090c65fdb31acbd3490f5f8398cdfda4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

090c65fdb31acbd3490f5f8398cdfda4_JaffaCakes118
Size

1.7MB
MD5

090c65fdb31acbd3490f5f8398cdfda4
SHA1

cac1ab7ac0bc2c8472a0c9528b2c4b828f6d40bf
SHA256

e207dd205f78658e1e05e6abc2605ec95e0c5fa10a6c3fb9b9809db4425588b3
SHA512

e0c068e52a4e98bf77b6c30aa7f7098946a771fea9814da30a065cf8bbc46f9e5f8bc6f7accf134beae0087f365945ff325f5f5a5697bb09d3895a5afcd173c3
SSDEEP

24576:GvB8v/hqISZLdTvqzdQlahFrAJS6c6hBPC1p72uVh8U5ldLPauW/Luup+ctXMOch:GvBQqISBKzjrv6hgjVS0dvW/bp1cOW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
090c65fdb31acbd3490f5f8398cdfda4_JaffaCakes118

Files

090c65fdb31acbd3490f5f8398cdfda4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fa26fba52dd87ea308c0626567c30cb5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

GetSystemMetrics
wsprintfW
LoadStringA
GetProcessDefaultLayout
wsprintfA
LoadStringW
MessageBoxW
MessageBoxA

msasn1

ASN1CEREncEndBlk
ASN1BEREncSX
ASN1BEREncBitString
ASN1_CreateEncoder
ASN1_CloseEncoder
ASN1ztcharstring_free
ASN1CEREncBeginBlk
ASN1BERDecObjectIdentifier2
ASN1_CreateDecoder
ASN1BERDecZeroCharString
ASN1BERDecBitString2
ASN1BEREncS32
ASN1_SetEncoderOption
ASN1BERDecChar16String
ASN1BERDecEndOfContents
ASN1_Decode
ASN1BERDecMultibyteString
ASN1BERDecCharString
ASN1BEREncOctetString
ASN1CEREncNewBlkElement
ASN1BERDecBool
ASN1_CloseDecoder
ASN1bitstring_free
ASN1BERDecOctetString
ASN1BEREncExplicitTag
ASN1BEREncChar16String
ASN1BERDecU32Val
ASN1BEREncCharString
ASN1BERDecEoid
ASN1BERDecBitString
ASN1DecRealloc
ASN1utf8string_free
ASN1Free
ASN1BEREncMultibyteString
ASN1CEREncUTCTime
ASN1DecSetError
ASN1octetstring_free
ASN1BERDecUTF8String
ASN1objectidentifier2_cmp
ASN1BERDecExplicitTag
ASN1BEREoid_free
ASN1BERDecS32Val
ASN1BEREncObjectIdentifier2
ASN1charstring_free
ASN1BEREncOpenType
ASN1BERDecUTCTime
ASN1BERDecOpenType
ASN1BEREncChar32String
ASN1BERDecNotEndOfContents
ASN1CEREncGeneralizedTime
ASN1_Encode
ASN1CEREncFlushBlkElement
ASN1intx_free
ASN1BERDotVal2Eoid
ASN1char32string_free
ASN1BERDecOctetString2
ASN1BEREncBool
ASN1BERDecPeekTag
ASN1BEREncEndOfContents
ASN1open_free
ASN1BERDecSXVal
ASN1_FreeDecoded
ASN1BEREncUTF8String
ASN1_CloseModule
ASN1_CreateModule
ASN1BERDecOpenType2
ASN1char16string_free
ASN1EncSetError
ASN1BEREncEoid
ASN1BERDecGeneralizedTime
ASN1BEREoid2DotVal
ASN1BEREncU32
ASN1_FreeEncoded
ASN1BERDecChar32String

