52f26ff070309668dcb82b8befa7f9b3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

52f26ff070309668dcb82b8befa7f9b3_JaffaCakes118
Size

378KB
MD5

52f26ff070309668dcb82b8befa7f9b3
SHA1

151c15b3fde0a6192d951748a0bd17811c582699
SHA256

dd546572626dc143e67c766a6ed1c11b1319fd37d5a1e0f5a8fc2e7387ea160c
SHA512

ce4fd9caebd9dcbfc224a73ddb8fb6bd1f5fd4a638e8c4902f4e5522ec2afaede5b558a77e1a0397a7e9ef28cbc7754fc00a939dc41f5ef5bbd26606c4c31969
SSDEEP

6144:AIAdH5h/NVsybke7mayNIDYuvOY8jEtFyGC3Iwb0Owc8nrspEBCf:AIIHf/NDkgmayNNumY5XWIwLLYrspYC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
52f26ff070309668dcb82b8befa7f9b3_JaffaCakes118

Files

52f26ff070309668dcb82b8befa7f9b3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8a212e8975eb84f6396ce488d10dc465

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

secur32

FreeContextBuffer
CredUnmarshalTargetInfo
LsaFreeReturnBuffer
LsaGetLogonSessionData
CredMarshalTargetInfo

user32

CharLowerBuffW
wsprintfW

advapi32

CryptGetProvParam
RegisterTraceGuidsW
TraceEvent
CryptReleaseContext
CryptAcquireContextW
AllocateAndInitializeSid
CredFree
OpenThreadToken
CredUnmarshalCredentialW
CryptHashData
RegQueryValueExW
RegNotifyChangeKeyValue
SystemFunction007
SetThreadToken
LookupAccountSidW
RegConnectRegistryW
RegDeleteValueW
DeregisterEventSource
CryptGetHashParam
GetTokenInformation
RegOpenKeyW
CloseServiceHandle
RevertToSelf
CryptSetProvParam
RegQueryInfoKeyW
FreeSid
RegCloseKey
RegOpenKeyExW
OpenServiceW
OpenProcessToken
ReportEventW
QueryServiceStatus
CryptCreateHash
RegEnumKeyExW
CryptDestroyHash
RegSetValueExW
GetTraceLoggerHandle
OpenSCManagerW
QueryServiceConfigW
RegisterEventSourceW
SystemFunction006
RegCreateKeyExW

msasn1

ASN1_CreateDecoder
ASN1BERDecSkip
ASN1BEREncCharString
ASN1CEREncGeneralizedTime
ASN1ztcharstring_free
ASN1objectidentifier_free
ASN1BEREncExplicitTag
ASN1BERDecNotEndOfContents
ASN1BERDecSXVal
ASN1DecAlloc
ASN1BERDecBitString
ASN1octetstring_free
ASN1_CreateEncoder
ASN1_CreateModule
ASN1DecSetError
ASN1_Encode
ASN1BEREncObjectIdentifier
ASN1bitstring_free
ASN1_FreeDecoded
ASN1BERDecBool
ASN1intx2uint32
ASN1BEREncOpenType
ASN1EncSetError
ASN1BEREncBitString
ASN1BERDecZeroCharString
ASN1BEREncU32
ASN1BERDecOpenType2
ASN1charstring_free
ASN1intxisuint32
ASN1intx_setuint32
ASN1BERDecObjectIdentifier
ASN1_Decode
ASN1BERDecS32Val
ASN1BERDecCharString
ASN1BERDecExplicitTag
ASN1BEREncEndOfContents
ASN1BERDecEndOfContents
ASN1intx_free
ASN1Free
ASN1BEREncS32
ASN1BEREncOctetString
ASN1BERDecGeneralizedTime
ASN1BEREncBool
ASN1BEREncSX
ASN1_FreeEncoded
ASN1BERDecOctetString
ASN1BERDecU32Val
ASN1BERDecPeekTag
ASN1_CloseEncoder
ASN1_CloseDecoder
ASN1intx2int32

msvcrt

_adjust_fdiv
wcsrchr
wcscmp
wcstoul
sprintf
_wcsnicmp
_except_handler3
wcscpy
_wcsicmp
_ultoa
sscanf
free
_vsnprintf
_initterm
wcsspn
qsort
_strcmpi
malloc
swprintf
_strnicmp
strrchr
strchr
wcscat
_stricmp
wcslen

