40ebefdec6870263827ce6425702e785_JaffaCakes118

General

Target

40ebefdec6870263827ce6425702e785_JaffaCakes118
Size

654KB
MD5

40ebefdec6870263827ce6425702e785
SHA1

6eeb5a2e81f54e1eec1eb7af2ed621504011065b
SHA256

0d0ec7cc3b6c9ca1251cfb8672cd4e9c68080f7f0a67ad17357f62a9fd4aea5d
SHA512

62e1f05949536d7ac5ae878c5eff25dda11cb44073c27d93a203b39fd029664b17966c60a047bf7a3345ab0bee99548b589fef20e8257c8351c18fbd6459c54d
SSDEEP

12288:/jmKnV9Lv7w9/X/cqujXisFagbSn7Iu+Oyj6IS4fGY9+HcmH:/xnfS/XfuDisAgbeUup4OY9+F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
40ebefdec6870263827ce6425702e785_JaffaCakes118

Files

40ebefdec6870263827ce6425702e785_JaffaCakes118
.exe windows:5 windows x86 arch:x86

11655b86788e0a31e09187487014ca31

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetDlgItemTextW
CreateDesktopW
LoadBitmapW
GetClassLongA
GetMessageA
LoadStringW
wsprintfA
PeekMessageA
PostMessageA
InsertMenuW
DrawStateA
LoadCursorA
DialogBoxParamA
GetPropA
LoadMenuA
CharToOemA

crypt32

CryptFindOIDInfo
CertOpenStore
CryptProtectData
CertFindCTLInStore
CryptHashMessage
CertGetNameStringA
CryptMsgUpdate
CertCreateCRLContext
CryptSignMessage
CertFindExtension
CertDuplicateCTLContext
CertFreeCTLContext
CertDuplicateStore
CryptMemRealloc
CryptDecodeMessage

kernel32

LoadLibraryExW
GetProfileSectionW
GetConsoleAliasA
MoveFileExA
GetTempPathA
OpenEventW
MapViewOfFile
Heap32First
OpenWaitableTimerW
CreateFileMappingA
GetModuleHandleA
WaitForSingleObject
GetOEMCP
GetProcAddress
InterlockedExchange

certcli

CACloseCA
CAEnumNextCA
CACloseCertType
CADeleteCA
CAEnumFirstCA

shlwapi

PathIsURLA
PathAppendA
UrlGetLocationA
UrlCompareA
UrlHashA
PathIsRootA
UrlGetPartA
UrlCanonicalizeW
UrlIsNoHistoryA
PathCommonPrefixW
UrlCombineA
PathCombineW

advapi32

InitializeSid
RegLoadKeyA
LogonUserA
OpenEventLogA
RegEnumKeyA
RegCreateKeyExA
RegDeleteValueA
RegRestoreKeyA
CryptSignHashA
RegReplaceKeyA
ClearEventLogA

mprapi

MprAdminBufferFree
MprInfoBlockAdd
MprAdminConnectionEnum
MprInfoBlockFind

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 554KB - Virtual size: 554KB

IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

11655b86788e0a31e09187487014ca31

Headers

File Characteristics

Imports

user32

crypt32

kernel32

certcli

shlwapi

advapi32

mprapi

Sections

.text Size: 58KB - Virtual size: 58KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 34KB - Virtual size: 34KB

.rsrc Size: 554KB - Virtual size: 554KB

.text
Size: 58KB - Virtual size: 58KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 34KB - Virtual size: 34KB

.rsrc
Size: 554KB - Virtual size: 554KB