2d2179e52dd862f18420a77834f3f2c9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2d2179e52dd862f18420a77834f3f2c9_JaffaCakes118
Size

1.2MB
MD5

2d2179e52dd862f18420a77834f3f2c9
SHA1

c343b8531f8296a3ba18bd263860b8c07b7dd41c
SHA256

46040e7cf96a80588e09be52dcc028223106bf58f70406d1ec2c32c2b57c70c0
SHA512

cc484a2685974d1f37675eabf0abe74b53c43158ed94dba5961c8ca44766d8eb8182bc86163fb8ce47b81d594a8fe080fa99356cf1c29d06f251d9d8d0388465
SSDEEP

24576:dsTLqhNNOY/8iAv9qe7bKIqvZDzPs7bASoexR:q2e6IqvZf63oER

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d2179e52dd862f18420a77834f3f2c9_JaffaCakes118

Files

2d2179e52dd862f18420a77834f3f2c9_JaffaCakes118
.exe windows:3 windows x86 arch:x86

57dd74d76ef31ac9ff1c50e800dc0a86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advpack

RegRestoreAll
TranslateInfString
RebootCheckOnInstall
RegSaveRestoreOnINF
TranslateInfStringEx
DelNodeRunDLL32
OpenINFEngine
GetVersionFromFile
GetVersionFromFileEx
CloseINFEngine
AddDelBackupEntry
UserInstStubWrapper
LaunchINFSectionEx
RegInstall
NeedRebootInit
RegSaveRestore
IsNTAdmin
DoInfInstall
FileSaveRestore
SetPerUserSecValues
ExecuteCab
FileSaveRestoreOnINF
DelNode
ExtractFiles
UserUnInstStubWrapper
AdvInstallFile
FileSaveMarkNotExist

cryptui

CryptUIDlgSelectCertificateFromStore
CryptUIDlgViewCertificateA
CryptUIWizQueryCertRequestNoDS
CryptUIDlgSelectCertificateA
CryptUIWizExport
CryptUIDlgViewCRLA
CryptUIWizDigitalSign
WizardFree
CryptUIStartCertMgr
CryptUIDlgFreeCAContext
CryptUIDlgCertMgr
LocalEnroll
CryptUIGetCertificatePropertiesPagesA
EnrollmentCOMObjectFactory_getInstance
CryptUIDlgViewSignerInfoA
CryptUIDlgViewCertificatePropertiesA
CryptUIFreeViewSignaturesPagesA
CryptUIWizBuildCTL
DllRegisterServer
CryptUIDlgSelectCA
CryptUIDlgViewCTLA
CryptUIWizCreateCertRequestNoDS
CryptUIWizFreeCertRequestNoDS
CryptUIWizFreeDigitalSignContext
I_CryptUIProtect
CryptUIFreeCertificatePropertiesPagesA
CryptUIWizImport
CryptUIGetViewSignaturesPagesA
CryptUIWizCertRequest
CryptUIWizSubmitCertRequestNoDS

user32

GetMenu
CheckMenuRadioItem
CreateWindowExA
EnableMenuItem
SendMessageA
SetCursor
GetDlgItem
IsDialogMessageA
TranslateMessage
SetMenu
GetDlgCtrlID
EndPaint
TrackPopupMenuEx
BeginPaint
LoadAcceleratorsA
MapWindowPoints
GetWindowRect
OffsetRect
GetSubMenu
ChildWindowFromPoint
GetSysColorBrush
ShowWindow
DefWindowProcA
OpenClipboard
SetProcessDefaultLayout
GetProcessDefaultLayout
DialogBoxParamA
GetSysColor
LoadCursorA
GetWindowTextA
PostQuitMessage
SetDlgItemTextA
CloseClipboard
InvalidateRect
IsChild
EnableWindow
SetDlgItemInt
GetClientRect
SystemParametersInfoA
TranslateAcceleratorA
RegisterClassExA
SetWindowTextA
HideCaret
LoadMenuA
DispatchMessageA
SetWindowLongA
CheckMenuItem
ScreenToClient
CreateDialogParamA
CheckRadioButton
GetClipboardData
GetMessageA
CharNextA
UpdateWindow
DestroyWindow
GetWindowLongA
DestroyMenu
MessageBoxA

kernel32

FileTimeToLocalFileTime
GetEnvironmentVariableA
CreateFileA
DosDateTimeToFileTime
GetSystemTimeAdjustment
CompareStringA
SetFirmwareEnvironmentVariableA
DisconnectNamedPipe
lstrcmpiA
WriteFileGather
GetStringTypeExA
SetNamedPipeHandleState
DeleteFileA
InterlockedCompareExchange
GetNamedPipeHandleStateA
SetEnvironmentVariableA
GetSystemTimes
CallNamedPipeA
GetFileTime
WriteFile
GetProcessHeaps
GetEnvironmentStringsA
GetSystemTime
InterlockedPushEntrySList
SystemTimeToFileTime
InterlockedDecrement
OpenMutexA
PeekNamedPipe
GetFileAttributesExA
IsBadStringPtrA
GetNamedPipeInfo
lstrcpynA
ReadFileEx
FileTimeToDosDateTime
InterlockedPopEntrySList
GetLastError
InterlockedExchange
CreateMutexA
lstrcmpA
GetSystemTimeAsFileTime
GetLocalTime
InterlockedFlushSList
ConnectNamedPipe
lstrcpyA
WriteFileEx
lstrlenA
HeapCreate
GetCurrentProcessId
FileTimeToSystemTime
lstrcatA
ReadFileScatter
InterlockedIncrement
TransactNamedPipe
SetFilePointer
FreeEnvironmentStringsA
CloseHandle
InterlockedExchangeAdd
SetFilePointerEx
ReleaseMutex
WaitNamedPipeA
GetFirmwareEnvironmentVariableA
ReadFile
VirtualAlloc
GetStringTypeA
VirtualFree

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

57dd74d76ef31ac9ff1c50e800dc0a86

Headers

DLL Characteristics

File Characteristics

Imports

advpack

cryptui

user32

kernel32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.data Size: 38KB - Virtual size: 37KB

.rsrc Size: 72KB - Virtual size: 3.1MB

.text
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 38KB - Virtual size: 37KB

.rsrc
Size: 72KB - Virtual size: 3.1MB