dd56e6ddc24b39ce466e6f6683c10f9b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

dd56e6ddc24b39ce466e6f6683c10f9b_JaffaCakes118
Size

55KB
MD5

dd56e6ddc24b39ce466e6f6683c10f9b
SHA1

83f16123e720ee4fe6428c4774e8f5047a23fa07
SHA256

acf2fa8dbb8f1996b418fec0ff82b33513e83cecee38267855f5c19c7b2eb546
SHA512

7f458c52d39741b33eb29c339d7c36d597fa707092c670b240b658e8b4c0e9f4f72c4e2aadc94fa4c43c9b809a5d3b7f424c6812a700b0dc9f9b1829b717b544
SSDEEP

1536:gugdJn248DW6UlbLpAwRlvJ9XB38LuFiVvsFm/3:gugfn2416mbCyvHXB3tSsFm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd56e6ddc24b39ce466e6f6683c10f9b_JaffaCakes118

Files

dd56e6ddc24b39ce466e6f6683c10f9b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0b67f216c6f4d1999edb7a97568cd5cd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msasn1

ASN1_CreateModule
ASN1BERDecUTF8String
ASN1BERDecChar32String
ASN1_FreeDecoded
ASN1BEREncChar32String
ASN1BERDecUTCTime
ASN1BERDecU32Val
ASN1BERDecExplicitTag
ASN1_CloseModule
ASN1BEREncObjectIdentifier2
ASN1BERDecOctetString
ASN1objectidentifier2_cmp
ASN1BEREncBool
ASN1octetstring_free
ASN1BEREncU32
ASN1BERDecCharString
ASN1_FreeEncoded
ASN1BEREncS32
ASN1CEREncUTCTime
ASN1char16string_free
ASN1BERDecBitString
ASN1_SetEncoderOption
ASN1char32string_free
ASN1charstring_free
ASN1_Decode
ASN1BERDecZeroCharString
ASN1intx_free
ASN1_CloseEncoder
ASN1BERDecMultibyteString
ASN1BERDecEoid
ASN1BEREncSX
ASN1BERDotVal2Eoid
ASN1_Encode
ASN1BERDecS32Val
ASN1ztcharstring_free
ASN1BERDecOctetString2
ASN1BERDecEndOfContents
ASN1BEREncBitString
ASN1open_free
ASN1BEREncCharString
ASN1EncSetError
ASN1BERDecSXVal
ASN1_CreateEncoder
ASN1_CloseDecoder
ASN1BERDecBool
ASN1BEREoid2DotVal
ASN1CEREncFlushBlkElement
ASN1CEREncNewBlkElement
ASN1BEREncOpenType
ASN1BEREncEndOfContents
ASN1bitstring_free
ASN1BERDecObjectIdentifier2
ASN1BEREoid_free
ASN1BERDecBitString2
ASN1BERDecOpenType2
ASN1CEREncEndBlk
ASN1BEREncEoid
ASN1BEREncUTF8String
ASN1utf8string_free
ASN1DecSetError
ASN1BERDecNotEndOfContents
ASN1CEREncGeneralizedTime
ASN1BERDecGeneralizedTime
ASN1_CreateDecoder
ASN1BEREncMultibyteString
ASN1BEREncChar16String
ASN1CEREncBeginBlk
ASN1BEREncOctetString
ASN1DecRealloc
ASN1Free
ASN1BERDecOpenType
ASN1BERDecPeekTag
ASN1BEREncExplicitTag
ASN1BERDecChar16String

rpcrt4

RpcBindingFree
RpcBindingFromStringBindingA
RpcBindingFromStringBindingW
RpcRevertToSelf
NdrClientCall2
RpcBindingSetAuthInfoExW
RpcImpersonateClient
UuidCreate
RpcStringBindingComposeA
UuidToStringA
RpcStringFreeW
RpcStringBindingComposeW
RpcEpResolveBinding
RpcStringFreeA

user32

wsprintfA
MessageBoxW
LoadStringW
LoadStringA
GetSystemMetrics
wsprintfW
GetProcessDefaultLayout
MessageBoxA

