3d5560e2b0f037a30fdc6cd4c6be8248_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3d5560e2b0f037a30fdc6cd4c6be8248_JaffaCakes118
Size

2.8MB
MD5

3d5560e2b0f037a30fdc6cd4c6be8248
SHA1

c6e65a3e426ec5620c670bca9bdc042544176f50
SHA256

4ecd1802622f8545da37c167518ba2431a87b626e0a2defae430b904816a51b3
SHA512

7c7c076ab5f6486f9fad1b184f1f1805b24c12be177152e1609e3e3b8bf10223b4039ec3fe9098a2db93cac27a10593fb387ad8467c793248dd7961d15b3b123
SSDEEP

24576:2AwOUYX8lS36TMWGRXz9xSj1w8MrhcilX3REB1cj:2SSS3a5GtzS2L8a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d5560e2b0f037a30fdc6cd4c6be8248_JaffaCakes118

Files

3d5560e2b0f037a30fdc6cd4c6be8248_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f29c750c8da79cf11c42bf524a43bb96

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

FillRect
DeferWindowPos
EndDialog
GetNextDlgTabItem
GetDlgCtrlID
EnumDisplayMonitors
DrawIconEx
CopyImage
CreateIcon
LoadIconW
LoadCursorW
IsRectEmpty
UnionRect
DestroyWindow
GetSysColorBrush
GetSysColor
GetClipCursor
RemovePropW
GetDCEx
SetActiveWindow
GetSubMenu
SetCapture

wintrust

WTHelperGetProvCertFromChain
CryptCATAdminAcquireContext
CryptCATAdminEnumCatalogFromHash
WinVerifyTrust

ntdsapi

DsUnBindW

advapi32

RegCreateKeyExW

comdlg32

GetSaveFileNameW
GetFileTitleW
ChooseColorW
PageSetupDlgW

kernel32

LCMapStringW
HeapSize
HeapReAlloc
HeapAlloc
FlushFileBuffers
RtlUnwind
LoadLibraryExW
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetOEMCP
IsValidCodePage
IsDebuggerPresent
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
GetStringTypeW
CreateFileW
LocalAlloc
VirtualAlloc
VirtualFree
ResetWriteWatch
HeapFree
GetProcessHeaps
GetEnvironmentStringsW
CreateIoCompletionPort
ReleaseSemaphore
GetFileSize
CloseHandle
GetSystemTimeAsFileTime
GetSystemInfo
FormatMessageW
lstrcmpiW
TlsFree
LoadLibraryW
GetModuleHandleW
OutputDebugStringW
GetTempPathW
GetFileAttributesW
DeleteFileW
FindNextFileW
MultiByteToWideChar
GetThreadLocale
IsProcessorFeaturePresent
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
GetCommandLineW
RaiseException
EncodePointer
GetLastError
SetLastError
GetCurrentThreadId
DecodePointer
ExitProcess
GetModuleHandleExW
GetProcAddress
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameW
WriteFile
QueryPerformanceCounter
GetCurrentProcessId
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetACP

shell32

SHGetPathFromIDListW
SHChangeNotify
DragAcceptFiles
DragFinish
SHBindToParent
SHFileOperationW
SHBrowseForFolderW

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 733KB - Virtual size: 7.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e8tud
Size: 785KB - Virtual size: 785KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.d72o7
Size: 307KB - Virtual size: 306KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mwpl8r
Size: 587KB - Virtual size: 586KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 363KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f29c750c8da79cf11c42bf524a43bb96

Headers

File Characteristics

Imports

user32

wintrust

ntdsapi

advapi32

comdlg32

kernel32

shell32

Sections

.text Size: 89KB - Virtual size: 89KB

.data Size: 733KB - Virtual size: 7.4MB

.idata Size: 3KB - Virtual size: 3KB

.xdata Size: 1024B - Virtual size: 724B

.e8tud Size: 785KB - Virtual size: 785KB

.d72o7 Size: 307KB - Virtual size: 306KB

.mwpl8r Size: 587KB - Virtual size: 586KB

.rsrc Size: 363KB - Virtual size: 362KB

.text
Size: 89KB - Virtual size: 89KB

.data
Size: 733KB - Virtual size: 7.4MB

.idata
Size: 3KB - Virtual size: 3KB

.xdata
Size: 1024B - Virtual size: 724B

.e8tud
Size: 785KB - Virtual size: 785KB

.d72o7
Size: 307KB - Virtual size: 306KB

.mwpl8r
Size: 587KB - Virtual size: 586KB

.rsrc
Size: 363KB - Virtual size: 362KB