advapi32

OpenThreadToken
CryptDeriveKey
CryptGetProvParam
RegDeleteValueA
RegEnumKeyExW
StartServiceA
EqualSid
OpenProcessToken
CryptReleaseContext
RegCreateKeyExW
CloseServiceHandle
GetSidIdentifierAuthority
GetLengthSid
RegOpenKeyExA
QueryServiceStatus
RegSetKeySecurity
SystemFunction041
RegDeleteKeyA
RegCreateKeyExA
AdjustTokenPrivileges
RegEnumValueW
OpenServiceW
CryptDecrypt
RegEnumKeyA
RegDeleteKeyW
RegQueryInfoKeyA
LockServiceDatabase
CryptVerifySignatureA
CryptGetUserKey
CryptSetProvParam
CryptDestroyKey
GetUserNameA
AllocateAndInitializeSid
CryptAcquireContextA
UnlockServiceDatabase
LookupPrivilegeValueA
RegSetValueExW
CryptGetHashParam
OpenSCManagerW
SetSecurityDescriptorGroup
IsValidSid
GetSidSubAuthorityCount
RegConnectRegistryW
CryptImportKey
ControlService
RegQueryValueExW
CryptSetHashParam
RegOpenKeyExW
GetAce
RegNotifyChangeKeyValue
StartServiceW
GetSecurityDescriptorOwner
CryptGenKey
CryptGenRandom
CryptCreateHash
SetSecurityDescriptorOwner
CryptSetKeyParam
InitializeSecurityDescriptor
RegCloseKey
CryptDestroyHash
RegQueryInfoKeyW
CryptEncrypt
QueryServiceConfigA
GetSidSubAuthority
CopySid
RegGetKeySecurity
InitializeAcl
AddAccessAllowedAce
RegEnumKeyExA
GetTokenInformation
RegQueryValueExA
CryptGetDefaultProviderW
RegDeleteValueW
ChangeServiceConfigA
FreeSid
CryptGetKeyParam
RegEnumValueA
GetUserNameW
CryptExportKey
SetSecurityDescriptorSacl
CryptHashData
CryptSetProviderA
RegConnectRegistryA
GetSecurityDescriptorDacl
CryptSignHashA
RegSetValueExA
SetSecurityDescriptorDacl

kernel32

GetTempPathA
GetProcAddress
WriteFile
GetCurrentThread
OutputDebugStringA
DeleteFileW
OpenFileMappingW
lstrcpyA
GetTimeFormatA
DeleteFileA
lstrcatA
InterlockedCompareExchange
GetDateFormatW
WaitForSingleObject
GetSystemDefaultLangID
OpenEventA
FreeLibrary
DelayLoadFailureHook
CompareFileTime
GetSystemTime
GetFileAttributesA
GetComputerNameW
CreateDirectoryW
SetFileAttributesA
OpenMutexA
WaitForSingleObjectEx
FindFirstChangeNotificationA
FindCloseChangeNotification
LeaveCriticalSection
CreateMutexA
FindNextFileW
FileTimeToSystemTime
CompareStringA
LocalFree
LocalReAlloc
GetCurrentThreadId
Sleep
CreateDirectoryA
FindFirstChangeNotificationW
SetEvent
LoadLibraryA
lstrcmpA
CloseHandle
CompareStringW
TlsAlloc
ExpandEnvironmentStringsA
ExitThread
PulseEvent
GetVersionExA
GetTempFileNameA
LocalSize
GetComputerNameA
GetSystemTimeAsFileTime
CreateEventA
TlsSetValue
MultiByteToWideChar
GetTimeFormatW
FindFirstFileW
FormatMessageA
InterlockedExchange
FindNextFileA
ReadFile
SetEndOfFile
SetLastError
GetModuleHandleA
CreateFileMappingW
WaitForMultipleObjectsEx
CreateFileMappingA
SetFilePointer
SetUnhandledExceptionFilter
GetFileSize
MapViewOfFile
EnterCriticalSection
GetModuleFileNameA
InitializeCriticalSection
GetLocalTime
UnmapViewOfFile
GetDateFormatA
GetLastError
TlsGetValue
LocalAlloc
lstrlenA
InterlockedIncrement
FindClose
lstrlenW
DuplicateHandle
LoadLibraryExW
GetFileAttributesExW
CreateMutexW
TerminateProcess
FileTimeToLocalFileTime
FreeLibraryAndExitThread
InterlockedDecrement
LoadLibraryExA
UnhandledExceptionFilter
ExpandEnvironmentStringsW
GetEnvironmentVariableA
OpenMutexW
ReleaseMutex
GetCurrentProcessId
GetUserDefaultLCID
TlsFree
SystemTimeToFileTime
CreateFileW
QueryPerformanceCounter
DeleteCriticalSection
GetFileAttributesW
SetFileAttributesW
CreateFileA
GetModuleFileNameW
GetACP
WideCharToMultiByte
FindFirstFileA
CreateThread
FindNextChangeNotification
FormatMessageW
GetCurrentProcess
GetTickCount

ntdll

RtlLargeIntegerShiftRight
NtAllocateVirtualMemory
LdrGetDllHandle

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 22.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 444KB - Virtual size: 443KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fa26fba52dd87ea308c0626567c30cb5

Headers

File Characteristics

Imports

user32

msasn1

advapi32

kernel32

ntdll

Sections

.text Size: 26KB - Virtual size: 25KB

.data Size: 1.2MB - Virtual size: 22.3MB

.rdata Size: 68KB - Virtual size: 68KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 444KB - Virtual size: 443KB

.text
Size: 26KB - Virtual size: 25KB

.data
Size: 1.2MB - Virtual size: 22.3MB

.rdata
Size: 68KB - Virtual size: 68KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 444KB - Virtual size: 443KB