45c91b1168720df253ff3149cf5db391_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

45c91b1168720df253ff3149cf5db391_JaffaCakes118
Size

1.1MB
MD5

45c91b1168720df253ff3149cf5db391
SHA1

8468a2c93389b5046916bb1affb6559ff2aef5b1
SHA256

551fce57a542caf6e8908bf7d52d7c23aebb74e6dd844af48600c78cb059473a
SHA512

a5c988c5e8ab0184df253118e2daa2db7967b4d2e25b7caa5806649150f11ac9d2669323ad476c1ff74cac3906c00acc864c69e77f901fb081dff597dabbaf03
SSDEEP

12288:FMafgUDSsG2pAIhpI6KnYDLQ+7bhdWRgGvCe3X6/tvwTNKvKnjdjDITOUP2ZqxfF:FZWwAHypiqe64KvUFDI6Uj7GZWuOO7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
45c91b1168720df253ff3149cf5db391_JaffaCakes118

Files

45c91b1168720df253ff3149cf5db391_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1b7783b4255261e073b7d50a1373fd0a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptEncodeObjectEx
CryptEncodeObject
CryptDecodeObject
CryptEnumOIDInfo
CryptMsgOpenToDecode
CryptMsgUpdate
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertSetCertificateContextProperty
CertGetCertificateContextProperty
CertFreeCRLContext
CertFreeCTLContext
CertAddStoreToCollection
CertControlStore
CertGetEnhancedKeyUsage
CryptHashCertificate
CryptAcquireCertificatePrivateKey
CryptExportPKCS8
CryptQueryObject
CryptProtectData
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CryptStringToBinaryW
CryptBinaryToStringW

winspool.drv

SetJobW
DeletePrinterConnectionW

kernel32

WriteConsoleW
SetFilePointerEx
SetStdHandle
GetProcAddress
GetVersion
GlobalAlloc
GlobalUnlock
VirtualAlloc
HeapSize
GetCurrentProcessId
ExitProcess
GetCurrentThreadId
GetLastError
EnterCriticalSection
WaitForSingleObject
FindClose
SetFileShortNameW
CloseHandle
MulDiv
GetSystemTimeAsFileTime
SystemTimeToFileTime
lstrcmpiW
GetModuleHandleW
GetProcessVersion
GetCommandLineW
GetTempPathW
FindNextFileW
QueryPerformanceCounter
GetConsoleMode
GetConsoleCP
FlushFileBuffers
LCMapStringW
GetStringTypeW
HeapReAlloc
CreateFileW
HeapAlloc
OutputDebugStringW
RtlUnwind
LoadLibraryExW
IsProcessorFeaturePresent
SetLastError
EncodePointer
DecodePointer
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameW
WriteFile
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LeaveCriticalSection
HeapFree
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
IsDebuggerPresent

user32

SetMenuItemInfoW
IsHungAppWindow
ValidateRect

oleaut32

GetErrorInfo
VarNot
VariantChangeTypeEx
VariantCopyInd
VariantCopy
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayGetUBound
SafeArrayCreate
SysFreeString
SysReAllocStringLen
VarBoolFromStr

mpr

WNetGetUniversalNameW
WNetEnumResourceW

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 576KB - Virtual size: 6.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aetlot
Size: 412KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1b7783b4255261e073b7d50a1373fd0a

Headers

File Characteristics

Imports

crypt32

winspool.drv

kernel32

user32

oleaut32

mpr

Sections

.text Size: 102KB - Virtual size: 101KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 576KB - Virtual size: 6.9MB

.aetlot Size: 412KB - Virtual size: 412KB

.text
Size: 102KB - Virtual size: 101KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 576KB - Virtual size: 6.9MB

.aetlot
Size: 412KB - Virtual size: 412KB