e09658a659bb0ff2130037715a5585ec_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e09658a659bb0ff2130037715a5585ec_JaffaCakes118
Size

330KB
MD5

e09658a659bb0ff2130037715a5585ec
SHA1

8a9879ab73f9df860e89d83ceff9bd35086190f1
SHA256

84ab22af8c3f14c4224cfd04b51842810d8bc88dbd3867a058bb1e57a9969640
SHA512

50c7b70c33b29d26d6e1021469c04c295de24946e98ad6cf3fa22edae4dde2695170320d84fc3f285d451e95124671cad142d0a40fa2bae32b4e329523ab7dd4
SSDEEP

6144:w7RMRxNfVseKwqOEKY/Khlf6onlL0AApjI4mREAPqh5R2jPEQ/kSfkrX4aM:w7yLs5dSvf6WlpI6RVPqhWPEZSflaM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e09658a659bb0ff2130037715a5585ec_JaffaCakes118

Files

e09658a659bb0ff2130037715a5585ec_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a31fa7636407ae189ed48ac48ec9b7e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_vsnprintf
wcscat
_ultoa
free
_wcsicmp
wcstoul
qsort
sscanf
wcscmp
malloc
_adjust_fdiv
_wcsnicmp
_initterm
wcslen
_strnicmp
_except_handler3
sprintf
_strcmpi
wcsspn
wcscpy
swprintf
strrchr
strchr
_stricmp
wcsrchr

user32

CharLowerBuffW
wsprintfW

advapi32

CryptDestroyHash
SetThreadToken
RegCreateKeyExW
CryptGetHashParam
RegisterTraceGuidsW
GetTokenInformation
RegEnumKeyExW
RevertToSelf
ReportEventW
CredFree
CryptGetProvParam
CryptSetProvParam
CredUnmarshalCredentialW
RegCloseKey
CloseServiceHandle
SystemFunction007
RegSetValueExW
OpenServiceW
RegOpenKeyW
RegQueryInfoKeyW
QueryServiceConfigW
GetTraceLoggerHandle
OpenProcessToken
CryptCreateHash
CryptHashData
AllocateAndInitializeSid
RegisterEventSourceW
RegQueryValueExW
FreeSid
TraceEvent
LookupAccountSidW
OpenThreadToken
OpenSCManagerW
DeregisterEventSource
CryptReleaseContext
RegNotifyChangeKeyValue
RegDeleteValueW
SystemFunction006
RegConnectRegistryW
CryptAcquireContextW
RegOpenKeyExW
QueryServiceStatus

ntdll

RtlEqualSid
RtlCompareUnicodeString
RtlCompareMemory
NtQuerySystemInformation
NtAllocateLocallyUniqueId
NtQueryInformationToken
RtlCreateTimer
NtClose
RtlIntegerToUnicodeString
RtlInitializeResource
RtlDeleteResource
RtlCreateAcl
RtlConvertSidToUnicodeString
RtlAllocateAndInitializeSid
RtlUpcaseUnicodeString
RtlTimeFieldsToTime
RtlDowncaseUnicodeString
RtlCreateTimerQueue
RtlUlongByteSwap
RtlInitializeSid
RtlAddAccessAllowedAce
RtlEnterCriticalSection
RtlGetElementGenericTable
RtlTimeToTimeFields
RtlLengthSid
RtlFreeUnicodeString
RtlLeaveCriticalSection
NtDuplicateObject
RtlVerifyVersionInfo
RtlUniform
RtlDeleteElementGenericTable
RtlOemStringToUnicodeString
RtlRunDecodeUnicodeString
NtSetSecurityObject
RtlFreeAnsiString
RtlConvertSharedToExclusive
NtCreateEvent
RtlEraseUnicodeString
DbgPrint
NtOpenProcessToken
NtWaitForSingleObject
RtlCopyLuid
RtlInitAnsiString
VerSetConditionMask
RtlSystemTimeToLocalTime
NtOpenEvent
RtlAnsiStringToUnicodeString
RtlAcquireResourceExclusive
NtQuerySystemTime
RtlInsertElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlInsertElementGenericTable
RtlValidSid
RtlInitializeGenericTable
RtlReleaseResource
RtlUnicodeStringToAnsiString
NtCreateDebugObject
RtlCopyUnicodeString
RtlAcquireResourceShared
NtAllocateVirtualMemory
RtlNtStatusToDosError
RtlDeleteTimerQueue
RtlLengthRequiredSid
RtlEqualDomainName
RtlSubAuthorityCountSid
RtlLookupElementGenericTableAvl
NtOpenThreadToken
RtlCopySid
RtlFreeSid
RtlInitUnicodeString
RtlSubAuthoritySid
RtlDeleteCriticalSection
RtlCreateSecurityDescriptor
RtlLookupElementGenericTable
RtlRegisterWait
RtlSetDaclSecurityDescriptor
RtlAppendUnicodeStringToString
RtlPrefixUnicodeString

