38b39f317ba68197667613e2156aeb46_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

38b39f317ba68197667613e2156aeb46_JaffaCakes118
Size

89KB
MD5

38b39f317ba68197667613e2156aeb46
SHA1

16ab04bb470cdf14e56c384e6ef054499146d842
SHA256

bc862b3724c79f6254417c4353970a110a2e7ede41b5861e9d5a583813b00533
SHA512

96f0d0e6babdf3b4f733bd7fb0f324653a8210a8b3b1f94aa91b8d24c4265541058b01beab3e9a822005dfb61e1890ef33be75599deefeb1d1a9cc640fbc973d
SSDEEP

1536:klY0psa+JyZY5Zo6kWQjL3FSyrQcgjGygv4h5B8C2/yEin5xZ1oaU:kG0psa+JyZYgqcL3F7Qcg6n4Synn531S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38b39f317ba68197667613e2156aeb46_JaffaCakes118

Files

38b39f317ba68197667613e2156aeb46_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3dbcd52241079c57e3007d1f40e639be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

malloc
bsearch
_wcsicmp
_ltow
memcpy
isdigit
qsort
_onexit
_snprintf
strncmp
atol
_itow
sprintf
memmove
_except_handler3
free
wcscmp
_initterm
strtoul
isxdigit
_ultoa
wcschr
isupper
_snwprintf
_adjust_fdiv
wcscpy
_wcsnicmp
__dllonexit
wcslen
wcscat
strncpy
_ltoa

advapi32

SetSecurityDescriptorGroup
RegNotifyChangeKeyValue
GetSecurityDescriptorOwner
RegEnumValueA
RegQueryInfoKeyA
CloseServiceHandle
MD5Init
SetSecurityDescriptorDacl
CryptSetHashParam
OpenThreadToken
CryptDestroyKey
RegQueryValueExA
RegDeleteValueA
CryptGenKey
InitializeAcl
QueryServiceStatus
RegQueryInfoKeyW
CryptDecrypt
GetSidIdentifierAuthority
CryptImportKey
CryptGetKeyParam
RegDeleteKeyA
RegEnumKeyA
CryptSetKeyParam
FreeSid
LockServiceDatabase
MD5Final
CryptGetUserKey
CryptGetProvParam
RegEnumValueW
StartServiceA
CryptHashData
CryptGetDefaultProviderW
CryptExportKey
RegCloseKey
CryptDestroyHash
RegQueryValueExW
RegDeleteKeyW
RegOpenKeyExW
LookupAccountSidW
RegSetValueExW
LookupPrivilegeValueA
GetAce
OpenSCManagerW
IsValidSid
GetSecurityDescriptorDacl
GetSidSubAuthorityCount
CryptAcquireContextA
GetUserNameW
OpenProcessToken
AdjustTokenPrivileges
RegSetValueExA
RegGetKeySecurity
RegConnectRegistryA
UnlockServiceDatabase
A_SHAUpdate
SystemFunction040
RegCreateKeyExA
CryptCreateHash
AddAccessAllowedAce
CryptVerifySignatureA
GetSidSubAuthority
RegConnectRegistryW
StartServiceW
CryptEncrypt
RegEnumKeyExW
ChangeServiceConfigA
CopySid
QueryServiceConfigA
GetUserNameA
CryptSetProviderA
LsaNtStatusToWinError
CryptGenRandom
CryptSetProvParam
EqualSid
CryptSignHashA
RegSetKeySecurity
SetSecurityDescriptorOwner
CryptReleaseContext
GetLengthSid
A_SHAInit
A_SHAFinal
ControlService
CryptGetHashParam
InitializeSecurityDescriptor
RegCreateKeyExW
RegOpenKeyExA
OpenServiceW
AllocateAndInitializeSid
GetTokenInformation
CryptDeriveKey
RegDeleteValueW
MD5Update
SystemFunction041
RegEnumKeyExA

