f5e4a9a3cb833db507320fda91881095_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f5e4a9a3cb833db507320fda91881095_JaffaCakes118
Size

840KB
MD5

f5e4a9a3cb833db507320fda91881095
SHA1

fdb553ff54e92192590af34556f8de1499cd257f
SHA256

07c99d2d7f6f34bc7e91158a1cebe6bfbf6ccaaf760787ee71c68b5605551afa
SHA512

1e48b3e5fe6dea01b149d33b52090eff215be2d21951483f0054ee35594fd6e15da1b72ad11fc6a6e42888d35c9902dd67604fee0d2794d2ce813c0de8160e03
SSDEEP

12288:u4pMgqm7q75stucuRp6CRMkxPa5tEHSIHjxrbsubTHxSverkYdFMqOkZw74dKAfN:7plB76pFitZIHdbTRmRYdre74EAZbfK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f5e4a9a3cb833db507320fda91881095_JaffaCakes118

Files

f5e4a9a3cb833db507320fda91881095_JaffaCakes118
.exe windows:5 windows x86 arch:x86

53986cd01fd62b066017666df49d9526

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
IsBadCodePtr
SetComputerNameA
IsBadStringPtrA
GetModuleHandleW
DebugBreakProcess
SetConsoleKeyShortcuts
SetUnhandledExceptionFilter
EnumResourceLanguagesW
CreateEventW
QueryDosDeviceA
LoadLibraryA
GetVolumeNameForVolumeMountPointW
CancelIo
MoveFileExW
MapViewOfFileEx
EnumUILanguagesA
ShowConsoleCursor
GetConsoleAliasExesW
EnumSystemLocalesA
LockFileEx
OutputDebugStringA
ActivateActCtx
ReadFileScatter
FillConsoleOutputAttribute
GetCurrentThreadId
MoveFileWithProgressW
CreateFileW

ole32

StgOpenPropStg
CoWaitForMultipleHandles
OleCreateLinkToFile
OleCreateLinkToFileEx
CoRegisterClassObject
HACCEL_UserUnmarshal
ProgIDFromCLSID
HMETAFILEPICT_UserFree
CoCreateFreeThreadedMarshaler
CreateOleAdviseHolder
IsValidIid
HBRUSH_UserMarshal
CreateStdProgressIndicator
CLIPFORMAT_UserUnmarshal
HDC_UserSize
HMETAFILEPICT_UserMarshal
CreateFileMoniker
HBITMAP_UserSize
GetHGlobalFromILockBytes
OleIsRunning
StringFromIID
OleCreateStaticFromData
CLIPFORMAT_UserMarshal

credui

CredUICmdLinePromptForCredentialsW
CredUIInitControls
CredUIConfirmCredentialsW
CredUIReadSSOCredA
CredUIReadSSOCredW
CredUIPromptForCredentialsA
CredUIParseUserNameW
CredUICmdLinePromptForCredentialsA
CredUIParseUserNameA
CredUIPromptForCredentialsW
CredUIStoreSSOCredW
CredUIStoreSSOCredA
CredUIConfirmCredentialsA

certcli

CAIsCertTypeCurrent
CAOIDCreateNew
CACertTypeQuery
CACreateAutoEnrollmentObjectEx
CACloseCA
CAFreeCertTypeExtensions
CACloneCertType
CASetCASecurity
CAOIDGetProperty
CAGetCertTypeFlags
CAAddCACertificateType
GetProxyDllInfo
CAUpdateCertType
CAGetCertTypeKeySpec
DllInstall
CAEnumNextCA
CAAccessCheck
CASetCertTypeExpiration
CAInstallDefaultCertType
CAAccessCheckEx
CAGetCAProperty

user32

VkKeyScanA
DestroyIcon
GetAltTabInfoA
ShowWindow
ChangeMenuW
OpenClipboard
GetWindowModuleFileName
CharNextA
IsWindow
SetDlgItemTextW
BroadcastSystemMessageExA
SetWindowsHookA
DdeGetData
SetCaretBlinkTime
PostThreadMessageA
mouse_event
IsCharUpperW
ShowCursor
RegisterClipboardFormatW
SoftModalMessageBox
VkKeyScanW
CreateDialogParamW

advapi32

UnregisterIdleTask
QueryServiceConfigW
LookupPrivilegeValueA
CreatePrivateObjectSecurityWithMultipleInheritance
DeregisterEventSource
DeleteService
ConvertSecurityDescriptorToStringSecurityDescriptorW
TraceMessage
CloseEventLog
LookupPrivilegeDisplayNameW
ObjectOpenAuditAlarmW
ConvertSecurityDescriptorToAccessNamedA
ClearEventLogW
SaferRecordEventLogEntry
IsTokenRestricted
SetUserFileEncryptionKey
CryptEnumProvidersW
LsaSetQuotasForAccount
GetMultipleTrusteeA
GetLengthSid
CryptSetProviderA
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegOpenUserClassesRoot
GetInheritanceSourceA

Sections

.text
Size: 485KB - Virtual size: 484KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 347KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53986cd01fd62b066017666df49d9526

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

credui

certcli

user32

advapi32

Sections

.text Size: 485KB - Virtual size: 484KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 347KB - Virtual size: 1.8MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 256B

.text
Size: 485KB - Virtual size: 484KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 347KB - Virtual size: 1.8MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 256B