2e811b4ca4fc03adffb0434a539ad214_JaffaCakes118

General

Target

2e811b4ca4fc03adffb0434a539ad214_JaffaCakes118
Size

3.3MB
MD5

2e811b4ca4fc03adffb0434a539ad214
SHA1

10080b442ea50d7faa5ebd2b646b37943a172b85
SHA256

e97751f87b0e6b9d8c3163b062ce77551bdb813b99f50a2f73b84835c9f4f6e8
SHA512

26626d0585b7f82eaa26829f5f145dd6a772740cb8630e567663727b948b8478c8632c678d6f091d653b12d08b5991696575f3f63eab4edec123463dba3ca82e
SSDEEP

24576:bLzkmejBgfGzityibebpp4OCdI4YwSh3J0r6Ryd8cldr7rj7G3SwLN:StqFX3LWUdVXwR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e811b4ca4fc03adffb0434a539ad214_JaffaCakes118

Files

2e811b4ca4fc03adffb0434a539ad214_JaffaCakes118
.exe windows:5 windows x86 arch:x86

54e242eccb210eb89c189d3ee97b6ec3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wintrust

CryptCATAdminEnumCatalogFromHash
WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData
CryptCATAdminAcquireContext
CryptCATCatalogInfoFromContext
CryptCATAdminCalcHashFromFileHandle
WTHelperGetProvSignerFromChain
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext

kernel32

EncodePointer
HeapReAlloc
HeapAlloc
LCMapStringW
HeapSize
RtlUnwind
Sleep
HeapFree
IsValidCodePage
GetOEMCP
GetVersion
VirtualAlloc
GetEnvironmentStringsW
CloseHandle
CreateProcessW
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
GetACP
GetCPInfo
GetCurrentProcess
TerminateProcess
GetCommandLineA
HeapSetInformation
GetStartupInfoW
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
UnhandledExceptionFilter
IsDebuggerPresent

ole32

CLSIDFromString
CoTaskMemAlloc
CoGetMalloc

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

54e242eccb210eb89c189d3ee97b6ec3

Headers

File Characteristics

Imports

wintrust

kernel32

ole32

Sections

.text Size: 52KB - Virtual size: 52KB

.rdata Size: 3.2MB - Virtual size: 3.2MB

.data Size: 3KB - Virtual size: 6.9MB

.rsrc Size: 25KB - Virtual size: 25KB

.text
Size: 52KB - Virtual size: 52KB

.rdata
Size: 3.2MB - Virtual size: 3.2MB

.data
Size: 3KB - Virtual size: 6.9MB

.rsrc
Size: 25KB - Virtual size: 25KB