kernel32

SetUnhandledExceptionFilter
CreateDirectoryA
EnterCriticalSection
InterlockedExchange
UnhandledExceptionFilter
GetProcAddress
OpenFileMappingW
GetModuleFileNameA
ReadFile
GetSystemTimeAsFileTime
UnmapViewOfFile
CompareFileTime
ExpandEnvironmentStringsW
PulseEvent
GetLastError
GetTimeFormatA
TlsAlloc
FileTimeToSystemTime
WriteFile
FreeLibraryAndExitThread
CloseHandle
DeleteFileA
CreateMutexA
FindNextFileA
FormatMessageA
CreateFileA
FileTimeToLocalFileTime
LeaveCriticalSection
GetACP
MultiByteToWideChar
LoadLibraryExW
InterlockedCompareExchange
GetTempFileNameA
GetTimeFormatW
CompareStringA
FindFirstChangeNotificationA
TlsSetValue
GetTickCount
GetEnvironmentVariableA
CreateMutexW
CreateFileMappingA
GetFileAttributesA
LocalAlloc
SetEvent
OutputDebugStringA
GetModuleHandleA
LoadLibraryA
TlsGetValue
WaitForMultipleObjectsEx
GetVersionExA
DeleteCriticalSection
InterlockedDecrement
LocalFree
MapViewOfFile
GetCurrentThread
lstrcatA
CompareStringW
lstrcpyA
GetCurrentProcessId
OpenMutexA
FormatMessageW
GetUserDefaultLCID
GetTempPathA
InterlockedIncrement
OpenEventA
FreeLibrary
FindNextChangeNotification
GetSystemDefaultLangID
SetLastError
LoadLibraryExA
SetFileAttributesW
FindClose
SetEndOfFile
GetFileAttributesW
ExpandEnvironmentStringsA
GetCurrentProcess
ExitThread
CreateEventA
GetComputerNameW
DeleteFileW
CreateFileMappingW
OpenMutexW
WaitForSingleObjectEx
GetComputerNameA
GetFileSize
SetFileAttributesA
WideCharToMultiByte
lstrcmpA
Sleep
InitializeCriticalSection
FindFirstFileA
ReleaseMutex
GetDateFormatW
DelayLoadFailureHook
FindCloseChangeNotification
FindNextFileW
lstrlenW
TerminateProcess
VirtualAlloc
FindFirstChangeNotificationW
GetFileAttributesExW
TlsFree
QueryPerformanceCounter
SystemTimeToFileTime
lstrlenA
CreateFileW
GetCurrentThreadId
CreateDirectoryW
SetFilePointer
FindFirstFileW
CreateThread
WaitForSingleObject
DuplicateHandle
GetSystemTime
LocalReAlloc
GetLocalTime
LocalSize
GetModuleFileNameW

rpcrt4

RpcStringFreeW
RpcBindingSetAuthInfoExW
RpcImpersonateClient
RpcRevertToSelf
RpcBindingFree
RpcBindingFromStringBindingA
UuidToStringA
RpcStringBindingComposeA
RpcStringBindingComposeW
RpcStringFreeA
NdrClientCall2
UuidCreate
RpcEpResolveBinding
RpcBindingFromStringBindingW

adsldpc

ADsFreeColumn

user32

wsprintfW
wsprintfA
GetSystemMetrics
GetProcessDefaultLayout
LoadStringW
MessageBoxA
LoadStringA
MessageBoxW

msasn1

ASN1BERDotVal2Eoid
ASN1char16string_free
ASN1BERDecSXVal
ASN1_CreateDecoder
ASN1DecRealloc
ASN1_Decode
ASN1CEREncGeneralizedTime
ASN1charstring_free
ASN1intx_free
ASN1_Encode
ASN1_SetEncoderOption
ASN1BERDecChar16String
ASN1BERDecUTCTime
ASN1BERDecBool
ASN1_CloseModule
ASN1EncSetError
ASN1_CreateModule
ASN1BERDecEndOfContents
ASN1BERDecOpenType
ASN1BERDecUTF8String
ASN1BEREncOctetString
ASN1open_free
ASN1_CreateEncoder
ASN1CEREncFlushBlkElement
ASN1BEREoid2DotVal
ASN1BERDecObjectIdentifier2
ASN1BEREncSX
ASN1bitstring_free
ASN1CEREncNewBlkElement
ASN1BERDecOpenType2
ASN1BERDecMultibyteString
ASN1_CloseDecoder
ASN1BEREncEndOfContents
ASN1BERDecZeroCharString
ASN1BEREncChar32String
ASN1BEREncExplicitTag
ASN1BERDecChar32String
ASN1BERDecEoid
ASN1_CloseEncoder
ASN1octetstring_free
ASN1BERDecPeekTag
ASN1CEREncUTCTime
ASN1utf8string_free
ASN1BEREoid_free
ASN1BEREncUTF8String
ASN1BERDecGeneralizedTime
ASN1BERDecExplicitTag
ASN1BEREncChar16String
ASN1objectidentifier2_cmp
ASN1BEREncObjectIdentifier2
ASN1Free
ASN1BERDecOctetString2
ASN1BEREncEoid
ASN1BERDecNotEndOfContents
ASN1BERDecBitString
ASN1char32string_free
ASN1BERDecBitString2
ASN1BERDecCharString
ASN1_FreeDecoded
ASN1BEREncOpenType
ASN1DecSetError
ASN1BERDecS32Val
ASN1CEREncEndBlk
ASN1BEREncS32
ASN1BEREncBitString
ASN1BEREncBool
ASN1ztcharstring_free
ASN1BERDecU32Val
ASN1BERDecOctetString
ASN1CEREncBeginBlk
ASN1BEREncMultibyteString
ASN1BEREncU32
ASN1_FreeEncoded
ASN1BEREncCharString

Sections

.textbss
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3dbcd52241079c57e3007d1f40e639be

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

rpcrt4

adsldpc

user32

msasn1

Sections

.textbss Size: - Virtual size: 1.2MB

.text Size: 512B - Virtual size: 412B

.rdata Size: 512B - Virtual size: 32B

.reloc Size: 1024B - Virtual size: 816B

.idata Size: 86KB - Virtual size: 85KB

.textbss
Size: - Virtual size: 1.2MB

.text
Size: 512B - Virtual size: 412B

.rdata
Size: 512B - Virtual size: 32B

.reloc
Size: 1024B - Virtual size: 816B

.idata
Size: 86KB - Virtual size: 85KB