9ef183c6352a63830294d584f5431bb8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

9ef183c6352a63830294d584f5431bb8_JaffaCakes118
Size

917KB
MD5

9ef183c6352a63830294d584f5431bb8
SHA1

0ab06e76fe28868181d890f84cc5b8a53c05dd52
SHA256

4c226ab73e85e7bdfe42223f75bb5189bb95d64cd9fff3444df655cbc01ceecc
SHA512

c3b4828f8d67503b8fdd51857d8cf03ae2722273f70eacddc9089c4c9d6a337d49f447c31fb56c8613f5a1d4e1039aea2c1a08af6530d902eb108262664b543c
SSDEEP

12288:AzgAf5K/mk4aKXzgHJAjxDok426SkLCipbwFsMzg8z2A41nb4WDh2NQBPUn9xMuq:SgABXkKgZJnL+XFsMgTUWoqwxMuq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9ef183c6352a63830294d584f5431bb8_JaffaCakes118

Files

9ef183c6352a63830294d584f5431bb8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a9b7ca6af50b2dcc7ef7121e1350db6b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wintrust

CryptCATCatalogInfoFromContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseCatalogContext
CryptCATAdminAcquireContext

oleaut32

RegisterTypeLi
SysFreeString
SafeArrayCreate
SafeArrayRedim
SafeArrayUnaccessData
SafeArrayPutElement
VariantClear
VariantChangeType
VarDateFromStr
VarBstrFromBool
CreateErrorInfo
SysAllocStringLen

user32

SetWindowPos
DeferWindowPos
CharUpperW
SetMenu
DeleteMenu
SetMenuDefaultItem
RedrawWindow
LockWindowUpdate
SetCursorPos
HideCaret
ClientToScreen
CopyRect
IsRectEmpty
CreateWindowExW

kernel32

MultiByteToWideChar
GetStringTypeW
LCMapStringW
IsProcessorFeaturePresent
HeapAlloc
WideCharToMultiByte
RtlUnwind
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
Sleep
HeapFree
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
InterlockedDecrement
SetLastError
InterlockedIncrement
GetProcAddress
GlobalFree
VirtualAlloc
HeapReAlloc
HeapSize
GetCurrentProcess
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentThreadId
GetLastError
GetFileSize
CloseHandle
FileTimeToLocalFileTime
FormatMessageW
TlsFree
GetModuleFileNameW
GetSystemDirectoryW
GetCommandLineW
HeapSetInformation
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
ExitProcess
DecodePointer
WriteFile
GetStdHandle
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 878KB - Virtual size: 7.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a9b7ca6af50b2dcc7ef7121e1350db6b

Headers

File Characteristics

Imports

wintrust

oleaut32

user32

kernel32

Sections

.text Size: 33KB - Virtual size: 32KB

.data Size: 878KB - Virtual size: 7.7MB

.idata Size: 2KB - Virtual size: 2KB

.xdata Size: 3KB - Virtual size: 4KB

.text
Size: 33KB - Virtual size: 32KB

.data
Size: 878KB - Virtual size: 7.7MB

.idata
Size: 2KB - Virtual size: 2KB

.xdata
Size: 3KB - Virtual size: 4KB