cryptdll

CDLocateCSystem
MD5Init
CDLocateCheckSum
CDGenerateRandomBits
CDBuildIntegrityVect
MD5Final
MD5Update
CDFindCommonCSystemWithKey

secur32

LsaFreeReturnBuffer
LsaGetLogonSessionData
FreeContextBuffer
CredMarshalTargetInfo
CredUnmarshalTargetInfo

msasn1

ASN1DecAlloc
ASN1objectidentifier_free
ASN1BEREncCharString
ASN1BEREncOpenType
ASN1BEREncObjectIdentifier
ASN1ztcharstring_free
ASN1_Encode
ASN1_FreeDecoded
ASN1BERDecEndOfContents
ASN1BERDecSXVal
ASN1intx2uint32
ASN1BEREncOctetString
ASN1BEREncEndOfContents
ASN1BERDecBool
ASN1BERDecNotEndOfContents
ASN1BERDecS32Val
ASN1BERDecU32Val
ASN1BERDecPeekTag
ASN1BEREncSX
ASN1_Decode
ASN1BERDecOctetString
ASN1EncSetError
ASN1intx2int32
ASN1bitstring_free
ASN1BERDecZeroCharString
ASN1_CreateDecoder
ASN1BEREncBool
ASN1BERDecGeneralizedTime
ASN1BEREncU32
ASN1BERDecExplicitTag
ASN1_CreateModule
ASN1intx_free
ASN1CEREncGeneralizedTime
ASN1charstring_free
ASN1_CloseDecoder
ASN1octetstring_free
ASN1BEREncExplicitTag
ASN1intxisuint32
ASN1DecSetError
ASN1_CreateEncoder
ASN1BEREncS32
ASN1BERDecCharString
ASN1Free
ASN1_FreeEncoded
ASN1BERDecOpenType2
ASN1_CloseEncoder
ASN1BEREncBitString
ASN1BERDecBitString
ASN1intx_setuint32
ASN1BERDecSkip
ASN1BERDecObjectIdentifier

kernel32

GetCurrentProcess
InitializeCriticalSection
CreateFileA
SetUnhandledExceptionFilter
GetComputerNameExW
DebugBreak
QueryPerformanceCounter
CreateEventW
GetModuleFileNameA
OpenFileMappingW
LoadLibraryA
RegisterWaitForSingleObjectEx
GetCurrentThread
InterlockedExchange
OutputDebugStringA
WriteFile
SetEvent
lstrcpyW
GetACP
OpenEventW
MultiByteToWideChar
GetComputerNameW
UnmapViewOfFile
TerminateProcess
CreateFileW
ExpandEnvironmentStringsW
LocalFree
lstrcmpiA
lstrcmpW
GetLastError
lstrlenW
GetProfileStringA
FileTimeToSystemTime
CreateFileMappingW
GetModuleHandleW
LeaveCriticalSection
GetProcAddress
InterlockedDecrement
DisableThreadLibraryCalls
GetModuleFileNameW
GetEnvironmentVariableW
UnhandledExceptionFilter
VirtualAlloc
GetCurrentProcessId
UnregisterWait
InterlockedCompareExchange
GetTickCount
LocalAlloc
GetSystemTimeAsFileTime
InterlockedExchangeAdd
InterlockedIncrement
FreeLibrary
GetCurrentThreadId
CloseHandle
WideCharToMultiByte
Sleep
FormatMessageW
DeleteCriticalSection
GetSystemInfo
MapViewOfFileEx
EnterCriticalSection
ExitProcess
GetLocalTime
RaiseException
LoadLibraryW

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 160KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a31fa7636407ae189ed48ac48ec9b7e8

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

user32

advapi32

ntdll

cryptdll

secur32

msasn1

kernel32

Sections

.text Size: 12KB - Virtual size: 11KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 144KB - Virtual size: 143KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 160KB - Virtual size: 1.4MB

.text
Size: 12KB - Virtual size: 11KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 144KB - Virtual size: 143KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 160KB - Virtual size: 1.4MB