f1e3647c2988fdadc821609d5306364a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f1e3647c2988fdadc821609d5306364a_JaffaCakes118
Size

55KB
MD5

f1e3647c2988fdadc821609d5306364a
SHA1

9af83a681f6619e37f1bdbbc1cc2d4d74c41165b
SHA256

ccc13068a2644695a68462f26a07178260e9823a65ebe42d8c2ec308b2e82b3a
SHA512

a65c35c6986e1dd687519f835216e6ad9f9e41054da26ae62c20981c4a1e87efe48351871710083f0f5f46e7baca285f2c77ce874bcfe56dadae198f2704e801
SSDEEP

1536:oD31VwdvvoSes6dXBzYZ1jSlU/KCAeaWF:AnwdvvoSx6V14/KCAe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f1e3647c2988fdadc821609d5306364a_JaffaCakes118

Files

f1e3647c2988fdadc821609d5306364a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

804bbbe13e2294a0fcf41db3d677d372

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

isupper
_ltoa
_ultoa
wcslen
_except_handler3
_initterm
sprintf
wcscmp
wcschr
strncmp
qsort
_onexit
_snwprintf
__dllonexit
atol
strtoul
free
_ltow
isdigit
_wcsicmp
wcscpy
strncpy
wcscat
_snprintf
isxdigit
_itow
memcpy
memmove
_wcsnicmp
_adjust_fdiv
bsearch
malloc

kernel32

WaitForMultipleObjectsEx
lstrcatA
GetTickCount
GetLastError
lstrlenW
MapViewOfFile
DeleteFileA
CreateMutexW
InterlockedExchange
OutputDebugStringA
FindCloseChangeNotification
CreateDirectoryA
GetLocalTime
LocalSize
LeaveCriticalSection
CreateEventA
CompareFileTime
VirtualAlloc
PulseEvent
InterlockedIncrement
SetFileAttributesA
GetTimeFormatW
WideCharToMultiByte
Sleep
LocalReAlloc
OpenFileMappingW
FreeLibrary
GetComputerNameW
FileTimeToLocalFileTime
GetACP
FormatMessageA
GetComputerNameA
TlsSetValue
GetUserDefaultLCID
SetUnhandledExceptionFilter
GetFileAttributesW
LoadLibraryA
FindFirstFileW
CloseHandle
ExitThread
SetEvent
ReleaseMutex
GetSystemTime
LoadLibraryExW
InterlockedCompareExchange
GetFileAttributesA
TlsGetValue
WaitForSingleObjectEx
FindClose
DeleteFileW
GetDateFormatW
GetCurrentThreadId
FormatMessageW
SystemTimeToFileTime
SetFilePointer
GetCurrentProcess
GetProcAddress
WaitForSingleObject
OpenEventA
LocalFree
GetDateFormatA
UnhandledExceptionFilter
GetFileAttributesExW
FindNextFileW
FreeLibraryAndExitThread
DeleteCriticalSection
DelayLoadFailureHook
FindNextFileA
LoadLibraryExA
GetTimeFormatA
CreateFileA
GetSystemDefaultLangID
FindFirstChangeNotificationW
QueryPerformanceCounter
CreateFileW
CreateFileMappingW
CreateMutexA
GetModuleFileNameA
GetSystemTimeAsFileTime
LocalAlloc
CreateThread
ExpandEnvironmentStringsA
FindFirstChangeNotificationA
CreateDirectoryW
GetTempFileNameA
OpenMutexW
GetTempPathA
FindNextChangeNotification
CreateFileMappingA
CompareStringA
GetEnvironmentVariableA
OpenMutexA
InterlockedDecrement
GetFileSize
lstrcmpA
MultiByteToWideChar
FileTimeToSystemTime
lstrlenA
lstrcpyA
ExpandEnvironmentStringsW
SetFileAttributesW
SetEndOfFile
TlsAlloc
WriteFile
GetCurrentProcessId
GetModuleFileNameW
GetModuleHandleA
FindFirstFileA
SetLastError
GetVersionExA
CompareStringW
InitializeCriticalSection
TlsFree
EnterCriticalSection
UnmapViewOfFile
ReadFile
TerminateProcess
DuplicateHandle

user32

MessageBoxA
GetProcessDefaultLayout
GetSystemMetrics
LoadStringA
wsprintfW
wsprintfA
LoadStringW
MessageBoxW

rpcrt4

RpcStringBindingComposeA
UuidCreate
RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
RpcBindingFree
RpcImpersonateClient
RpcEpResolveBinding
UuidToStringA
NdrClientCall2
RpcRevertToSelf
RpcStringFreeA
RpcStringFreeW
RpcStringBindingComposeW
RpcBindingFromStringBindingA

