExchange
EnterCriticalSection
TlsSetValue
lstrcpyA
FileTimeToSystemTime
DeleteFileA
GetTempFileNameA
GetDateFormatA
LocalAlloc
GetTempPathA
ReadFile
GetFileSize
OpenMutexW
OpenFileMappingW
SetFileAttributesA
OutputDebugStringA
SystemTimeToFileTime
CreateFileW
WriteFile
FindFirstFileW
VirtualAlloc
GetModuleHandleA
GetComputerNameA
PulseEvent
FindNextFileA
ExpandEnvironmentStringsW
ReleaseMutex
WaitForSingleObjectEx
ExpandEnvironmentStringsA
CompareFileTime
GetCurrentProcessId
ExitThread
LoadLibraryExW
GetProcAddress
GetCurrentProcess
InterlockedExchange
LocalSize
DuplicateHandle
TerminateProcess
TlsAlloc
InitializeCriticalSection
GetEnvironmentVariableA
UnmapViewOfFile
SetFilePointer
SetLastError
GetLastError
lstrlenW
GetFileAttributesA
InterlockedDecrement
CreateThread
FileTimeToLocalFileTime
FindFirstFileA
GetUserDefaultLCID
CreateDirectoryA
GetComputerNameW
LoadLibraryExA

rpcrt4

RpcStringBindingComposeA
RpcStringBindingComposeW
NdrClientCall2
UuidCreate
RpcEpResolveBinding
RpcStringFreeW
RpcStringFreeA
UuidToStringA
RpcBindingFromStringBindingW
RpcBindingFromStringBindingA
RpcBindingFree
RpcImpersonateClient
RpcRevertToSelf
RpcBindingSetAuthInfoExW

user32

LoadStringW
MessageBoxA
GetProcessDefaultLayout
wsprintfA
GetSystemMetrics
wsprintfW
MessageBoxW
LoadStringA

Sections

.textbss
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 28KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

535e897cd52be6e48f8ecf088428fe76

Headers

DLL Characteristics

File Characteristics

Imports

adsldpc

msasn1

advapi32

msvcrt

kernel32

rpcrt4

user32

Sections

.textbss Size: - Virtual size: 80KB

.text Size: 512B - Virtual size: 416B

.rdata Size: 512B - Virtual size: 32B

.reloc Size: 512B - Virtual size: 196B

.idata Size: 28KB - Virtual size: 104KB

.textbss
Size: - Virtual size: 80KB

.text
Size: 512B - Virtual size: 416B

.rdata
Size: 512B - Virtual size: 32B

.reloc
Size: 512B - Virtual size: 196B

.idata
Size: 28KB - Virtual size: 104KB