f6d5f67b98bd2f06c74179aa154ef497_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f6d5f67b98bd2f06c74179aa154ef497_JaffaCakes118
Size

329KB
MD5

f6d5f67b98bd2f06c74179aa154ef497
SHA1

7a64c2c211222d01beb05f64300f132db6bcdb90
SHA256

c96bad31604f9a6546217dd3baecd1f080c93146eada191e9905c43cccbe5bf8
SHA512

d4059ea8ea40fce0156b79e0ca1c5dad7d797da2a971b4fefa0526a226ffcf88b4f2b6ae4a5d1eca3e503033c716b32e2345d9d1baae70399e18ef7964960cc5
SSDEEP

6144:sTGtzuOG8MdtLfHUj9xyqNRA6KbTKbR/hRA2A1ltvKiGH3kp:sTGV9+s9xpPbRpSRHUik3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6d5f67b98bd2f06c74179aa154ef497_JaffaCakes118

Files

f6d5f67b98bd2f06c74179aa154ef497_JaffaCakes118
.exe windows:5 windows x86 arch:x86

733e1b326da9d9dcf66feea2f08c79c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wcscpy
wcscat
malloc
free
??2@YAPAXI@Z
wcslen
wcscmp
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
??3@YAXPAX@Z
_wcsupr
wcsstr
wcschr
wcstoul
_wcsicmp
memmove
_purecall
_except_handler3
__RTDynamicCast
mbstowcs
vswprintf
wcsrchr

atl

ord16
ord15
ord22
ord32
ord21
ord18

certcli

CAFindByName
CAFreeCertTypeProperty
CAGetCertTypeProperty
CAFindCertTypeByName
CACloseCertType
ord207
CAUpdateCA
CAGetCertTypeFlags
CAEnumNextCertType
CACreateCertType
CACertTypeGetSecurity
CAGetCertTypeKeySpec
CASetCertTypeExtension
CASetCertTypeProperty
CASetCertTypeKeySpec
CACertTypeSetSecurity
CASetCertTypeFlags
CAUpdateCertType
CARemoveCACertificateType
CAAddCACertificateType
CAEnumCertTypesForCA
CAGetCAProperty
CAFreeCAProperty
CAGetCertTypeExtensions
CAFreeCertTypeExtensions
CACloseCA
CAEnumCertTypes
CAGetCertTypePropertyEx

advapi32

RegDeleteValueW
RegEnumKeyExW
RegDeleteKeyW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW

ole32

CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
ReleaseStgMedium
GetHGlobalFromStream
CreateStreamOnHGlobal
StringFromGUID2
CoCreateInstanceEx
CoSetProxyBlanket

shell32

ShellExecuteExW
ShellExecuteW

kernel32

IsBadReadPtr
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
WriteFile
GetModuleHandleA
GetLastError
GetModuleHandleW
GetProcAddress
GlobalFree
GlobalAlloc
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
LocalFree
LoadLibraryW
SetLastError
GetModuleFileNameW
GetSystemWindowsDirectoryW
OutputDebugStringA
LoadLibraryA
OutputDebugStringW
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThreadId
lstrlenW
CloseHandle
GetCurrentProcess
LocalAlloc
GlobalUnlock
GlobalLock
lstrcmpiW
LocalReAlloc
GetComputerNameW
DisableThreadLibraryCalls
FormatMessageW
GetDateFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrcpyW
CreateFileW

user32

LoadImageW
MessageBoxW
DialogBoxParamW
RegisterClipboardFormatW
LoadStringW
LoadIconW
LoadBitmapW
SetCursor
LoadCursorW
EnableWindow
GetDlgItem
PostMessageW
GetParent
SendMessageW
WinHelpW
SetWindowTextW
wsprintfW
SetWindowLongW
GetWindowLongW
EndDialog
SetFocus
SetDlgItemTextW
SendDlgItemMessageW
GetDlgItemTextA
ReleaseDC
GetDC
SystemParametersInfoW
InsertMenuItemW

crypt32

CertGetEnhancedKeyUsage
CertGetCertificateContextProperty
CertDeleteCertificateFromStore
CertGetNameStringW
CertFreeCertificateContext
CertDuplicateCertificateContext
CertSaveStore
CryptQueryObject
CertAddCertificateContextToStore
CertEnumSystemStore
CertDuplicateStore
CryptFindOIDInfo
CryptDecodeObject
CryptEncodeObject
CryptEnumOIDInfo
CertOpenStore
CertCloseStore
CertControlStore
CertFindCRLInStore
CertEnumCertificatesInStore
CertFreeCRLContext

gdi32

CreateFontIndirectW
DeleteObject
GetDeviceCaps

rpcrt4

UuidToStringW
RpcStringFreeW
UuidCreate

cryptui

CryptUIWizExport
CryptUIDlgSelectCertificateW
CryptUIDlgViewCRLW
CryptUIDlgViewCertificateW

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 274B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

733e1b326da9d9dcf66feea2f08c79c1

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

atl

certcli

advapi32

ole32

shell32

kernel32

user32

crypt32

gdi32

rpcrt4

cryptui

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 77KB - Virtual size: 77KB

.data Size: 72KB - Virtual size: 72KB

.xdata Size: 72KB - Virtual size: 72KB

.tls Size: 72KB - Virtual size: 72KB

.pdata Size: 512B - Virtual size: 274B

.CRT Size: 512B - Virtual size: 12B

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 1024B - Virtual size: 304KB

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 77KB - Virtual size: 77KB

.data
Size: 72KB - Virtual size: 72KB

.xdata
Size: 72KB - Virtual size: 72KB

.tls
Size: 72KB - Virtual size: 72KB

.pdata
Size: 512B - Virtual size: 274B

.CRT
Size: 512B - Virtual size: 12B

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 1024B - Virtual size: 304KB