fd4b601234603c2d0266a3f4a8d033c5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fd4b601234603c2d0266a3f4a8d033c5_JaffaCakes118
Size

329KB
MD5

fd4b601234603c2d0266a3f4a8d033c5
SHA1

db561544b0c8ad33dd5bc1165250ff72796ab3e0
SHA256

e8014e0afcc13992d671fdc1e194330f196dd979a498fdab3cb306bfbced4e0b
SHA512

79d3ae9291449b47c23b8e8913b0e6dd94b476b8d0553862007ef6fd0bfe15f4d64d043e0f4f561612191bfb56f6f53a5f839c622febc4ecf603944f78c59789
SSDEEP

6144:0hiYKhdoVYGgjELwyH7jcxDns044/zXqNgeG+tBogVfOo1aNZkUhOlYS11yXlCLJ:0hKMVCCj0s07X4c61Wo1WhOWX49

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd4b601234603c2d0266a3f4a8d033c5_JaffaCakes118

Files

fd4b601234603c2d0266a3f4a8d033c5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1421f2de3124d6adaf94464d2d83e4df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
GetCurrentProcessId
GetProcAddress
UnregisterWait
LeaveCriticalSection
GetLocalTime
CloseHandle
GetEnvironmentVariableW
InitializeCriticalSection
Sleep
LocalAlloc
InterlockedExchangeAdd
CreateFileA
GetProfileStringA
WideCharToMultiByte
GetSystemTimeAsFileTime
CreateEventW
FreeLibrary
lstrcpyW
lstrlenW
LoadLibraryW
ExpandEnvironmentStringsW
GetACP
MultiByteToWideChar
UnmapViewOfFile
GetComputerNameW
DisableThreadLibraryCalls
GetSystemInfo
CreateFileW
GetCurrentThread
WriteFile
SetUnhandledExceptionFilter
DebugBreak
LocalFree
RegisterWaitForSingleObjectEx
GetCurrentProcess
GetLastError
QueryPerformanceCounter
MapViewOfFileEx
OpenEventW
RaiseException
CreateFileMappingW
InterlockedIncrement
EnterCriticalSection
GetModuleHandleW
lstrlenA
GetComputerNameExW
InterlockedExchange
OpenFileMappingW
TerminateProcess
GetModuleFileNameA
FileTimeToSystemTime
InterlockedDecrement
OutputDebugStringA
UnhandledExceptionFilter
VirtualAlloc
GetTickCount
InterlockedCompareExchange
GetModuleFileNameW
lstrcmpiA
FormatMessageW
LoadLibraryA
GetCurrentThreadId
lstrcmpW
SetEvent

msvcrt

swprintf
wcstoul
wcslen
wcscpy
_stricmp
qsort
_initterm
wcsrchr
wcscmp
_strcmpi
_wcsnicmp
free
_wcsicmp
sprintf
strrchr
_ultoa
malloc
strchr
_adjust_fdiv
_strnicmp
_vsnprintf
wcscat
_except_handler3
wcsspn
sscanf

user32

wsprintfW
CharLowerBuffW

cryptdll

MD5Init
MD5Final
MD5Update
CDGenerateRandomBits
CDLocateCSystem
CDFindCommonCSystemWithKey
CDLocateCheckSum
CDBuildIntegrityVect

msasn1

ASN1BERDecExplicitTag
ASN1BERDecOpenType2
ASN1CEREncGeneralizedTime
ASN1BERDecGeneralizedTime
ASN1BERDecBitString
ASN1BEREncExplicitTag
ASN1_FreeEncoded
ASN1intx_setuint32
ASN1objectidentifier_free
ASN1BERDecSkip
ASN1BERDecObjectIdentifier
ASN1BERDecS32Val
ASN1BEREncBool
ASN1intx2uint32
ASN1_CreateEncoder
ASN1BERDecOctetString
ASN1BEREncObjectIdentifier
ASN1BEREncU32
ASN1_Encode
ASN1BEREncBitString
ASN1EncSetError
ASN1DecAlloc
ASN1BEREncS32
ASN1BERDecEndOfContents
ASN1BERDecSXVal
ASN1charstring_free
ASN1BERDecCharString
ASN1octetstring_free
ASN1BERDecU32Val
ASN1BERDecZeroCharString
ASN1DecSetError
ASN1intxisuint32
ASN1ztcharstring_free
ASN1BEREncCharString
ASN1_CreateModule
ASN1_CloseEncoder
ASN1_Decode
ASN1BERDecNotEndOfContents
ASN1intx2int32
ASN1_CreateDecoder
ASN1BEREncOpenType
ASN1_FreeDecoded
ASN1BEREncEndOfContents
ASN1BEREncSX
ASN1Free
ASN1BERDecPeekTag
ASN1BERDecBool
ASN1BEREncOctetString
ASN1_CloseDecoder
ASN1bitstring_free
ASN1intx_free

