3ba02d5dd86a10cf35793008509504e7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3ba02d5dd86a10cf35793008509504e7_JaffaCakes118
Size

418KB
MD5

3ba02d5dd86a10cf35793008509504e7
SHA1

1f9426f50fac45baeb2934f82490c74b2812108b
SHA256

bb090636f9d4454cff5b030dba9768aaf493f55e82901ccbba384cc0b0d83bdc
SHA512

da6499079deeb1c9ee42eb5f34684f2446516dd7911fcc05fcf4d9569c76d4c3204a3b9b9f49d063d9e2df26b9d87fd0ea62baf1727542f0160e80f5e68b8c1f
SSDEEP

6144:sQKkP7JYQC/K0TQ6pA8uNSV0PlAE+48OBI+s0ALljD2TYLPGVDgz9tAh1ojiB9Vv:ndYl/orNZ+sB208v2T8PGVDgBtAv9Vv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ba02d5dd86a10cf35793008509504e7_JaffaCakes118

Files

3ba02d5dd86a10cf35793008509504e7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b9fa3f37c80a4fc265d1aca275a59960

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

RtlDeregisterWait
RtlInsertElementGenericTable
RtlTimeFieldsToTime
RtlEraseUnicodeString
RtlGetElementGenericTable
RtlCreateSecurityDescriptor
RtlEqualSid
RtlDeleteCriticalSection
RtlValidSid
NtOpenEvent
RtlLengthRequiredSid
RtlLookupElementGenericTableAvl
RtlDeleteResource
RtlCreateTimerQueue
RtlCopyUnicodeString
RtlInsertElementGenericTableAvl
NtQueryInformationToken
RtlUnicodeStringToAnsiString
RtlTimeToTimeFields
RtlInitAnsiString
RtlDeleteTimerQueue
RtlInitUnicodeString
RtlPrefixUnicodeString
RtlReleaseResource
RtlAcquireResourceShared
RtlIntegerToUnicodeString
RtlInitializeGenericTable
RtlOemStringToUnicodeString
RtlConvertSharedToExclusive
RtlEnterCriticalSection
NtQuerySystemTime
RtlAppendUnicodeStringToString
RtlLeaveCriticalSection
RtlAllocateAndInitializeSid
RtlInitializeResource
RtlEqualUnicodeString
NtSetSecurityObject
NtCreateEvent
RtlLookupElementGenericTable
RtlEqualDomainName
RtlCompareUnicodeString
RtlUpcaseUnicodeString
RtlFreeUnicodeString
RtlCopyLuid
RtlCreateTimer
RtlFreeSid
NtOpenThreadToken
RtlAnsiStringToUnicodeString
NtAllocateLocallyUniqueId
RtlSystemTimeToLocalTime
RtlRegisterWait
RtlCreateAcl
RtlAddAccessAllowedAce
RtlConvertSidToUnicodeString
RtlSetDaclSecurityDescriptor
RtlInitializeGenericTableAvl
RtlCompareMemory
RtlVerifyVersionInfo
NtDuplicateObject
RtlAcquireResourceExclusive
RtlCopySid
RtlSubAuthoritySid
DbgPrint
RtlUniform
NtQuerySystemInformation
RtlInitializeCriticalSection
RtlInitializeSid
RtlDowncaseUnicodeString
RtlFreeAnsiString
RtlSubAuthorityCountSid
NtClose
NtWaitForSingleObject
NtOpenProcessToken
RtlLengthSid
VerSetConditionMask
NtAllocateVirtualMemory
RtlDeleteElementGenericTable
RtlNtStatusToDosError

kernel32

UnhandledExceptionFilter
lstrcmpW
WriteFile
SetUnhandledExceptionFilter
DeleteCriticalSection
GetModuleHandleW
GetCurrentThreadId
GetComputerNameExW
MapViewOfFileEx
lstrlenW
CreateFileMappingW
GetEnvironmentVariableW
GetSystemInfo
InitializeCriticalSection
EnterCriticalSection
GetLocalTime
GetACP
FormatMessageW
GetLastError
lstrcpyW
UnmapViewOfFile
FileTimeToSystemTime
Sleep
DebugBreak
OutputDebugStringA
LocalFree
LoadLibraryW
RegisterWaitForSingleObjectEx
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
CreateFileA
lstrlenA
WideCharToMultiByte
RaiseException
GetTickCount
GetProcAddress
LoadLibraryA
GetModuleFileNameA
SetEvent
GetCurrentThread
CreateFileW
LocalAlloc
QueryPerformanceCounter
DisableThreadLibraryCalls
CreateEventW
VirtualAlloc
GetProfileStringA
InterlockedIncrement
OpenFileMappingW
LeaveCriticalSection
GetCurrentProcessId
ExpandEnvironmentStringsW
TerminateProcess
lstrcmpiA
InterlockedExchange
OpenEventW
GetComputerNameW
UnregisterWait
MultiByteToWideChar
InterlockedDecrement
FreeLibrary
InterlockedCompareExchange
InterlockedExchangeAdd
GetModuleFileNameW

