2cc4373ee5a868a0781e55bd9343e312_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2cc4373ee5a868a0781e55bd9343e312_JaffaCakes118
Size

177KB
MD5

2cc4373ee5a868a0781e55bd9343e312
SHA1

d531c6d3b4e8c6ac2848c05e04307b5f9fac1c01
SHA256

8c66732e6fee4fec04afdaea3479ce94c726b4e482d5c53993e81727a0f75d17
SHA512

9073a3c124fd43f774bc502e4ad60b1bd44077789f043a65886d0fcfe40b631b1d269cc384217d94d5998e2c30cc133e92972c4f1d1973292c1256e7975cea61
SSDEEP

3072:LY6YuQ2dlZqRZomRnJpDpQlwkvLIGkTSDdqns1ejjSBHnn2:8GldaRRnJpDpQvL7kTEmUekH2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2cc4373ee5a868a0781e55bd9343e312_JaffaCakes118

Files

2cc4373ee5a868a0781e55bd9343e312_JaffaCakes118
.dll windows:5 windows x86 arch:x86

7f0ecdc5f2585b9ec8f60ae66743e73f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mstlsapi.pdb

Imports

msvcrt

wcschr
malloc
_onexit
__dllonexit
_adjust_fdiv
srand
wcscmp
??3@YAXPAX@Z
??2@YAPAXI@Z
_stricmp
_purecall
_ultoa
sscanf
memcpy
memset
_initterm
free
_except_handler3
swprintf
_wcsicmp
wcstok
wcslen
wcscpy
rand

activeds

ord3
ord7
ord9

ole32

CoInitialize
CoUninitialize

oleaut32

SysFreeString
SafeArrayUnaccessData
SafeArrayAccessData
SysAllocString
VariantClear
VariantInit
SafeArrayGetUBound
SafeArrayGetLBound
VariantChangeType

rpcrt4

RpcBindingSetAuthInfoExW
RpcSmDestroyClientContext
RpcMgmtInqServerPrincNameW
RpcBindingSetAuthInfoW
RpcBindingFree
RpcEpResolveBinding
RpcMgmtSetComTimeout
RpcStringFreeW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
NdrClientCall2

netapi32

NetApiBufferFree
NetApiBufferAllocate
DsGetSiteNameW
NetGetJoinInformation

advapi32

RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
LsaRetrievePrivateData
LsaFreeMemory
LsaStorePrivateData
LsaOpenPolicy
LsaNtStatusToWinError
CheckTokenMembership
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
LsaClose
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

user32

wsprintfW
GetSystemMetrics

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
InterlockedIncrement
WaitForSingleObject
ReleaseMutex
GetVersionExW
CreateEventW
WaitForMultipleObjects
GetCurrentThreadId
CreateMailslotW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CompareFileTime
SystemTimeToFileTime
GetSystemTime
CreateMutexW
LoadLibraryA
GetModuleHandleW
DeviceIoControl
FreeEnvironmentStringsA
FreeEnvironmentStringsW
lstrlenA
GetEnvironmentStrings
GetEnvironmentStringsW
GetDiskFreeSpaceA
GlobalMemoryStatus
GetLocalTime
GetVersionExA
LocalAlloc
CreateFileW
WriteFile
ReadFile
DisableThreadLibraryCalls
HeapAlloc
GetProcessHeap
HeapFree
GetTickCount
LocalFree
GetComputerNameW
FreeLibrary
GetProcAddress
LoadLibraryW
SetEvent
Sleep
InterlockedExchange
GetComputerNameExW
InterlockedCompareExchange
SetLastError
WaitNamedPipeW
lstrlenW
QueryPerformanceFrequency
QueryPerformanceCounter
InterlockedDecrement
InterlockedExchangeAdd
CloseHandle
CreateThread
GetLastError
LocalReAlloc

crypt32

CryptEncodeObject

regapi

RegGetMachinePolicyNew

Exports

Exports

EnumerateTlsServer
FindEnterpriseServer
GetAllEnterpriseServers
GetLicenseServersFromReg
LsCsp_DecryptEnvelopedData
LsCsp_EncryptHwid
LsCsp_GetServerData
LsCsp_RetrieveSecret
LsCsp_StoreSecret
MIDL_user_allocate
MIDL_user_free
RequestToTlsRequest
TLSAllocateConcurrentLicense
TLSAllocateInternetLicenseEx
TLSAnnounceLicensePack
TLSAnnounceServer
TLSChallengeServer
TLSCheckLicenseMark
TLSConnectToAnyLsServer
TLSConnectToAnyLsServerNoCertInstall
TLSConnectToLsServer
TLSDepositeServerSPK
TLSDisconnectFromServer
TLSFreeTSCertificate
TLSGetAvailableLicenses
TLSGetLSPKCS10CertRequest
TLSGetLastError
TLSGetLastErrorFixed
TLSGetServerCertificate
TLSGetServerName
TLSGetServerNameEx
TLSGetServerNameFixed
TLSGetServerPID
TLSGetServerSPK
TLSGetServerScope
TLSGetServerScopeFixed
TLSGetSupportFlags
TLSGetTSCertificate
TLSGetTlsPrivateData
TLSGetVersion
TLSInDomain
TLSInit
TLSInstallCertificate
TLSIsBetaNTServer
TLSIsLicenseEnforceEnable
TLSIssueNewLicense
TLSIssueNewLicenseEx
TLSIssueNewLicenseExEx
TLSIssuePlatformChallenge
TLSKeyPackAdd
TLSKeyPackEnumBegin
TLSKeyPackEnumEnd
TLSKeyPackEnumNext
TLSKeyPackSetStatus
TLSLicenseEnumBegin
TLSLicenseEnumEnd
TLSLicenseEnumNext
TLSLicenseEnumNextEx
TLSLookupServer
TLSLookupServerFixed
TLSMarkLicense
TLSRegisterLicenseKeyPack
TLSRequestTermServCert
TLSResponseServerChallenge
TLSRetrieveTermServCert
TLSReturnInternetLicenseEx
TLSReturnLicense
TLSReturnLicensedProduct
TLSSendServerCertificate
TLSShutdown
TLSStartDiscovery
TLSStopDiscovery
TLSTelephoneRegisterLKP
TLSTriggerReGenKey
TLSUpgradeLicense
TLSUpgradeLicenseEx

Sections

.text
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7f0ecdc5f2585b9ec8f60ae66743e73f

Headers

File Characteristics

PDB Paths

Imports

msvcrt

activeds

ole32

oleaut32

rpcrt4

netapi32

advapi32

user32

kernel32

crypt32

regapi

Exports

Exports

Sections

.text Size: 106KB - Virtual size: 105KB

.data Size: 60KB - Virtual size: 62KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 106KB - Virtual size: 105KB

.data
Size: 60KB - Virtual size: 62KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB