fc6c65e9dad20b02332a76adfeec51fe_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fc6c65e9dad20b02332a76adfeec51fe_JaffaCakes118
Size

329KB
MD5

fc6c65e9dad20b02332a76adfeec51fe
SHA1

634f10f9c7e262d0d80590ee9798b8ed08bb0128
SHA256

49441e62a70a879533dc55271ffa6cc86dd84cacc182e358000cb800388abde4
SHA512

a10708b35e5d4be27266d49893d03d92af617d81d1f14f3670ec0d389782365afbe2436da207c30cda69e073a6e1444bfe72b62407ad3e2023b0ed92fa6160b3
SSDEEP

6144:ZDKxkGozCcm7eUsV81D8DJ0Jq4nBjaJi7GW+3LEowph5sYvFM:p3dzdkAQQDJCnnBmG+3LE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc6c65e9dad20b02332a76adfeec51fe_JaffaCakes118

Files

fc6c65e9dad20b02332a76adfeec51fe_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8847279a56a78ff90a4c9d045506da87

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

cryptdll

MD5Update
CDGenerateRandomBits
CDLocateCheckSum
MD5Final
CDFindCommonCSystemWithKey
CDLocateCSystem
MD5Init
CDBuildIntegrityVect

msvcrt

_strcmpi
qsort
wcstoul
_vsnprintf
_ultoa
strchr
_except_handler3
_strnicmp
free
wcscat
_initterm
sscanf
malloc
wcsspn
_wcsnicmp
_wcsicmp
sprintf
swprintf
wcscmp
_adjust_fdiv
wcslen
strrchr
_stricmp
wcscpy
wcsrchr

user32

CharLowerBuffW
wsprintfW

secur32

LsaFreeReturnBuffer
CredMarshalTargetInfo
FreeContextBuffer
CredUnmarshalTargetInfo
LsaGetLogonSessionData

ntdll

RtlSubAuthorityCountSid
RtlDowncaseUnicodeString
NtOpenProcessToken
RtlReleaseResource
NtSetSecurityObject
RtlCopyLuid
RtlUpcaseUnicodeString
NtDuplicateObject
RtlAcquireResourceExclusive
VerSetConditionMask
RtlCreateTimerQueue
RtlDeleteResource
NtQuerySystemTime
NtAllocateLocallyUniqueId
DbgPrint
RtlSystemTimeToLocalTime
RtlSubAuthoritySid
RtlCreateSecurityDescriptor
NtAllocateVirtualMemory
RtlValidSid
RtlInsertElementGenericTable
RtlAppendUnicodeStringToString
RtlOemStringToUnicodeString
RtlGetElementGenericTable
RtlInitializeGenericTableAvl
RtlInitializeGenericTable
RtlLengthSid
RtlFreeAnsiString
NtOpenThreadToken
RtlTimeFieldsToTime
RtlInitAnsiString
RtlCreateTimer
RtlLengthRequiredSid
RtlAddAccessAllowedAce
RtlInsertElementGenericTableAvl
RtlLookupElementGenericTable
NtClose
RtlCompareUnicodeString
RtlEqualSid
RtlDeleteCriticalSection
RtlAllocateAndInitializeSid
RtlFreeSid
RtlEraseUnicodeString
RtlSetDaclSecurityDescriptor
RtlInitializeSid
NtOpenEvent
RtlCreateAcl
RtlConvertSharedToExclusive
RtlFreeUnicodeString
RtlEqualUnicodeString
RtlIntegerToUnicodeString
RtlInitializeResource
RtlInitializeCriticalSection
RtlLeaveCriticalSection
RtlAcquireResourceShared
RtlPrefixUnicodeString
RtlInitUnicodeString
NtQueryInformationToken
RtlEqualDomainName
RtlAnsiStringToUnicodeString
RtlRegisterWait
RtlLookupElementGenericTableAvl
NtWaitForSingleObject
RtlCopyUnicodeString
RtlVerifyVersionInfo
RtlCompareMemory
NtQuerySystemInformation
RtlDeleteTimerQueue
RtlUniform
RtlRunDecodeUnicodeString
RtlUnicodeStringToAnsiString
RtlEnterCriticalSection
RtlDeleteElementGenericTable
RtlConvertSidToUnicodeString
RtlCopySid
NtCreateEvent
RtlTimeToTimeFields
RtlDeregisterWait

