3fd4644eb5979f63b00b86eea18ed66f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3fd4644eb5979f63b00b86eea18ed66f_JaffaCakes118
Size

329KB
MD5

3fd4644eb5979f63b00b86eea18ed66f
SHA1

c4d882cd5cb3c818d462d66c44638c97df053d2e
SHA256

e8915f2bbf3ab24b14b903b80aa134abcf0463e6ff4bf510dbef1597f5b1d976
SHA512

a46614bad6a7aae83127a202c303fa6c1d38f0eab6b6e08f93498b7db84a44e0c0a3d54c48fbe8813180d75fd1d98fb689f0b6b67c594f79f5dc18d54d909b8a
SSDEEP

6144:9/FeusogsANigEIJVxE6XSo/oWJpXYiommDFfwzRp+ES98rQfSbNljtQM:9/VgsANigRJ4wXMmmyzR7S2rQ6bNdt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3fd4644eb5979f63b00b86eea18ed66f_JaffaCakes118

Files

3fd4644eb5979f63b00b86eea18ed66f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6759ae7220f14ed8142dfe29feae2887

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msasn1

ASN1charstring_free
ASN1_CloseEncoder
ASN1_Encode
ASN1octetstring_free
ASN1BERDecCharString
ASN1BERDecEndOfContents
ASN1BERDecZeroCharString
ASN1BERDecExplicitTag
ASN1BEREncS32
ASN1BEREncOctetString
ASN1_CloseDecoder
ASN1BERDecSkip
ASN1_FreeDecoded
ASN1_CreateDecoder
ASN1BEREncEndOfContents
ASN1BEREncObjectIdentifier
ASN1bitstring_free
ASN1BERDecBool
ASN1BERDecU32Val
ASN1intxisuint32
ASN1DecSetError
ASN1BEREncU32
ASN1BERDecOpenType2
ASN1_Decode
ASN1_CreateEncoder
ASN1ztcharstring_free
ASN1BERDecPeekTag
ASN1objectidentifier_free
ASN1intx_setuint32
ASN1BEREncBitString
ASN1BEREncExplicitTag
ASN1BEREncOpenType
ASN1_CreateModule
ASN1BEREncCharString
ASN1intx_free
ASN1BERDecGeneralizedTime
ASN1BERDecBitString
ASN1BERDecS32Val
ASN1BERDecObjectIdentifier
ASN1BERDecNotEndOfContents
ASN1CEREncGeneralizedTime
ASN1_FreeEncoded
ASN1intx2int32
ASN1BERDecOctetString
ASN1intx2uint32
ASN1DecAlloc
ASN1BEREncBool
ASN1EncSetError
ASN1BERDecSXVal
ASN1Free
ASN1BEREncSX

ntdll

RtlLookupElementGenericTable
RtlEqualDomainName
RtlDeleteTimerQueue
RtlDeleteResource
RtlCreateTimer
RtlUniform
RtlAddAccessAllowedAce
RtlFreeAnsiString
RtlCompareUnicodeString
RtlValidSid
RtlIntegerToUnicodeString
RtlFreeSid
RtlSetDaclSecurityDescriptor
RtlAppendUnicodeStringToString
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
NtSetSecurityObject
RtlLengthRequiredSid
RtlSubAuthorityCountSid
RtlReleaseResource
RtlNtStatusToDosError
DbgPrint
RtlVerifyVersionInfo
NtCreateEvent
NtOpenEvent
RtlDeleteCriticalSection
NtAllocateLocallyUniqueId
NtWaitForSingleObject
RtlInsertElementGenericTable
RtlCopySid
NtQuerySystemTime
RtlInitializeResource
RtlCreateAcl
RtlInitializeCriticalSection
RtlAnsiStringToUnicodeString
RtlTimeFieldsToTime
NtOpenProcessToken
RtlInitAnsiString
RtlFreeUnicodeString
RtlGetElementGenericTable
RtlEnterCriticalSection
RtlPrefixUnicodeString
RtlAllocateAndInitializeSid
NtOpenThreadToken
NtAllocateVirtualMemory
RtlInitializeGenericTable
RtlDowncaseUnicodeString
RtlOemStringToUnicodeString
RtlCompareMemory
RtlCreateSecurityDescriptor
NtClose
NtQueryInformationToken
RtlInsertElementGenericTableAvl
RtlEraseUnicodeString
RtlInitializeGenericTableAvl
RtlEqualUnicodeString
RtlSubAuthoritySid
RtlConvertSharedToExclusive
RtlAcquireResourceShared
RtlTimeToTimeFields
RtlRegisterWait
RtlCopyUnicodeString
RtlRunDecodeUnicodeString
RtlEqualSid
RtlLookupElementGenericTableAvl
RtlSystemTimeToLocalTime
RtlCreateTimerQueue
RtlInitializeSid
RtlLengthSid
RtlLeaveCriticalSection
RtlDeleteElementGenericTable
RtlDeregisterWait
NtDuplicateObject
VerSetConditionMask
RtlCopyLuid
RtlAcquireResourceExclusive
NtQuerySystemInformation
RtlConvertSidToUnicodeString