advapi32

CryptGetDefaultProviderW
CryptGenKey
GetAce
A_SHAUpdate
CryptSignHashA
RegConnectRegistryW
CryptGetKeyParam
CryptExportKey
RegEnumKeyExW
CryptEncrypt
CryptDecrypt
QueryServiceStatus
IsValidSid
OpenServiceW
ChangeServiceConfigA
RegDeleteValueW
LockServiceDatabase
SystemFunction040
SetSecurityDescriptorDacl
StartServiceW
RegDeleteKeyW
GetLengthSid
InitializeAcl
GetSidIdentifierAuthority
SetSecurityDescriptorOwner
ControlService
MD5Final
OpenThreadToken
RegOpenKeyExA
CryptDestroyKey
A_SHAInit
UnlockServiceDatabase
CryptGetProvParam
OpenSCManagerW
MD5Update
AdjustTokenPrivileges
CryptGenRandom
CryptDeriveKey
CryptGetHashParam
RegDeleteKeyA
RegCreateKeyExW
CloseServiceHandle
LookupAccountSidW
LsaNtStatusToWinError
CryptDestroyHash
RegGetKeySecurity
CryptVerifySignatureA
RegEnumKeyA
SetSecurityDescriptorGroup
GetTokenInformation
RegQueryInfoKeyA
RegSetKeySecurity
RegQueryInfoKeyW
CryptSetProviderA
CryptSetHashParam
GetSidSubAuthority
RegQueryValueExA
CryptGetUserKey
RegDeleteValueA
GetSecurityDescriptorDacl
LookupPrivilegeValueA
MD5Init
RegSetValueExW
GetUserNameA
RegEnumValueW
StartServiceA
FreeSid
SystemFunction041
OpenProcessToken
RegConnectRegistryA
A_SHAFinal
CryptAcquireContextA
CryptImportKey
RegCreateKeyExA
RegEnumValueA
GetUserNameW
CopySid
RegSetValueExA
GetSecurityDescriptorOwner
CryptCreateHash
RegEnumKeyExA
AllocateAndInitializeSid
CryptSetKeyParam
CryptReleaseContext
RegNotifyChangeKeyValue
QueryServiceConfigA
RegOpenKeyExW
GetSidSubAuthorityCount
AddAccessAllowedAce
CryptHashData
RegQueryValueExW
RegCloseKey
CryptSetProvParam
EqualSid
InitializeSecurityDescriptor

adsldpc

ADsFreeColumn

kernel32

WaitForSingleObject
GetComputerNameW
FindFirstChangeNotificationW
LocalReAlloc
SetFilePointer
ExpandEnvironmentStringsW
WaitForSingleObjectEx
ExitThread
FindFirstFileW
UnhandledExceptionFilter
OpenEventA
SetUnhandledExceptionFilter
GetCurrentThreadId
GetProcAddress
FindCloseChangeNotification
InterlockedIncrement
LocalAlloc
WaitForMultipleObjectsEx
CreateThread
ExpandEnvironmentStringsA
GetTempFileNameA
GetModuleHandleA
GetSystemDefaultLangID
SetLastError
SetFileAttributesA
lstrlenW
TlsAlloc
GetCurrentThread
GetVersionExA
GetACP
GetFileAttributesExW
DeleteFileA
ReleaseMutex
SetEndOfFile
GetCurrentProcessId
GetEnvironmentVariableA
GetFileAttributesA
lstrcpyA
GetDateFormatW
LocalFree
GetFileSize
CompareFileTime
TlsGetValue
OpenMutexA
QueryPerformanceCounter
InterlockedDecrement
ReadFile
GetSystemTimeAsFileTime
Sleep
FindFirstFileA
CreateDirectoryA
GetLocalTime
DuplicateHandle
lstrcmpA
GetTickCount
FindClose
InterlockedExchange
SetEvent
lstrlenA
UnmapViewOfFile
VirtualAlloc
FileTimeToSystemTime
CreateFileMappingW
LeaveCriticalSection
InitializeCriticalSection
GetTimeFormatA
TlsSetValue
WideCharToMultiByte
CreateDirectoryW
GetUserDefaultLCID
MultiByteToWideChar
FreeLibrary
GetFileAttributesW
DeleteCriticalSection
lstrcatA
FindNextChangeNotification
CreateFileMappingA
FindNextFileA
GetComputerNameA
FileTimeToLocalFileTime
OpenFileMappingW
SystemTimeToFileTime
LoadLibraryExA
CreateFileA
EnterCriticalSection
MapViewOfFile
GetModuleFileNameA
GetSystemTime
TerminateProcess
OutputDebugStringA
CreateMutexA
FindNextFileW
FreeLibraryAndExitThread
DelayLoadFailureHook
DeleteFileW
LoadLibraryExW
FormatMessageA
LoadLibraryA
GetTempPathA
GetTimeFormatW
CompareStringW
CreateMutexW
TlsFree
GetModuleFileNameW
GetLastError
CreateFileW
SetFileAttributesW
WriteFile
FindFirstChangeNotificationA
GetCurrentProcess
GetDateFormatA
PulseEvent
LocalSize
InterlockedCompareExchange
CompareStringA
CreateEventA
FormatMessageW
CloseHandle

msvcrt

wcschr
wcscmp
_snwprintf
isxdigit
_wcsnicmp
_wcsicmp
strncpy
atol
free
wcscpy
sprintf
_ultoa
_snprintf
_ltoa
malloc
memmove
wcslen
strncmp
_itow
isdigit
wcscat
_adjust_fdiv
__dllonexit
strtoul
isupper
_onexit
memcpy
qsort
bsearch
_ltow
_except_handler3
_initterm

Sections

.textbss
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0b67f216c6f4d1999edb7a97568cd5cd

Headers

File Characteristics

Imports

msasn1

rpcrt4

user32

advapi32

adsldpc

kernel32

msvcrt

Sections

.textbss Size: - Virtual size: 1.3MB

.text Size: 512B - Virtual size: 412B

.rdata Size: 512B - Virtual size: 32B

.reloc Size: 512B - Virtual size: 448B

.idata Size: 52KB - Virtual size: 52KB

.textbss
Size: - Virtual size: 1.3MB

.text
Size: 512B - Virtual size: 412B

.rdata
Size: 512B - Virtual size: 32B

.reloc
Size: 512B - Virtual size: 448B

.idata
Size: 52KB - Virtual size: 52KB