df45de312a17718864ca76dc4420e48b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

df45de312a17718864ca76dc4420e48b_JaffaCakes118
Size

355KB
MD5

df45de312a17718864ca76dc4420e48b
SHA1

5bbdfa82cd19d49f7c2ebfbae26c61983dc7cb2d
SHA256

b2563c6e9a224e012d2a87068f12860fdd6e85080603a6b2b3fe490a07dafb81
SHA512

859ff25cb7f49e771b63d7fead5b273ad3ace26ad9de40fc4dd30b024ebf4ed4bd91c162d6bd465e033aaf54c595749cce6eea024f78fa4722abd7a06d1756ce
SSDEEP

6144:TcnXFiZ1AZ49tK4X7Fk9wWFKxvNAT+89Se1w:4sZVtKI7FkmWFK1mi89S4w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df45de312a17718864ca76dc4420e48b_JaffaCakes118

Files

df45de312a17718864ca76dc4420e48b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

67d2664d989154f323dc21bbaee06d53

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

nwwks.pdb

Imports

msvcrt

free
_initterm
malloc
_adjust_fdiv
_ultoa
_wcsicmp
qsort
wcscat
wcstoul
wcsspn
_wcsnicmp
_vsnprintf
strrchr
_strnicmp
strchr
_strcmpi
sscanf
wcslen
wcscpy
_stricmp
wcsrchr
sprintf
swprintf
wcscmp
_except_handler3

ntdll

RtlEqualSid
RtlCreateAcl
RtlAddAccessAllowedAce
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
NtSetSecurityObject
NtQueryInformationToken
RtlDeleteTimerQueue
RtlCompareMemory
RtlInitializeResource
RtlDeleteResource
NtClose
RtlAcquireResourceExclusive
NtOpenThreadToken
RtlDeleteCriticalSection
RtlAcquireResourceShared
RtlReleaseResource
RtlFreeUnicodeString
RtlInitUnicodeString
RtlCopyLuid
RtlAnsiStringToUnicodeString
RtlEqualUnicodeString
RtlEnterCriticalSection
RtlLengthSid
NtOpenProcessToken
RtlConvertSharedToExclusive
RtlCreateTimer
RtlCreateTimerQueue
RtlRegisterWait
RtlIntegerToUnicodeString
RtlInitializeCriticalSection
RtlEraseUnicodeString
NtAllocateLocallyUniqueId
RtlRunDecodeUnicodeString
RtlUpcaseUnicodeString
NtWaitForSingleObject
NtOpenEvent
NtCreateEvent
RtlSystemTimeToLocalTime
RtlDowncaseUnicodeString
RtlVerifyVersionInfo
VerSetConditionMask
RtlSubAuthoritySid
RtlCopySid
RtlLengthRequiredSid
RtlSubAuthorityCountSid
RtlInitializeSid
RtlCopyUnicodeString
NtQuerySystemInformation
RtlConvertSidToUnicodeString
RtlAppendUnicodeStringToString
RtlTimeFieldsToTime
RtlTimeToTimeFields
RtlInitializeGenericTable
RtlDeleteElementGenericTable
RtlGetElementGenericTable
RtlInsertElementGenericTable
RtlLookupElementGenericTable
RtlNtStatusToDosError
RtlUniform
NtQuerySystemTime
RtlOemStringToUnicodeString
DbgPrint
RtlLeaveCriticalSection
RtlEqualDomainName
RtlPrefixUnicodeString
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlInitAnsiString
RtlValidSid
RtlFreeSid
RtlAllocateAndInitializeSid
NtDuplicateObject
RtlCompareUnicodeString
RtlDeregisterWait

cryptdll

MD5Update
CDLocateCheckSum
CDGenerateRandomBits
CDFindCommonCSystemWithKey
CDBuildIntegrityVect
MD5Final
MD5Init
CDLocateCSystem