msvcrt

_ultoa
_vsnprintf
qsort
strchr
wcscpy
_stricmp
swprintf
wcslen
strrchr
sscanf
wcstoul
free
_initterm
wcsrchr
sprintf
_except_handler3
wcscmp
_strcmpi
_wcsicmp
wcsspn
_strnicmp
wcscat
malloc
_wcsnicmp
_adjust_fdiv

user32

wsprintfW
CharLowerBuffW

kernel32

InterlockedCompareExchange
GetLastError
ExpandEnvironmentStringsW
CloseHandle
TerminateProcess
lstrcpyW
CreateFileA
LocalFree
EnterCriticalSection
GetCurrentThread
CreateFileMappingW
OpenFileMappingW
RaiseException
MapViewOfFileEx
FreeLibrary
CreateFileW
DebugBreak
lstrcmpiA
GetEnvironmentVariableW
GetModuleFileNameW
InitializeCriticalSection
GetSystemInfo
GetCurrentProcessId
GetComputerNameW
GetCurrentProcess
UnmapViewOfFile
RegisterWaitForSingleObjectEx
LeaveCriticalSection
SetUnhandledExceptionFilter
FileTimeToSystemTime
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
UnregisterWait
UnhandledExceptionFilter
GetProfileStringA
OpenEventW
FormatMessageW
SetEvent
GetProcAddress
CreateEventW
VirtualAlloc
LoadLibraryA
QueryPerformanceCounter
LoadLibraryW
OutputDebugStringA
DeleteCriticalSection
GetComputerNameExW
WriteFile
lstrlenA
InterlockedExchangeAdd
GetLocalTime
Sleep
GetTickCount
GetModuleHandleW
GetCurrentThreadId
lstrcmpW
GetACP
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
LocalAlloc
GetModuleFileNameA
lstrlenW
MultiByteToWideChar
InterlockedExchange

cryptdll

CDGenerateRandomBits
MD5Final
MD5Update
CDFindCommonCSystemWithKey
CDBuildIntegrityVect
CDLocateCheckSum
CDLocateCSystem
MD5Init

advapi32

RegisterTraceGuidsW
RegNotifyChangeKeyValue
CryptCreateHash
CredUnmarshalCredentialW
OpenProcessToken
CryptSetProvParam
CredFree
RegEnumKeyExW
RevertToSelf
QueryServiceConfigW
QueryServiceStatus
RegQueryInfoKeyW
TraceEvent
RegSetValueExW
RegDeleteValueW
RegConnectRegistryW
CryptDestroyHash
OpenSCManagerW
GetTokenInformation
OpenServiceW
ReportEventW
OpenThreadToken
CryptHashData
CryptGetHashParam
RegOpenKeyW
CryptReleaseContext
RegOpenKeyExW
RegCreateKeyExW
SystemFunction006
CloseServiceHandle
RegisterEventSourceW
GetTraceLoggerHandle
RegCloseKey
FreeSid
SystemFunction007
RegQueryValueExW
AllocateAndInitializeSid
LookupAccountSidW
SetThreadToken
DeregisterEventSource
CryptAcquireContextW
CryptGetProvParam

secur32

CredMarshalTargetInfo
LsaFreeReturnBuffer
CredUnmarshalTargetInfo
FreeContextBuffer
LsaGetLogonSessionData

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6759ae7220f14ed8142dfe29feae2887

Headers

DLL Characteristics

File Characteristics

Imports

msasn1

ntdll

msvcrt

user32

kernel32

cryptdll

advapi32

secur32

Sections

.text Size: 18KB - Virtual size: 17KB

.data Size: 9KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 36KB - Virtual size: 36KB

.rdata Size: 264KB - Virtual size: 263KB

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 9KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 36KB - Virtual size: 36KB

.rdata
Size: 264KB - Virtual size: 263KB