advapi32

OpenProcessToken
OpenSCManagerW
TraceEvent
RegOpenKeyW
CryptHashData
CryptReleaseContext
CloseServiceHandle
SystemFunction007
RegQueryInfoKeyW
RegCreateKeyExW
RegCloseKey
OpenServiceW
CryptSetProvParam
GetTraceLoggerHandle
RegDeleteValueW
CryptDestroyHash
LookupAccountSidW
RegConnectRegistryW
GetTokenInformation
RegQueryValueExW
SetThreadToken
CryptGetHashParam
DeregisterEventSource
QueryServiceStatus
QueryServiceConfigW
RegEnumKeyExW
RegisterTraceGuidsW
ReportEventW
AllocateAndInitializeSid
RegisterEventSourceW
CredUnmarshalCredentialW
FreeSid
CredFree
RegSetValueExW
RegNotifyChangeKeyValue
CryptCreateHash
OpenThreadToken
CryptAcquireContextW
SystemFunction006
RegOpenKeyExW
CryptGetProvParam
RevertToSelf

secur32

FreeContextBuffer
LsaGetLogonSessionData
CredMarshalTargetInfo
LsaFreeReturnBuffer
CredUnmarshalTargetInfo

ntdll

RtlInitializeGenericTableAvl
RtlUniform
RtlFreeUnicodeString
RtlConvertSharedToExclusive
RtlEqualDomainName
RtlUpcaseUnicodeString
RtlFreeSid
NtDuplicateObject
RtlUnicodeStringToAnsiString
NtClose
RtlCopySid
RtlLeaveCriticalSection
RtlInitializeGenericTable
DbgPrint
VerSetConditionMask
RtlOemStringToUnicodeString
RtlCopyLuid
RtlInsertElementGenericTable
RtlLengthSid
RtlConvertSidToUnicodeString
RtlRunDecodeUnicodeString
RtlGetElementGenericTable
RtlAnsiStringToUnicodeString
RtlDeregisterWait
NtAllocateVirtualMemory
RtlEnterCriticalSection
RtlNtStatusToDosError
RtlLookupElementGenericTableAvl
RtlPrefixUnicodeString
RtlInitUnicodeString
NtOpenThreadToken
NtSetSecurityObject
RtlCopyUnicodeString
RtlDeleteElementGenericTable
NtOpenProcessToken
RtlDowncaseUnicodeString
RtlAddAccessAllowedAce
RtlSubAuthorityCountSid
RtlEqualSid
RtlLengthRequiredSid
NtWaitForSingleObject
RtlSubAuthoritySid
RtlCompareUnicodeString
RtlCompareMemory
RtlInitAnsiString
NtQuerySystemInformation
RtlEraseUnicodeString
RtlInitializeResource
RtlDeleteResource
RtlSetDaclSecurityDescriptor
RtlLookupElementGenericTable
RtlRegisterWait
RtlSystemTimeToLocalTime
RtlDeleteCriticalSection
RtlTimeFieldsToTime
RtlIntegerToUnicodeString
RtlTimeToTimeFields
RtlDeleteTimerQueue
RtlEqualUnicodeString
RtlFreeAnsiString
NtQuerySystemTime
RtlCreateSecurityDescriptor
RtlAppendUnicodeStringToString
RtlInsertElementGenericTableAvl
NtAllocateLocallyUniqueId
RtlAcquireResourceExclusive
RtlAllocateAndInitializeSid
NtCreateEvent
RtlInitializeCriticalSection
RtlCreateTimer
RtlReleaseResource
RtlVerifyVersionInfo
RtlValidSid
NtOpenEvent
RtlAcquireResourceShared
NtQueryInformationToken
RtlInitializeSid
RtlCreateTimerQueue

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1421f2de3124d6adaf94464d2d83e4df

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

user32

cryptdll

msasn1

advapi32

secur32

ntdll

Sections

.text Size: 18KB - Virtual size: 17KB

.data Size: 9KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 36KB - Virtual size: 36KB

.rdata Size: 264KB - Virtual size: 263KB

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 9KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 36KB - Virtual size: 36KB

.rdata
Size: 264KB - Virtual size: 263KB