b0c5f31542faf7b0ce0bee92ce1880fa_JaffaCakes118

General

Target

b0c5f31542faf7b0ce0bee92ce1880fa_JaffaCakes118
Size

784KB
MD5

b0c5f31542faf7b0ce0bee92ce1880fa
SHA1

db22531bbb0fc8f6e999f201603a1495ebd24cae
SHA256

2db232d4e357e6fdb27a8e8973d67c8fd7fa7fd483f418ede6f569fc3add66a7
SHA512

c2cc650935219786ba9c13c109531a20f9405f4de6431a2e8585626c79c92e49a1e13569e9244c010ce8ad159dea42a383b422968809ea5d4d6f71cbbf154381
SSDEEP

24576:3tYwcUMf6yId5GEHi2n5hCdp1rLXRpGHv:3S9UMi3vFnDCdXrUv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b0c5f31542faf7b0ce0bee92ce1880fa_JaffaCakes118

Files

b0c5f31542faf7b0ce0bee92ce1880fa_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a5a154a89afa8dbc39256447b39087b2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

secur32

FreeContextBuffer
FreeCredentialsHandle

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__p___winitenv
exit
_XcptFilter
_exit

kernel32

FreeConsole
GetLocaleInfoW
IsValidCodePage
GetProcAddress
GlobalFree
VirtualAlloc
GetCurrentThreadId
GetLastError
LeaveCriticalSection
DeleteCriticalSection
SetEndOfFile
CloseHandle
FindNextFileW
LoadLibraryExW
GetModuleFileNameW
GetStartupInfoW
OutputDebugStringW
DeleteFileW
FindFirstFileW
FormatMessageW

crypt32

CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertNameToStrW
CryptAcquireCertificatePrivateKey
CryptHashCertificate
CertControlStore
CertAddEncodedCertificateToStore
CertFreeCRLContext
CertFreeCertificateContext
CertEnumCertificatesInStore
CryptMsgOpenToDecode
CryptEnumOIDInfo
CryptFindOIDInfo
CryptDecodeObject

wintrust

WTHelperGetProvCertFromChain

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 733KB - Virtual size: 7.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a5a154a89afa8dbc39256447b39087b2

Headers

File Characteristics

Imports

secur32

msvcrt

kernel32

crypt32

wintrust

Sections

.text Size: 37KB - Virtual size: 36KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 733KB - Virtual size: 7.8MB

.rsrc Size: 11KB - Virtual size: 13KB

.text
Size: 37KB - Virtual size: 36KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 733KB - Virtual size: 7.8MB

.rsrc
Size: 11KB - Virtual size: 13KB