msasn1

ASN1BEREncOpenType
ASN1BEREncObjectIdentifier
ASN1BERDecOpenType2
ASN1BERDecObjectIdentifier
ASN1objectidentifier_free
ASN1BERDecBitString
ASN1bitstring_free
ASN1DecSetError
ASN1BEREncBool
ASN1BERDecBool
ASN1BEREncSX
ASN1BERDecSXVal
ASN1charstring_free
ASN1BERDecCharString
ASN1BERDecU32Val
ASN1BEREncU32
ASN1BERDecGeneralizedTime
ASN1ztcharstring_free
ASN1BERDecZeroCharString
ASN1octetstring_free
ASN1BERDecOctetString
ASN1Free
ASN1BERDecExplicitTag
ASN1BERDecNotEndOfContents
ASN1BERDecPeekTag
ASN1DecAlloc
ASN1BERDecS32Val
ASN1BERDecEndOfContents
ASN1BEREncExplicitTag
ASN1BEREncS32
ASN1BEREncEndOfContents
ASN1_CreateModule
ASN1BEREncOctetString
ASN1BEREncBitString
ASN1BEREncCharString
ASN1CEREncGeneralizedTime
ASN1intx_setuint32
ASN1intx_free
ASN1_FreeDecoded
ASN1_Decode
ASN1_Encode
ASN1_FreeEncoded
ASN1_CloseEncoder
ASN1_CloseDecoder
ASN1_CreateEncoder
ASN1_CreateDecoder
ASN1intxisuint32
ASN1intx2uint32
ASN1intx2int32

kernel32

RaiseException
lstrlenW
FormatMessageW
lstrcmpiA
lstrlenA
GetModuleHandleA
OutputDebugStringA
GetLocalTime
WriteFile
DebugBreak
DeleteCriticalSection
LoadLibraryW
GetSystemInfo
OpenFileMappingW
MapViewOfFileEx
UnmapViewOfFile
CreateFileMappingW
InitializeCriticalSection
EnterCriticalSection
CreateFileW
LeaveCriticalSection
GetModuleFileNameA
GetProfileStringA
CreateFileA
VirtualAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedDecrement
InterlockedExchangeAdd
GetACP
WideCharToMultiByte
UnregisterWait
RegisterWaitForSingleObjectEx
OpenEventW
SetEvent
LoadLibraryA
GetProcAddress
FreeLibrary
GetComputerNameW
GetComputerNameExW
Sleep
GetLastError
MultiByteToWideChar
GetModuleHandleW
GetModuleFileNameW
lstrcpyW
FileTimeToSystemTime
InterlockedIncrement
InterlockedExchange
InterlockedCompareExchange
CreateEventW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
DisableThreadLibraryCalls
GetCurrentProcessId
LocalAlloc
lstrcmpW
LocalFree
CloseHandle
GetSystemTimeAsFileTime

advapi32

AllocateAndInitializeSid
LookupAccountSidW
FreeSid
OpenThreadToken
SetThreadToken
RevertToSelf
RegQueryInfoKeyW
RegConnectRegistryW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptAcquireContextW
OpenProcessToken
GetTokenInformation
RegDeleteValueW
RegSetValueExW
CryptReleaseContext
CryptGetProvParam
CryptSetProvParam
RegCreateKeyExW
RegEnumKeyExW
RegCloseKey
RegOpenKeyW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
QueryServiceStatus
CloseServiceHandle
RegisterTraceGuidsW
GetTraceLoggerHandle
SystemFunction006
RegOpenKeyExW
RegNotifyChangeKeyValue
RegQueryValueExW
TraceEvent
SystemFunction007

secur32

LsaFreeReturnBuffer
LsaGetLogonSessionData
FreeContextBuffer

user32

wsprintfW
CharLowerBuffW

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 239KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 23KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67d2664d989154f323dc21bbaee06d53

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

cryptdll

msasn1

kernel32

advapi32

secur32

user32

Sections

.text Size: 59KB - Virtual size: 59KB

.rdata Size: 45KB - Virtual size: 44KB

.data Size: 239KB - Virtual size: 247KB

.bss Size: - Virtual size: 23KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 59KB - Virtual size: 59KB

.rdata
Size: 45KB - Virtual size: 44KB

.data
Size: 239KB - Virtual size: 247KB

.bss
Size: - Virtual size: 23KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 3KB - Virtual size: 3KB