kernel32

InterlockedIncrement
DebugBreak
MultiByteToWideChar
GetSystemTimeAsFileTime
InterlockedDecrement
LeaveCriticalSection
InterlockedExchange
LoadLibraryW
InitializeCriticalSection
LocalFree
GetModuleFileNameW
GetTickCount
FormatMessageW
FreeLibrary
WideCharToMultiByte
GetComputerNameW
CreateFileA
GetACP
SetEvent
LoadLibraryA
DeleteCriticalSection
RaiseException
TerminateProcess
OutputDebugStringA
lstrlenW
VirtualAlloc
OpenEventW
QueryPerformanceCounter
GetCurrentProcess
UnregisterWait
WriteFile
CloseHandle
GetProfileStringA
GetComputerNameExW
GetLastError
Sleep
EnterCriticalSection
UnmapViewOfFile
OpenFileMappingW
GetModuleFileNameA
GetProcAddress
ExpandEnvironmentStringsW
GetCurrentThread
LocalAlloc
InterlockedExchangeAdd
GetCurrentThreadId
SetUnhandledExceptionFilter
GetModuleHandleW
DisableThreadLibraryCalls
UnhandledExceptionFilter
InterlockedCompareExchange
CreateEventW
CreateFileMappingW
CreateFileW
lstrcpyW
GetEnvironmentVariableW
GetCurrentProcessId
GetLocalTime
lstrcmpW
lstrlenA
lstrcmpiA
GetSystemInfo
MapViewOfFileEx
RegisterWaitForSingleObjectEx
FileTimeToSystemTime

msasn1

ASN1intx2int32
ASN1BEREncOpenType
ASN1intx2uint32
ASN1_Decode
ASN1BERDecBool
ASN1BERDecSkip
ASN1DecAlloc
ASN1intxisuint32
ASN1BEREncU32
ASN1_CreateModule
ASN1BEREncOctetString
ASN1BERDecExplicitTag
ASN1octetstring_free
ASN1bitstring_free
ASN1BERDecSXVal
ASN1BEREncExplicitTag
ASN1_Encode
ASN1_FreeDecoded
ASN1BEREncObjectIdentifier
ASN1BERDecCharString
ASN1BERDecOctetString
ASN1BEREncBitString
ASN1intx_setuint32
ASN1BERDecObjectIdentifier
ASN1Free
ASN1BERDecZeroCharString
ASN1ztcharstring_free
ASN1BERDecNotEndOfContents
ASN1_CloseEncoder
ASN1BEREncS32
ASN1BEREncEndOfContents
ASN1EncSetError
ASN1CEREncGeneralizedTime
ASN1_FreeEncoded
ASN1_CreateEncoder
ASN1BERDecS32Val
ASN1intx_free
ASN1_CreateDecoder
ASN1DecSetError
ASN1BEREncSX
ASN1BERDecBitString
ASN1BERDecPeekTag
ASN1BEREncCharString
ASN1BERDecOpenType2
ASN1_CloseDecoder
ASN1objectidentifier_free
ASN1BEREncBool
ASN1charstring_free
ASN1BERDecEndOfContents
ASN1BERDecU32Val
ASN1BERDecGeneralizedTime

advapi32

RegNotifyChangeKeyValue
CryptGetHashParam
RegSetValueExW
CredUnmarshalCredentialW
GetTraceLoggerHandle
CryptSetProvParam
AllocateAndInitializeSid
RegisterTraceGuidsW
RegQueryInfoKeyW
RegConnectRegistryW
RegDeleteValueW
RegCreateKeyExW
CryptCreateHash
CloseServiceHandle
OpenServiceW
RegisterEventSourceW
LookupAccountSidW
OpenProcessToken
QueryServiceConfigW
SetThreadToken
CryptGetProvParam
CryptDestroyHash
CryptHashData
TraceEvent
RevertToSelf
CryptReleaseContext
RegOpenKeyW
RegQueryValueExW
CredFree
OpenSCManagerW
RegOpenKeyExW
CryptAcquireContextW
SystemFunction007
RegEnumKeyExW
OpenThreadToken
SystemFunction006
FreeSid
ReportEventW
RegCloseKey
QueryServiceStatus
DeregisterEventSource
GetTokenInformation

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8847279a56a78ff90a4c9d045506da87

Headers

DLL Characteristics

File Characteristics

Imports

cryptdll

msvcrt

user32

secur32

ntdll

kernel32

msasn1

advapi32

Sections

.text Size: 18KB - Virtual size: 17KB

.data Size: 9KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 36KB - Virtual size: 36KB

.rdata Size: 264KB - Virtual size: 263KB

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 9KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 36KB - Virtual size: 36KB

.rdata
Size: 264KB - Virtual size: 263KB