fdbfd3f492b3c92c6f4bb83d3f42ea05_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fdbfd3f492b3c92c6f4bb83d3f42ea05_JaffaCakes118
Size

83KB
MD5

fdbfd3f492b3c92c6f4bb83d3f42ea05
SHA1

7f92afbb15554d614211171cce53e2684c9f6232
SHA256

e616b6471071d62a17824d22884a39bb9c856b528c82473a6d2ddb5cd20ed5e2
SHA512

f8b879a5bb1496e10d5e5d2e5113dd2529b90343e19687ea758326b8f422b597382c3b843258dfe4513a7c7738a128fc7b4967b1451547543b3d8e2acedab72a
SSDEEP

1536:+0lwU/Zjf4JXcdUyeKHLk5DYbV1rJyss0P/Szno1XQDK8qXDSH1GrElgTntv/:+AfUMjeEGYbV1ro8mmADK8qzG4nd/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fdbfd3f492b3c92c6f4bb83d3f42ea05_JaffaCakes118

Files

fdbfd3f492b3c92c6f4bb83d3f42ea05_JaffaCakes118
.exe windows:5 windows x86 arch:x86

52fa5b64d77847a2f3045b546a37b0d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlNumberGenericTableElementsAvl
RtlAreAllAccessesGranted
iswspace
RtlAcquirePebLock
NtRequestWaitReplyPort
NtDuplicateObject
NtQueryBootEntryOrder
vDbgPrintExWithPrefix
strcmp
ZwEnumerateValueKey
_atoi64
RtlpEnsureBufferSize
NtAddBootEntry
swprintf
ZwSaveKeyEx
NtAllocateVirtualMemory

cryptui

EnrollmentCOMObjectFactory_getInstance
CryptUIDlgViewCRLW
CryptUIWizImport
CryptUIDlgViewCertificatePropertiesA
CryptUIGetViewSignaturesPagesA
DllRegisterServer
CryptUIDlgCertMgr
CryptUIWizCertRequest
CryptUIDlgViewSignerInfoA
I_CryptUIProtectFailure
CryptUIFreeViewSignaturesPagesA
CryptUIDlgSelectStoreW
I_CryptUIProtect

kernel32

FindActCtxSectionStringW
LoadLibraryA
GetCompressedFileSizeA
GetConsoleNlsMode
ReadConsoleOutputW
QueryActCtxW
SetConsoleFont
EnumSystemCodePagesA
RequestDeviceWakeup
VirtualAlloc
MulDiv
GetSystemWindowsDirectoryA
SetUnhandledExceptionFilter
SetUserGeoID
ReadFile
GetCommandLineW
QueueUserWorkItem
GetConsoleAliasExesW
GetExpandedNameW
GetLongPathNameA

user32

DestroyCaret
WinHelpW
ShowStartGlass
DrawMenuBar
LoadRemoteFonts
LoadCursorA
PeekMessageA
CallNextHookEx
SendIMEMessageExW
OpenInputDesktop
GetDlgItemTextW
ChildWindowFromPoint
UnregisterHotKey
DrawStateA
RecordShutdownReason
CreateCursor
UnionRect
EnumPropsW

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

52fa5b64d77847a2f3045b546a37b0d6

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

cryptui

kernel32

user32

Sections

.text Size: 38KB - Virtual size: 38KB

.data Size: 24KB - Virtual size: 32KB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 288B

.text
Size: 38KB - Virtual size: 38KB

.data
Size: 24KB - Virtual size: 32KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 288B