40df881176d03c1560469677e2ec0b90_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

40df881176d03c1560469677e2ec0b90_JaffaCakes118
Size

588KB
MD5

40df881176d03c1560469677e2ec0b90
SHA1

e76fdf3ce9af3b29adf1a5516804532f054d0969
SHA256

85c9d052a816eb9c82101bd0d66741fdc98c03c564bc7b8ce9b3d4253e541dcf
SHA512

d8328a884c75e9dffcd6d1d9ec1f34826229227198997c50c8ac5d8c9922ae8b4df975582c0adcf1486d1c32cb11641b983f52bfbc84723601c06e2caad8cd8e
SSDEEP

6144:zCNz6ZZVOezAURkhKk/ovaVqh81TsHFBOHLTFCqqDL61k1x:+qvkhKnaVHTu6qn62

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40df881176d03c1560469677e2ec0b90_JaffaCakes118

Files

40df881176d03c1560469677e2ec0b90_JaffaCakes118
.dll windows:4 windows x86 arch:x86

774ce6d74de7f803e36d13f3c0cb0a8e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

r:\pismere\athena\auth\krb5\src\lib\obj\i386\rel\krb5_32.pdb

Imports

kernel32

GetStdHandle
GetConsoleMode
SetConsoleMode
GetPrivateProfileStringA
RaiseException
InterlockedExchange
SetLastError
GetEnvironmentVariableA
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
lstrcpyW
MultiByteToWideChar
GetSystemTimeAsFileTime
CompareFileTime
LocalAlloc
GetLastError
CreateMutexA
CloseHandle
ReleaseMutex
WaitForSingleObject
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExW
GetCurrentProcess
GetModuleHandleW
lstrcpyA
WideCharToMultiByte
GetCPInfo
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalFree

ws2_32

getsockopt
shutdown
__WSAFDIsSet
WSASend
recv
ioctlsocket
setsockopt
send
getpeername
select
socket
inet_addr
connect
getsockname
closesocket
gethostbyname
getservbyname
gethostname
WSAGetLastError
WSACleanup
WSAStartup
ntohl
htonl
htons
ntohs

user32

SetWindowLongA
SetDlgItemTextA
GetWindowLongA
GetDlgItemTextA
EndDialog
DialogBoxParamA
GetWindowRect
GetDC
ReleaseDC
MoveWindow
RegisterWindowMessageA
PostMessageA