adsldpc

ADsFreeColumn

msasn1

ASN1BERDecBitString
ASN1BEREncBool
ASN1_Decode
ASN1objectidentifier2_cmp
ASN1BEREncObjectIdentifier2
ASN1BEREncCharString
ASN1BERDecGeneralizedTime
ASN1BEREncChar16String
ASN1BERDecOpenType
ASN1BEREoid_free
ASN1intx_free
ASN1BERDecBitString2
ASN1CEREncNewBlkElement
ASN1BERDecExplicitTag
ASN1BERDecU32Val
ASN1_CreateDecoder
ASN1DecRealloc
ASN1_CreateModule
ASN1_CloseModule
ASN1open_free
ASN1BERDecUTCTime
ASN1_SetEncoderOption
ASN1BERDecS32Val
ASN1BERDecMultibyteString
ASN1BERDecEndOfContents
ASN1BEREoid2DotVal
ASN1BEREncU32
ASN1CEREncUTCTime
ASN1BERDecChar16String
ASN1_CloseDecoder
ASN1_Encode
ASN1_FreeDecoded
ASN1BEREncOpenType
ASN1BEREncBitString
ASN1BERDecNotEndOfContents
ASN1BERDecPeekTag
ASN1BEREncS32
ASN1BERDecSXVal
ASN1BERDecOpenType2
ASN1char16string_free
ASN1BEREncExplicitTag
ASN1CEREncEndBlk
ASN1EncSetError
ASN1CEREncFlushBlkElement
ASN1BERDecCharString
ASN1CEREncGeneralizedTime
ASN1BERDecChar32String
ASN1BERDecBool
ASN1BEREncChar32String
ASN1BEREncUTF8String
ASN1charstring_free
ASN1octetstring_free
ASN1BERDecOctetString
ASN1utf8string_free
ASN1BEREncEoid
ASN1BERDecObjectIdentifier2
ASN1BEREncMultibyteString
ASN1BERDecEoid
ASN1Free
ASN1CEREncBeginBlk
ASN1char32string_free
ASN1_CloseEncoder
ASN1bitstring_free
ASN1BERDecZeroCharString
ASN1DecSetError
ASN1BERDecUTF8String
ASN1ztcharstring_free
ASN1BEREncEndOfContents
ASN1_CreateEncoder
ASN1BEREncSX
ASN1BERDotVal2Eoid
ASN1BEREncOctetString
ASN1BERDecOctetString2
ASN1_FreeEncoded

advapi32

MD5Update
CryptSignHashA
RegNotifyChangeKeyValue
RegQueryValueExA
CryptVerifySignatureA
CryptSetHashParam
UnlockServiceDatabase
CryptGenKey
CryptCreateHash
RegEnumValueA
CryptGetDefaultProviderW
LockServiceDatabase
OpenThreadToken
RegEnumKeyExW
GetLengthSid
RegDeleteKeyW
LookupAccountSidW
OpenProcessToken
SetSecurityDescriptorGroup
AdjustTokenPrivileges
ControlService
QueryServiceStatus
CryptSetProvParam
CloseServiceHandle
CryptReleaseContext
RegDeleteValueA
A_SHAInit
CryptDestroyKey
RegDeleteKeyA
OpenSCManagerW
RegEnumKeyExA
InitializeSecurityDescriptor
StartServiceA
GetSecurityDescriptorDacl
CopySid
RegQueryInfoKeyW
GetTokenInformation
RegCloseKey
RegQueryInfoKeyA
RegEnumValueW
CryptDecrypt
GetUserNameA
EqualSid
RegOpenKeyExA
GetSecurityDescriptorOwner
OpenServiceW
GetSidSubAuthorityCount
SetSecurityDescriptorDacl
RegQueryValueExW
CryptEncrypt
ChangeServiceConfigA
CryptGetHashParam
AllocateAndInitializeSid
IsValidSid
MD5Final
RegSetValueExW
StartServiceW
RegCreateKeyExA
FreeSid
SetSecurityDescriptorOwner
CryptImportKey
RegSetKeySecurity
CryptGetKeyParam
CryptSetProviderA
CryptExportKey
CryptGetUserKey
RegEnumKeyA
RegConnectRegistryW
GetAce
CryptDeriveKey
CryptHashData
SystemFunction040
RegConnectRegistryA
GetSidSubAuthority
RegOpenKeyExW
GetUserNameW
CryptSetKeyParam
RegDeleteValueW
CryptGenRandom
MD5Init
GetSidIdentifierAuthority
RegCreateKeyExW
RegGetKeySecurity
SystemFunction041
InitializeAcl
CryptGetProvParam
A_SHAUpdate
RegSetValueExA
AddAccessAllowedAce
QueryServiceConfigA
LsaNtStatusToWinError
A_SHAFinal
CryptAcquireContextA
LookupPrivilegeValueA
CryptDestroyHash

Sections

.textbss
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

804bbbe13e2294a0fcf41db3d677d372

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

rpcrt4

adsldpc

msasn1

advapi32

Sections

.textbss Size: - Virtual size: 1.3MB

.text Size: 512B - Virtual size: 412B

.rdata Size: 512B - Virtual size: 32B

.reloc Size: 512B - Virtual size: 448B

.idata Size: 52KB - Virtual size: 52KB

.textbss
Size: - Virtual size: 1.3MB

.text
Size: 512B - Virtual size: 412B

.rdata
Size: 512B - Virtual size: 32B

.reloc
Size: 512B - Virtual size: 448B

.idata
Size: 52KB - Virtual size: 52KB