f64042d14c9bb0b5233db495aec93378_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f64042d14c9bb0b5233db495aec93378_JaffaCakes118
Size

823KB
MD5

f64042d14c9bb0b5233db495aec93378
SHA1

39fd9af1552f09a285334516c74fb1063c254489
SHA256

6129e1a7e510c63ed65d52b44652cfebc1a431fa650676cc6cd87639030fd800
SHA512

6639e906b420e5c9dea087a692e2ee24606ccf5ab51ac72b7d4a18efeafd5910c4544acd7a37a44835f44d982e698abd23dc2c4efbb48b8a88550af37ecac39b
SSDEEP

12288:9Ni4ocqRHZYP9SPoMi3Fr0urZRHVAkiIoFJmwO1ZZoXY5lR1fSBYu0VZg4PG6HPK:9RxWZYP9jr7NAxiyz4PG6vins8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f64042d14c9bb0b5233db495aec93378_JaffaCakes118

Files

f64042d14c9bb0b5233db495aec93378_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fae40898f5417b71e0fe084eb55b11b9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteConsoleOutputCharacterA
OutputDebugStringA
EnumSystemCodePagesA
VirtualAlloc
ClearCommBreak
GetCommConfig
ConnectNamedPipe
EnumResourceNamesW
GetConsoleMode
FindNextVolumeA
QueryDosDeviceW
EnumResourceTypesA
FormatMessageA
WritePrivateProfileStringW
BeginUpdateResourceW
FindFirstChangeNotificationA
InterlockedCompareExchange
GlobalFindAtomW
DnsHostnameToComputerNameW
HeapReAlloc
SetMessageWaitingIndicator
GetProcessShutdownParameters
EnumCalendarInfoW
LoadResource
QueueUserAPC
GetConsoleAliasA
LZRead
GlobalAddAtomW
LoadLibraryA
Process32NextW
GetNativeSystemInfo
GetStringTypeW
HeapSetInformation
EnumResourceLanguagesA
CreateNamedPipeW
GetEnvironmentStringsW
GetNumaHighestNodeNumber
SetCommState
AssignProcessToJobObject
TlsAlloc

secur32

LsaRegisterLogonProcess
LsaFreeReturnBuffer
QueryContextAttributesA
FreeCredentialsHandle
QuerySecurityPackageInfoW
QueryContextAttributesW
AcceptSecurityContext
LsaConnectUntrusted
ApplyControlToken
QuerySecurityPackageInfoA
UnsealMessage
AddCredentialsA
QueryCredentialsAttributesA
DeleteSecurityPackageW
TranslateNameA
SaslInitializeSecurityContextA
SealMessage
GetUserNameExW
DecryptMessage
SaslEnumerateProfilesA
GetUserNameExA
AddSecurityPackageW
LsaCallAuthenticationPackage
FreeContextBuffer
LsaDeregisterLogonProcess
SaslGetProfilePackageW
AddCredentialsW
CredMarshalTargetInfo
SetContextAttributesW
SaslGetProfilePackageA
SaslEnumerateProfilesW
SaslAcceptSecurityContext
InitializeSecurityContextW
SetContextAttributesA
TranslateNameW
InitializeSecurityContextA
ExportSecurityContext
QueryCredentialsAttributesW
ImportSecurityContextA
RevertSecurityContext

crypt32

RegDeleteValueU
CertCreateCertificateChainEngine
I_CryptEnumMatchingLruEntries
CryptMsgOpenToDecode
CertGetIntendedKeyUsage
CertGetSubjectCertificateFromStore
CryptGetMessageSignerCount
CryptDecodeMessage
CertGetCTLContextProperty
I_CryptGetAsn1Decoder
CertGetCRLFromStore
PFXImportCertStore
CertSetCRLContextProperty
CertFindSubjectInSortedCTL
CertVerifyValidityNesting
CryptMsgCalculateEncodedLength
I_CryptDetachTls
I_CryptFreeTls
CertCompareCertificate
CryptSIPVerifyIndirectData
CertRemoveStoreFromCollection
I_CryptGetAsn1Encoder
CertAddCTLContextToStore
RegQueryInfoKeyU
CryptBinaryToStringW
CertFindChainInStore
CryptCreateAsyncHandle
RegCreateKeyExU
CryptVerifyMessageHash
I_CryptUninstallAsn1Module
CertFreeCertificateContext
CryptMemAlloc
CertUnregisterSystemStore
CryptEncodeObject

sqlunirl

_wvsprintf_@12
_RemoveProp@8
_OutputDebugString_@4
_MoveFileEx_@12
_CreateDesktop_@24
_InsertMenu_@20
_GetTempFileName_@16
_LogonUser_@24
newMultiByteFromWideCharEx
_GetMetaFile_@4
_DlgDirSelectComboBoxEx_@16
_GetOutlineTextMetrics_@12
_GetDriveType_@4
_GetToolsFilePath@16
_GetPrivateProfileSectionNames_@12
_GetShortPathName_@12
_GetWindowTextLength@4
newMultiByteFromWideChar
_OemToCharBuff_@12
_GetMenuItemInfo_@16
_ChooseColor_@4
_WritePrivateProfileString_@16
_NDdeShareSetInfo_@24
_SHGetPathFromIDList_@8
_lstrcpy_@8
_EnumFontFamilies_@16
_RegQueryValueEx_@24
_LoadMenuIndirect_@4
_LoadAccelerators_@8
_GetCharWidth_@16
_PostMessage@16
_ExpandEnvironmentStrings_@12
_IsCharAlpha_@4
_DlgDirSelectEx_@16
_DeviceCapabilities_@20
__lopen_@8
_lstrcat_@8

iasrecst

DllRegisterServer
DllUnregisterServer
DllGetClassObject
DllCanUnloadNow

mstscax

DllGetClassObject
DllRegisterServer
DllUnregisterServer
DllGetTscCtlVer
DllCanUnloadNow

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 714KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fae40898f5417b71e0fe084eb55b11b9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

secur32

crypt32

sqlunirl

iasrecst

mstscax

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 76KB - Virtual size: 76KB

.data Size: 714KB - Virtual size: 2.0MB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 340B

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 76KB - Virtual size: 76KB

.data
Size: 714KB - Virtual size: 2.0MB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 340B