gdi32

GetDeviceCaps

Exports

Exports

afs_string_to_key
decode_krb5_ap_req
des_ecb_encrypt
des_init_random_number_generator
des_key_sched
des_new_random_key
des_pcbc_encrypt
des_quad_cksum
des_string_to_key
krb5_425_conv_principal
krb5_524_conv_principal
krb5_524_convert_creds
krb5_address_compare
krb5_address_order
krb5_address_search
krb5_aname_to_localname
krb5_appdefault_boolean
krb5_appdefault_string
krb5_auth_con_free
krb5_auth_con_genaddrs
krb5_auth_con_get_checksum_func
krb5_auth_con_getaddrs
krb5_auth_con_getauthenticator
krb5_auth_con_getflags
krb5_auth_con_getkey
krb5_auth_con_getlocalseqnumber
krb5_auth_con_getlocalsubkey
krb5_auth_con_getrcache
krb5_auth_con_getrecvsubkey
krb5_auth_con_getremoteseqnumber
krb5_auth_con_getremotesubkey
krb5_auth_con_getsendsubkey
krb5_auth_con_init
krb5_auth_con_initivector
krb5_auth_con_set_checksum_func
krb5_auth_con_set_req_cksumtype
krb5_auth_con_setaddrs
krb5_auth_con_setflags
krb5_auth_con_setports
krb5_auth_con_setrcache
krb5_auth_con_setrecvsubkey
krb5_auth_con_setsendsubkey
krb5_auth_con_setuseruserkey
krb5_build_principal
krb5_build_principal_ext
krb5_build_principal_va
krb5_c_block_size
krb5_c_checksum_length
krb5_c_decrypt
krb5_c_encrypt
krb5_c_encrypt_length
krb5_c_enctype_compare
krb5_c_is_coll_proof_cksum
krb5_c_is_keyed_cksum
krb5_c_keyed_checksum_types
krb5_c_make_checksum
krb5_c_make_random_key
krb5_c_prf
krb5_c_prf_length
krb5_c_random_make_octets
krb5_c_random_seed
krb5_c_string_to_key
krb5_c_string_to_key_with_params
krb5_c_valid_cksumtype
krb5_c_valid_enctype
krb5_c_verify_checksum
krb5_calculate_checksum
krb5_cc_close
krb5_cc_copy_creds
krb5_cc_default
krb5_cc_default_name
krb5_cc_destroy
krb5_cc_end_seq_get
krb5_cc_gen_new
krb5_cc_get_name
krb5_cc_get_principal
krb5_cc_get_type
krb5_cc_initialize
krb5_cc_new_unique
krb5_cc_next_cred
krb5_cc_remove_cred
krb5_cc_resolve
krb5_cc_retrieve_cred
krb5_cc_set_default_name
krb5_cc_set_flags
krb5_cc_start_seq_get
krb5_cc_store_cred
krb5_cccol_cursor_free
krb5_cccol_cursor_new
krb5_cccol_cursor_next
krb5_change_password
krb5_checksum_size
krb5_cksumtype_to_string
krb5_clear_error_message
krb5_copy_addresses
krb5_copy_authdata
krb5_copy_authenticator
krb5_copy_checksum
krb5_copy_context
krb5_copy_creds
krb5_copy_data
krb5_copy_keyblock
krb5_copy_keyblock_contents
krb5_copy_principal
krb5_copy_ticket
krb5_decode_ticket
krb5_decrypt
krb5_decrypt_tkt_part
krb5_deltat_to_string
krb5_eblock_enctype
krb5_encrypt
krb5_encrypt_size
krb5_enctype_to_string
krb5_externalize_opaque
krb5_finish_key
krb5_finish_random_key
krb5_free_addresses
krb5_free_ap_rep_enc_part
krb5_free_ap_req
krb5_free_authdata
krb5_free_authenticator
krb5_free_checksum
krb5_free_checksum_contents
krb5_free_cksumtypes
krb5_free_config_files
krb5_free_context
krb5_free_cred_contents
krb5_free_creds
krb5_free_data
krb5_free_data_contents
krb5_free_default_realm
krb5_free_enc_tkt_part
krb5_free_error
krb5_free_error_message
krb5_free_host_realm
krb5_free_keyblock
krb5_free_keyblock_contents
krb5_free_keytab_entry_contents
krb5_free_ktypes
krb5_free_principal
krb5_free_tgt_creds
krb5_free_ticket
krb5_free_unparsed_name
krb5_fwd_tgt_creds
krb5_get_credentials
krb5_get_credentials_renew
krb5_get_credentials_validate
krb5_get_default_config_files
krb5_get_default_realm
krb5_get_error_message
krb5_get_host_realm
krb5_get_in_tkt
krb5_get_in_tkt_with_keytab
krb5_get_in_tkt_with_password
krb5_get_in_tkt_with_skey
krb5_get_init_creds_keytab
krb5_get_init_creds_opt_alloc
krb5_get_init_creds_opt_free
krb5_get_init_creds_opt_free_pa
krb5_get_init_creds_opt_get_pa
krb5_get_init_creds_opt_init
krb5_get_init_creds_opt_set_address_list
krb5_get_init_creds_opt_set_change_password_prompt
krb5_get_init_creds_opt_set_etype_list
krb5_get_init_creds_opt_set_forwardable
krb5_get_init_creds_opt_set_pa
krb5_get_init_creds_opt_set_preauth_list
krb5_get_init_creds_opt_set_proxiable
krb5_get_init_creds_opt_set_renew_life
krb5_get_init_creds_opt_set_salt
krb5_get_init_creds_opt_set_tkt_life
krb5_get_init_creds_password
krb5_get_permitted_enctypes
krb5_get_prompt_types
krb5_get_renewed_creds
krb5_get_server_rcache
krb5_get_tgs_ktypes
krb5_get_time_offsets
krb5_get_validated_creds
krb5_init_context
krb5_init_keyblock
krb5_init_random_key
krb5_init_secure_context
krb5_internalize_opaque
krb5_is_referral_realm
krb5_is_thread_safe
krb5_kt_add_entry
krb5_kt_close
krb5_kt_default
krb5_kt_default_name
krb5_kt_end_seq_get
krb5_kt_free_entry
krb5_kt_get_entry
krb5_kt_get_name
krb5_kt_get_type
krb5_kt_next_entry
krb5_kt_read_service_key
krb5_kt_remove_entry
krb5_kt_resolve
krb5_kt_start_seq_get
krb5_kuserok
krb5_mk_1cred
krb5_mk_error
krb5_mk_ncred
krb5_mk_priv
krb5_mk_rep
krb5_mk_req
krb5_mk_req_extended
krb5_mk_safe
krb5_os_localaddr
krb5_parse_name
krb5_principal2salt
krb5_principal_compare
krb5_process_key
krb5_prompter_posix
krb5_random_key
krb5_rc_close
krb5_rd_cred
krb5_rd_error
krb5_rd_priv
krb5_rd_rep
krb5_rd_req
krb5_rd_safe
krb5_read_password
krb5_realm_compare
krb5_recvauth
krb5_recvauth_version
krb5_salttype_to_string
krb5_sendauth
krb5_ser_auth_context_init
krb5_ser_ccache_init
krb5_ser_context_init
krb5_ser_keytab_init
krb5_ser_pack_bytes
krb5_ser_pack_int32
krb5_ser_rcache_init
krb5_ser_unpack_bytes
krb5_ser_unpack_int32
krb5_server_decrypt_ticket_keytab
krb5_set_default_realm
krb5_set_default_tgs_enctypes
krb5_set_error_message
krb5_set_password
krb5_set_password_using_ccache
krb5_set_principal_realm
krb5_set_real_time
krb5_size_opaque
krb5_sname_to_principal
krb5_string_to_cksumtype
krb5_string_to_deltat
krb5_string_to_enctype
krb5_string_to_key
krb5_string_to_salttype
krb5_string_to_timestamp
krb5_timeofday
krb5_timestamp_to_sfstring
krb5_timestamp_to_string
krb5_unparse_name
krb5_unparse_name_ext
krb5_us_timeofday
krb5_use_enctype
krb5_verify_checksum
krb5_verify_init_creds
krb5_verify_init_creds_opt_init
krb5_verify_init_creds_opt_set_ap_req_nofail
krb5_vset_error_message
krb5int_accessor
krb5int_cc_default

Sections

.text
Size: 480KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

774ce6d74de7f803e36d13f3c0cb0a8e

Headers

File Characteristics

PDB Paths

Imports

kernel32

ws2_32

user32

gdi32

Exports

Exports

Sections

.text Size: 480KB - Virtual size: 477KB

.rdata Size: 76KB - Virtual size: 73KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 17KB

.text
Size: 480KB - Virtual size: 477KB

.rdata
Size: 76KB - Virtual size: 73KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 17KB