75f0638e40cb937d9a553eb08b57d54c_JaffaCakes118

General

Target

75f0638e40cb937d9a553eb08b57d54c_JaffaCakes118
Size

599KB
MD5

75f0638e40cb937d9a553eb08b57d54c
SHA1

90ee61f64291bc6ae80abed380c21ce335662d72
SHA256

3315a2d5e721d5651480de71849f677a1a8ee2d4c2d7118053f02c71fb580b23
SHA512

4d837e332f1c66d971076a66b29bddf66e7e01c483598973869db0ad058ccdf3d8ee696979fa1f38d6dddf3fee3bc70ee4254a485d336738f63e2ceabb0f135c
SSDEEP

12288:XCHtHX2MoozEXPSL85ZGdVcbxdGnu+QF2O79niSCWPJxXvhFc3wGclt:XCHtHKsEXPMQYcbGnk/7FiSZPJRhRD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
75f0638e40cb937d9a553eb08b57d54c_JaffaCakes118

Files

75f0638e40cb937d9a553eb08b57d54c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f7a9b33b8a99a98d91563c62d9c69262

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertControlStore
CertAddStoreToCollection
CertFindCRLInStore
CertSaveStore
CertFindChainInStore
CryptFindOIDInfo
CertFindAttribute
CertGetNameStringA
CertFreeCRLContext
CertNameToStrA
CertDeleteCRLFromStore

kernel32

LoadLibraryA
GetCommandLineA
FindResourceExA
FormatMessageA
GetEnvironmentVariableA
DeleteFileA
SetPriorityClass
OpenFileMappingA
lstrcmp
CreateJobObjectA
GetModuleHandleA
GetFileAttributesA
GetTempFileNameA
WaitForSingleObject
WriteConsoleA
CreateSemaphoreW
FileTimeToSystemTime
lstrcmpiA
DecodePointer
CreateProcessA
CreateDirectoryA
GetProcAddress

shlwapi

UrlCreateFromPathW
UrlUnescapeA
UrlIsNoHistoryW
UrlCanonicalizeW
UrlGetPartA
UrlEscapeA
UrlCombineW
UrlHashW
PathIsRootW
UrlIsA
UrlGetLocationW
UrlCompareW

cmpbk32

PhoneBookLoad
PhoneBookCopyFilter
PhoneBookFreeFilter
PhoneBookEnumCountries

untfs

FormatEx
Format
Chkdsk
Recover
Extend

clusapi

CloseClusterGroup
ClusterControl
CloseClusterNode
CloseCluster

dsprop

ErrMsgParam
CrackName
CheckADsError
FindSheet

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lock
Size: 523KB - Virtual size: 523KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f7a9b33b8a99a98d91563c62d9c69262

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

kernel32

shlwapi

cmpbk32

untfs

clusapi

dsprop

Sections

.text Size: 42KB - Virtual size: 41KB

.rdata Size: 29KB - Virtual size: 28KB

.lock Size: 523KB - Virtual size: 523KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 42KB - Virtual size: 41KB

.rdata
Size: 29KB - Virtual size: 28KB

.lock
Size: 523KB - Virtual size: 523KB

.rsrc
Size: 3KB - Virtual size: 3KB