a7d7ff3a3b7db26af32202754674735e_JaffaCakes118

General

Target

a7d7ff3a3b7db26af32202754674735e_JaffaCakes118
Size

599KB
MD5

a7d7ff3a3b7db26af32202754674735e
SHA1

d04a609bd0db07c4074660ba8af5c8cccfb92b52
SHA256

650df7dd4ee706f6be3b26da347e454d740afaf89a502ad760cd133ebb0e064f
SHA512

f2c7b57f3a0fdceae030e4de974abd47a7b3c379092cf49eec3f4a5e92fb52c57ac1b1e856339919513d65a6c80751ff2862996277bef1eeacfff7119c6dc64c
SSDEEP

12288:IY0tHX2MoozEXPSL85ZGdVcbxdGnu+QF2O79niSCWPJxXvhFc3wGclt:IY0tHKsEXPMQYcbGnk/7FiSZPJRhRD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7d7ff3a3b7db26af32202754674735e_JaffaCakes118

Files

a7d7ff3a3b7db26af32202754674735e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1a9a789139794ae03faf9198f6959f07

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertControlStore
CertAddStoreToCollection
CertFindCRLInStore
CertSaveStore
CertFindChainInStore
CryptFindOIDInfo
CertFindAttribute
CertGetNameStringA
CertFreeCRLContext
CertNameToStrA
CertDeleteCRLFromStore

kernel32

LoadLibraryA
GetCommandLineA
FindResourceExA
FormatMessageA
GetEnvironmentVariableW
DeleteFileA
SetPriorityClass
OpenFileMappingA
lstrcmp
CreateJobObjectA
GetModuleHandleA
GetFileAttributesA
GetTempFileNameA
WaitForSingleObject
WriteConsoleA
CreateSemaphoreW
FileTimeToSystemTime
lstrcmpiA
DecodePointer
CreateProcessA
CreateDirectoryA
GetProcAddress

shlwapi

UrlCreateFromPathW
UrlUnescapeA
UrlIsNoHistoryW
UrlCanonicalizeW
UrlGetPartA
UrlEscapeA
UrlCombineW
UrlHashW
PathIsRootW
UrlIsA
UrlGetLocationW
UrlCompareW

cmpbk32

PhoneBookLoad
PhoneBookCopyFilter
PhoneBookFreeFilter
PhoneBookEnumCountries

untfs

FormatEx
Format
Chkdsk
Recover
Extend

clusapi

CloseClusterGroup
ClusterControl
CloseClusterNode
CloseCluster

dsprop

ErrMsgParam
CrackName
CheckADsError
FindSheet

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lock
Size: 523KB - Virtual size: 523KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a9a789139794ae03faf9198f6959f07

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

kernel32

shlwapi

cmpbk32

untfs

clusapi

dsprop

Sections

.text Size: 42KB - Virtual size: 41KB

.rdata Size: 29KB - Virtual size: 28KB

.lock Size: 523KB - Virtual size: 523KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 42KB - Virtual size: 41KB

.rdata
Size: 29KB - Virtual size: 28KB

.lock
Size: 523KB - Virtual size: 523KB

.rsrc
Size: 3KB - Virtual size: 3KB