0c0fc0c48a65fa69231f79f10fbf36bf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0c0fc0c48a65fa69231f79f10fbf36bf_JaffaCakes118
Size

290KB
MD5

0c0fc0c48a65fa69231f79f10fbf36bf
SHA1

acd5f274205a89a80959db3053243e2443bb3f88
SHA256

14cf14a8a51fe54a094fb848cd185dfdf222e13fab37d8a35fc964c8b50f94f2
SHA512

8cf95330a84846af9f26549f93508b076faef1f0e44b2633151bdadedc105bd9919e7176ec489d578e064245fa7029ac1075cb6679b2e665264fe2e7888e7524
SSDEEP

6144:tgJWT1yr0PNjJVkzNpMuwFqyLpWlPqozaq7T2JaVNJgUJD:td1/PNw3MuLqpUPxagNJg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c0fc0c48a65fa69231f79f10fbf36bf_JaffaCakes118

Files

0c0fc0c48a65fa69231f79f10fbf36bf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dc1541434bf7386ca26d86664d31ce06

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

FileTimeToDosDateTime
GetFileAttributesExA
WriteFile
FileTimeToSystemTime
WriteFileEx
ReadFileScatter
VirtualFree
GetModuleHandleA
GetStringTypeA
DisconnectNamedPipe
GetEnvironmentVariableA
ReadFileEx
CallNamedPipeA
InterlockedExchange
GetSystemTimes
InterlockedPushEntrySList
GetProcessHeap
SetFilePointerEx
GetFileTime
SetEnvironmentVariableA
GetLocalTime
GetEnvironmentStringsA
CloseHandle
TransactNamedPipe
lstrcmpA
InterlockedFlushSList
lstrcatA
SystemTimeToFileTime
ConnectNamedPipe
lstrcpyA
GetFirmwareEnvironmentVariableA
InterlockedIncrement
GetSystemTimeAdjustment
HeapAlloc
GetNamedPipeHandleStateA
IsBadStringPtrA
FileTimeToLocalFileTime
lstrlenA
InterlockedPopEntrySList
GetProcessHeaps
ReadFile
CreateFileA
lstrcpynA
GetNamedPipeInfo
GetSystemTimeAsFileTime
WaitNamedPipeA
GetStringTypeExA
PeekNamedPipe
HeapSize
SetNamedPipeHandleState
InterlockedCompareExchange
SetFilePointer
DeleteFileA
ExpandEnvironmentStringsA
FreeEnvironmentStringsA
DosDateTimeToFileTime
GetFileAttributesA
CompareStringA
lstrcmpiA
InterlockedDecrement
WriteFileGather
InterlockedExchangeAdd
GetSystemTime
SetFirmwareEnvironmentVariableA
VirtualAlloc

cryptui

RetrievePKCS7FromCA
CryptUIWizDigitalSign
I_CryptUIProtectFailure
CryptUIDlgSelectCertificateA
CryptUIWizFreeCertRequestNoDS
CryptUIWizCreateCertRequestNoDS
CryptUIGetViewSignaturesPagesA
CryptUIDlgViewSignerInfoA
CryptUIDlgSelectCertificateFromStore
CryptUIDlgViewCertificatePropertiesA
CryptUIWizImport
CryptUIDlgCertMgr
CryptUIDlgViewCRLA
CryptUIWizSubmitCertRequestNoDS
CryptUIWizCertRequest
DllRegisterServer
CryptUIWizBuildCTL
CryptUIDlgFreeCAContext
I_CryptUIProtect
CryptUIWizFreeDigitalSignContext
EnrollmentCOMObjectFactory_getInstance
CryptUIWizExport
DllUnregisterServer
CryptUIGetCertificatePropertiesPagesA
CryptUIDlgViewCertificateA
CryptUIDlgViewContext
CryptUIDlgSelectCA
CryptUIDlgViewCTLA
CryptUIDlgSelectStoreA
WizardFree
CryptUIStartCertMgr
LocalEnrollNoDS
LocalEnroll
CryptUIFreeCertificatePropertiesPagesA
CryptUIFreeViewSignaturesPagesA
CryptUIWizQueryCertRequestNoDS
ACUIProviderInvokeUI

user32

RegisterClassExA
DispatchMessageA
TrackPopupMenuEx
MessageBoxA
SystemParametersInfoA
IsDialogMessageA
DestroyMenu
SetDlgItemTextA
LoadAcceleratorsA
GetClipboardData
WinHelpA
LoadMenuA
CreateDialogParamA
MessageBeep
CallWindowProcA
GetWindowLongA
CheckMenuRadioItem
GetWindowTextA
GetProcessDefaultLayout
EnableWindow
EndDialog
GetDesktopWindow
SetMenu
CloseClipboard
CheckMenuItem
SetFocus
SetWindowLongA
SetWindowTextA
UpdateWindow
SetDlgItemInt
DialogBoxParamA
CharNextA
IsChild
HideCaret
SendMessageA
MapWindowPoints
SetProcessDefaultLayout
PostQuitMessage
GetMenu
CheckRadioButton
DestroyWindow
ShowWindow
SetCursor
EndPaint
DrawTextA
TranslateMessage
CheckDlgButton
EnableMenuItem
GetSubMenu
OpenClipboard
GetSysColor
GetDlgCtrlID
BeginPaint
SetWindowPos
IsClipboardFormatAvailable
ChildWindowFromPoint
OffsetRect
TranslateAcceleratorA
InvalidateRect
LoadCursorA
GetWindowRect
GetSysColorBrush
GetMessageA
CreateWindowExA
GetClientRect
ScreenToClient
DefWindowProcA
GetDlgItem
LoadStringA
LoadIconA

advpack

LaunchINFSectionEx
NeedReboot
UserUnInstStubWrapper
AddDelBackupEntry
FileSaveRestoreOnINF
RegInstall
DoInfInstall
AdvInstallFile
ExtractFiles
RebootCheckOnInstall
GetVersionFromFileEx
FileSaveMarkNotExist
NeedRebootInit
DelNode
CloseINFEngine
SetPerUserSecValues
FileSaveRestore
OpenINFEngine
DelNodeRunDLL32
LaunchINFSection
RunSetupCommand
RegisterOCX
RegSaveRestore
RegRestoreAll
IsNTAdmin
GetVersionFromFile
TranslateInfStringEx
TranslateInfString
UserInstStubWrapper
RegSaveRestoreOnINF
ExecuteCab

Sections

.text
Size: 278KB - Virtual size: 278KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 752KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc1541434bf7386ca26d86664d31ce06

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

cryptui

user32

advpack

Sections

.text Size: 278KB - Virtual size: 278KB

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 3KB - Virtual size: 752KB

.text
Size: 278KB - Virtual size: 278KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 3KB - Virtual size: 752KB