kernel32

UnmapViewOfFile
InterlockedExchange
LoadLibraryW
SetUnhandledExceptionFilter
LocalAlloc
LoadLibraryA
GetComputerNameExW
MultiByteToWideChar
QueryPerformanceCounter
GetLocalTime
GetProcAddress
OpenFileMappingW
DebugBreak
InterlockedIncrement
GetProfileStringA
DeleteCriticalSection
GetModuleFileNameW
InterlockedDecrement
GetModuleHandleW
MapViewOfFileEx
GetACP
lstrlenW
VirtualAlloc
GetLastError
GetTickCount
GetCurrentProcessId
lstrcmpW
GetSystemTimeAsFileTime
WriteFile
UnhandledExceptionFilter
CloseHandle
EnterCriticalSection
ExpandEnvironmentStringsW
OpenEventW
WideCharToMultiByte
OutputDebugStringA
SetEvent
GetCurrentThread
TerminateProcess
lstrcpyW
DisableThreadLibraryCalls
InterlockedExchangeAdd
CreateFileW
CreateEventW
InterlockedCompareExchange
lstrcmpiA
GetCurrentThreadId
GetComputerNameW
LocalFree
RaiseException
RegisterWaitForSingleObjectEx
CreateFileMappingW
FreeLibrary
UnregisterWait
LeaveCriticalSection
GetCurrentProcess
InitializeCriticalSection
GetSystemInfo
lstrlenA
Sleep
GetModuleFileNameA
CreateFileA
FileTimeToSystemTime
GetEnvironmentVariableW
FormatMessageW

ntdll

NtQuerySystemTime
RtlReleaseResource
RtlInsertElementGenericTableAvl
NtCreateEvent
RtlDowncaseUnicodeString
RtlDeleteElementGenericTable
RtlCopyLuid
RtlLookupElementGenericTable
RtlCompareUnicodeString
RtlFreeAnsiString
RtlUpcaseUnicodeString
RtlUnicodeStringToAnsiString
RtlLengthRequiredSid
RtlEqualSid
NtSetSecurityObject
RtlCopySid
RtlEraseUnicodeString
RtlAnsiStringToUnicodeString
NtAllocateVirtualMemory
RtlDeleteResource
RtlTimeToTimeFields
RtlFreeSid
RtlAddAccessAllowedAce
RtlSetDaclSecurityDescriptor
RtlTimeFieldsToTime
RtlEqualDomainName
RtlSystemTimeToLocalTime
RtlCreateAcl
RtlEqualUnicodeString
VerSetConditionMask
RtlLeaveCriticalSection
RtlRunDecodeUnicodeString
RtlAppendUnicodeStringToString
NtWaitForSingleObject
RtlLookupElementGenericTableAvl
NtOpenProcessToken
RtlCopyUnicodeString
RtlInitUnicodeString
RtlInitializeResource
RtlNtStatusToDosError
RtlAcquireResourceShared
RtlEnterCriticalSection
RtlVerifyVersionInfo
RtlOemStringToUnicodeString
RtlDeregisterWait
RtlDeleteTimerQueue
RtlRegisterWait
RtlIntegerToUnicodeString
RtlCompareMemory
NtOpenEvent
NtAllocateLocallyUniqueId
RtlCreateSecurityDescriptor
RtlCreateTimer
RtlInsertElementGenericTable
RtlConvertSidToUnicodeString
RtlValidSid
RtlInitializeGenericTable
RtlInitializeCriticalSection
RtlGetElementGenericTable
RtlDeleteCriticalSection
RtlLengthSid
DbgPrint
RtlSubAuthorityCountSid
NtDuplicateObject
RtlAllocateAndInitializeSid
NtQueryInformationToken
RtlInitAnsiString
NtQuerySystemInformation
RtlConvertSharedToExclusive
RtlCreateTimerQueue
RtlInitializeGenericTableAvl
RtlAcquireResourceExclusive
NtOpenThreadToken
NtClose
RtlFreeUnicodeString
RtlPrefixUnicodeString
RtlInitializeSid
RtlUniform

cryptdll

MD5Final
CDLocateCheckSum
CDGenerateRandomBits
MD5Update
CDLocateCSystem
CDFindCommonCSystemWithKey
MD5Init
CDBuildIntegrityVect

Sections

.text
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8a212e8975eb84f6396ce488d10dc465

Headers

File Characteristics

Imports

secur32

user32

advapi32

msasn1

msvcrt

kernel32

ntdll

cryptdll

Sections

.text Size: 212KB - Virtual size: 212KB

.data Size: 46KB - Virtual size: 1.2MB

.rsrc Size: 34KB - Virtual size: 33KB

.rdata Size: 84KB - Virtual size: 84KB

.text
Size: 212KB - Virtual size: 212KB

.data
Size: 46KB - Virtual size: 1.2MB

.rsrc
Size: 34KB - Virtual size: 33KB

.rdata
Size: 84KB - Virtual size: 84KB