01bf1173cda4026469a594d7e542b59d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

01bf1173cda4026469a594d7e542b59d_JaffaCakes118
Size

656KB
MD5

01bf1173cda4026469a594d7e542b59d
SHA1

e6f5bd0d208c16690de67e9fe53934130703d37f
SHA256

8e68f65eb8f0e02cf203c31d8cbb5e5c30bc78e06d77272b4493ca1c97fc048d
SHA512

3c12c14dd5a6a80a549ab0bbfea39a983558438435cd781b4a58b10a66b39c9f5c9f24f8be0dfe73b2fa9df3a4dc3ac7cc06a12a92eb6a36810abfdedf4b9b36
SSDEEP

12288:lzyOeL9gKu011WcLpn04jqH65fc40aRnO8UV7YOzNvn4VAhkj:lzdeLKKx3tp04jqH6B3RnqaA4VHj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01bf1173cda4026469a594d7e542b59d_JaffaCakes118

Files

01bf1173cda4026469a594d7e542b59d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5f0ea84949b78666ed3be5cc8d71d669

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertFindCRLInStore
CertGetNameStringA
CryptEnumOIDInfo
CertDeleteCRLFromStore
CertOpenStore
CertDuplicateCRLContext
CertCreateContext
CertFindChainInStore
CertDuplicateStore
CertCompareCertificate
CertFreeCRLContext
CryptFindOIDInfo
CertFindExtension

ctl3d32

Ctl3dGetVer
Ctl3dRegister
Ctl3dEnabled

advapi32

InitializeSid
LogonUserA
RegReplaceKeyA
RegRestoreKeyA
RegDeleteTreeA
RegEnumKeyA
CryptSignHashA
RegUnLoadKeyA
RegLoadKeyA
RegDeleteValueW
RegSaveKeyA
RegCreateKeyExA

shlwapi

PathIsRootA
UrlCombineA
UrlCompareA
UrlGetLocationA
UrlIsNoHistoryW
UrlCanonicalizeA
UrlIsOpaqueW
PathCombineA
PathCommonPrefixA
PathIsURLA

kernel32

GetLogicalDriveStringsA
WaitForSingleObject
FindFirstFileW
GetLongPathNameA
SearchPathW
OpenWaitableTimerW
GetCommandLineA
GetTickCount
GetTempPathW
GetStartupInfoW
GetConsoleAliasW
CreateJobObjectW
GetDateFormatA
GetFileAttributesW
GetVersion
GetModuleHandleA
lstrcmpiA
DeleteFileW
LoadLibraryExW
GetCurrentProcess
MoveFileA
WaitNamedPipeA
InterlockedExchange
GetProfileSectionA
GetProcAddress
ReadConsoleA
GetACP
CreateMailslotA

authz

AuthzFreeAuditEvent
AuthzInitializeContextFromSid
AuthzFreeContext
AuthzAddSidsToContext
AuthzFreeResourceManager

user32

GetPropW
DispatchMessageW
PeekMessageA
CreateDesktopW
IsDialogMessageA
PostMessageA
LoadCursorA
DialogBoxParamA
GetMessageA
InsertMenuW
CharToOemA
GetDlgItemTextW
GetClassLongA
LoadMenuA
IsCharUpperA
wsprintfA

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 566KB - Virtual size: 566KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5f0ea84949b78666ed3be5cc8d71d669

Headers

File Characteristics

Imports

crypt32

ctl3d32

advapi32

shlwapi

kernel32

authz

user32

Sections

.text Size: 46KB - Virtual size: 45KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 35KB - Virtual size: 35KB

.rsrc Size: 566KB - Virtual size: 566KB

.text
Size: 46KB - Virtual size: 45KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 35KB - Virtual size: 35KB

.rsrc
Size: 566KB - Virtual size: 566KB