cryptdll

CDGenerateRandomBits
CDLocateCheckSum
MD5Update
MD5Init
CDBuildIntegrityVect
MD5Final
CDFindCommonCSystemWithKey
CDLocateCSystem

msasn1

ASN1Free
ASN1DecSetError
ASN1BEREncExplicitTag
ASN1BERDecCharString
ASN1BEREncBool
ASN1EncSetError
ASN1_CreateModule
ASN1BERDecSkip
ASN1BERDecOctetString
ASN1BEREncS32
ASN1_CloseEncoder
ASN1BERDecObjectIdentifier
ASN1_CloseDecoder
ASN1intx2uint32
ASN1BERDecExplicitTag
ASN1_Decode
ASN1octetstring_free
ASN1intx_free
ASN1BERDecOpenType2
ASN1BERDecBitString
ASN1BERDecU32Val
ASN1BEREncBitString
ASN1BERDecSXVal
ASN1BERDecPeekTag
ASN1bitstring_free
ASN1BEREncOctetString
ASN1BEREncOpenType
ASN1BERDecNotEndOfContents
ASN1_FreeEncoded
ASN1_FreeDecoded
ASN1charstring_free
ASN1BEREncEndOfContents
ASN1intxisuint32
ASN1_CreateEncoder
ASN1intx2int32
ASN1BERDecGeneralizedTime
ASN1BEREncSX
ASN1BERDecEndOfContents
ASN1BERDecZeroCharString
ASN1ztcharstring_free
ASN1_CreateDecoder
ASN1DecAlloc
ASN1BERDecBool
ASN1_Encode
ASN1BEREncU32
ASN1BERDecS32Val
ASN1CEREncGeneralizedTime
ASN1BEREncCharString
ASN1BEREncObjectIdentifier
ASN1intx_setuint32
ASN1objectidentifier_free

user32

wsprintfW
CharLowerBuffW

msvcrt

_ultoa
wcstoul
qsort
wcscat
strrchr
_wcsnicmp
_initterm
sprintf
_vsnprintf
malloc
_stricmp
free
wcscpy
_adjust_fdiv
wcscmp
_except_handler3
swprintf
_strnicmp
strchr
sscanf
_wcsicmp
_strcmpi
wcslen
wcsrchr
wcsspn

secur32

LsaFreeReturnBuffer
FreeContextBuffer
CredMarshalTargetInfo
CredUnmarshalTargetInfo
LsaGetLogonSessionData

advapi32

RegCreateKeyExW
OpenServiceW
CryptSetProvParam
RegEnumKeyExW
RegQueryValueExW
QueryServiceConfigW
RegSetValueExW
GetTraceLoggerHandle
OpenThreadToken
CryptGetProvParam
RegOpenKeyW
SystemFunction006
OpenSCManagerW
CryptReleaseContext
SetThreadToken
CloseServiceHandle
RegisterEventSourceW
RegNotifyChangeKeyValue
LookupAccountSidW
RegDeleteValueW
CryptDestroyHash
RegConnectRegistryW
CredFree
RegOpenKeyExW
SystemFunction007
OpenProcessToken
RegisterTraceGuidsW
CredUnmarshalCredentialW
CryptHashData
TraceEvent
DeregisterEventSource
CryptCreateHash
CryptGetHashParam
QueryServiceStatus
ReportEventW
CryptAcquireContextW
AllocateAndInitializeSid
RevertToSelf
RegCloseKey
RegQueryInfoKeyW
FreeSid
GetTokenInformation

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 928KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 371KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b9fa3f37c80a4fc265d1aca275a59960

Headers

File Characteristics

Imports

ntdll

kernel32

cryptdll

msasn1

user32

msvcrt

secur32

advapi32

Sections

.text Size: 13KB - Virtual size: 12KB

.reloc Size: 512B - Virtual size: 20B

.data Size: 28KB - Virtual size: 928KB

.rsrc Size: 371KB - Virtual size: 370KB

.rdata Size: 4KB - Virtual size: 4KB

.text
Size: 13KB - Virtual size: 12KB

.reloc
Size: 512B - Virtual size: 20B

.data
Size: 28KB - Virtual size: 928KB

.rsrc
Size: 371KB - Virtual size: 370KB

.rdata
Size: 4KB - Virtual size: 4KB