0454f6a885383df3d4c5e310c70730b8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0454f6a885383df3d4c5e310c70730b8_JaffaCakes118
Size

119KB
MD5

0454f6a885383df3d4c5e310c70730b8
SHA1

21eab38be8e93c61b30ac8c5980d00328f072756
SHA256

e2c9020d00da34a8d52410c0d97d7d1ac4c2b2ab2df2bda7b539e17631ca8b36
SHA512

b1a8041281b2132621b205ef011a8b890423b280495c77d10cc464ef7b2dca2e1e231fde8f8ac026a2250dc3b99239f1e66f42c000820e4b479cc95e1aed072d
SSDEEP

3072:qqOjH8Xp0htvbS9Ompq3nEg1GneoXPo7n:q4XebS9O530FQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0454f6a885383df3d4c5e310c70730b8_JaffaCakes118

Files

0454f6a885383df3d4c5e310c70730b8_JaffaCakes118
.dll windows:5 windows x86 arch:x86

124069fd90a1623d065013b55d310fc5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

cryptsvc.pdb

Imports

msvcrt

_snprintf
malloc
_adjust_fdiv
_initterm
free
??2@YAPAXI@Z
??3@YAXPAX@Z
wcsrchr
_wcsicmp
wcscat
wcslen
wcscpy
_except_handler3
swprintf

wintrust

CryptCATAdminCalcHashFromFileHandle

rpcrt4

NdrServerCall2
RpcRevertToSelf
I_RpcBindingInqLocalClientPID
RpcServerUseProtseqEpW
I_RpcBindingIsClientLocal
RpcServerRegisterIfEx
RpcStringFreeW
RpcServerInqDefaultPrincNameW
RpcServerRegisterAuthInfoW
RpcServerUnregisterIf
RpcImpersonateClient
RpcRevertToSelfEx

user32

wsprintfW
wsprintfA

kernel32

QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
MapViewOfFile
CreateFileMappingA
GetFileSize
WriteFile
SetEndOfFile
SetFilePointer
OutputDebugStringA
GetDateFormatA
GetTimeFormatA
GetLocalTime
SystemTimeToFileTime
ReadFile
RegisterWaitForSingleObject
UnregisterWaitEx
LocalReAlloc
LocalSize
LocalAlloc
SetEvent
GetCurrentThread
CloseHandle
FormatMessageW
LocalFree
GetLastError
DisableThreadLibraryCalls
LoadLibraryA
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
CreateFileA
MultiByteToWideChar
GetVersionExA
DelayLoadFailureHook
CreateThread
Sleep
GetWindowsDirectoryW
CopyFileW
SetFileAttributesW
DeleteFileW
FindNextFileW
FindClose
GetACP
WideCharToMultiByte
GetSystemDirectoryW
GetSystemDirectoryA
SetLastError
LoadLibraryW
GetProcAddress
FreeLibrary
UnmapViewOfFile
DeleteCriticalSection
InitializeCriticalSection
CreateEventW
ResetEvent
TryEnterCriticalSection
InterlockedExchange
WaitForSingleObject
InterlockedDecrement
DeleteFileA
InterlockedCompareExchange
GetTickCount
OpenProcess
GetCurrentProcess
DuplicateHandle
InterlockedIncrement
UnregisterWait
EnterCriticalSection
LeaveCriticalSection
GetTempFileNameW
MoveFileW
CreateFileW
GetFileAttributesW
FindFirstFileW
CreateEventA

advapi32

OpenSCManagerW
RegEnumValueW
RegEnumValueA
RegCreateKeyExA
OpenServiceW
QueryServiceStatusEx
CloseServiceHandle
RegOpenKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegCreateKeyW
RegCloseKey
RegisterServiceCtrlHandlerW
SetServiceStatus
OpenThreadToken
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegisterEventSourceW
ReportEventW
DeregisterEventSource

certcli

CACountCertTypes
CAEnumNextCertType
CACloseCA
CAEnumNextCA
CAFreeCAProperty
CAFreeCertTypeProperty
CAEnumCertTypes
CACloseCertType
CACertTypeAccessCheck
CAAccessCheck
CAGetCAProperty
CACountCAs
CAEnumFirstCA
CAGetCertTypeProperty

crypt32

CertCreateContext
CertFreeCTLContext
CryptDecodeObject

esent

JetEndSession
JetSetCurrentIndex
JetCreateDatabase
JetCloseDatabase
JetOpenDatabase
JetBeginTransaction
JetCreateTable
JetAddColumn
JetCreateIndex
JetCommitTransaction
JetRollback
JetOpenTable
JetGetColumnInfo
JetCloseTable
JetSetSystemParameter
JetMakeKey
JetSeek
JetMove
JetDelete
JetPrepareUpdate
JetSetColumn
JetUpdate
JetTerm
JetRetrieveColumn
JetDetachDatabase
JetInit
JetCreateInstance
JetBeginSession
JetAttachDatabase

ole32

CoInitializeEx
CoUninitialize

vssapi

??0CVssWriter@@QAE@XZ
??1CVssWriter@@UAE@XZ
?SetWriterFailure@CVssWriter@@IAGJJ@Z
?Unsubscribe@CVssWriter@@QAGJXZ
?OnBackupComplete@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?Initialize@CVssWriter@@QAGJU_GUID@@PBGW4VSS_USAGE_TYPE@@W4VSS_SOURCE_TYPE@@W4_VSS_APPLICATION_LEVEL@@KW4VSS_ALTERNATE_WRITER_STATE@@_N1@Z
?OnBackupShutdown@CVssWriter@@UAG_NU_GUID@@@Z
?OnPostRestore@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnVSSApplicationStartup@CVssWriter@@UAG_NXZ
?Subscribe@CVssWriter@@QAGJK@Z
?OnVSSShutdown@CVssWriter@@UAG_NXZ
?OnContinueIOOnVolume@CVssWriter@@UAG_NPAGU_GUID@@1@Z
?OnBackOffIOOnVolume@CVssWriter@@UAG_NPAGU_GUID@@1@Z
?OnPostSnapshot@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPreRestore@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z

sfc

SfcGetNextProtectedFile

Exports

Exports

CryptServiceMain

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

124069fd90a1623d065013b55d310fc5

Headers

File Characteristics

PDB Paths

Imports

msvcrt

wintrust

rpcrt4

user32

kernel32

advapi32

certcli

crypt32

esent

ole32

vssapi

sfc

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 47KB

.data Size: 65KB - Virtual size: 65KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 48KB - Virtual size: 47KB

.data
Size: 65KB - Virtual size: 65KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 2KB