3eb953b21fc2a6d20aeddddd63031013_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3eb953b21fc2a6d20aeddddd63031013_JaffaCakes118
Size

361KB
MD5

3eb953b21fc2a6d20aeddddd63031013
SHA1

9d3c927d0e0fe4540e5381ef731d0793f9f40b2a
SHA256

9128be3c41a69501a0283e700117d04e7000271cc99bb04c0cb55d46158876ac
SHA512

92ea4b58010b3bff7fdb2cd14e6dfeb3e0da2f7ad55a6195abe5be3c0cb74dc8a3926e7ee8ccf3b669a68be1c93147ddd8ee4e9e296407d54cbc5a2b0a07030c
SSDEEP

6144:zarD3WjqEu9P6gmENMC2v4WQJbaT7shYTNRPCxLN0Ek/WeiWhEAHiQXOldtlelD:6sbzsEshaNRPwReZh7XXOldtli

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3eb953b21fc2a6d20aeddddd63031013_JaffaCakes118

Files

3eb953b21fc2a6d20aeddddd63031013_JaffaCakes118
.exe windows:1 windows x86 arch:x86

be98adc5c845df3ef17256c1b7e02e7f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

CloseClipboard
CheckMenuItem
LoadIconA
InvalidateRect
GetWindowTextA
SetProcessDefaultLayout
GetClientRect
BeginPaint
UpdateWindow
GetSysColor
DestroyWindow
CheckDlgButton
HideCaret
GetWindowLongA
GetDlgItem
TrackPopupMenuEx
IsChild
GetProcessDefaultLayout
GetMenu
MessageBoxA
CheckRadioButton
EndPaint
SystemParametersInfoA
SetDlgItemTextA
GetSubMenu
EnableWindow
TranslateMessage
IsDialogMessageA
OpenClipboard
SetWindowLongA
CreateWindowExA
EndDialog
GetMessageA
DrawTextA
PostQuitMessage
ScreenToClient
LoadCursorA
DefWindowProcA
TranslateAcceleratorA
SendMessageA
DialogBoxParamA
CallWindowProcA
SetCursor
ShowWindow
CreateDialogParamA
SetDlgItemInt
DestroyMenu
SetFocus
LoadStringA
CheckMenuRadioItem
RegisterClassExA
DispatchMessageA
SetWindowTextA
WinHelpA
ChildWindowFromPoint
OffsetRect
SetWindowPos
IsClipboardFormatAvailable
LoadAcceleratorsA
GetDlgCtrlID
EnableMenuItem
GetSysColorBrush
GetClipboardData
GetWindowRect
LoadMenuA

cryptui

CryptUIDlgSelectCertificateA
WizardFree
CryptUIWizExport
CryptUIFreeViewSignaturesPagesA
CryptUIWizDigitalSign
CryptUIStartCertMgr
CryptUIGetViewSignaturesPagesA
CryptUIDlgViewCRLA
LocalEnroll
CryptUIDlgSelectCA
EnrollmentCOMObjectFactory_getInstance
CryptUIWizCertRequest
CryptUIDlgCertMgr
CryptUIWizFreeCertRequestNoDS
CryptUIDlgViewCertificatePropertiesA
CryptUIWizBuildCTL
I_CryptUIProtect
CryptUIWizImport
DllRegisterServer
CryptUIDlgSelectCertificateFromStore
CryptUIWizQueryCertRequestNoDS
CryptUIDlgViewCTLA
CryptUIDlgViewCertificateA
DllUnregisterServer
CryptUIFreeCertificatePropertiesPagesA
CryptUIWizSubmitCertRequestNoDS
ACUIProviderInvokeUI
CryptUIDlgViewContext
CryptUIDlgViewSignerInfoA
I_CryptUIProtectFailure
CryptUIDlgFreeCAContext
RetrievePKCS7FromCA
CryptUIWizCreateCertRequestNoDS
CryptUIWizFreeDigitalSignContext
CryptUIDlgSelectStoreA

kernel32

CloseHandle
FileTimeToSystemTime
FileTimeToDosDateTime
GetLocalTime
GetProcessHeaps
GetStringTypeA
InterlockedIncrement
CompareStringA
InterlockedExchange
lstrcmpiA
GetFileAttributesA
ReadFileEx
GetEnvironmentVariableA
lstrcpyA
WriteFile
DisconnectNamedPipe
GetStringTypeExA
lstrcatA
lstrlenA
GetNamedPipeHandleStateA
ConnectNamedPipe
SetFilePointer
InterlockedCompareExchange
VirtualFree
InterlockedPopEntrySList
lstrcpynA
GetModuleHandleA
SetFirmwareEnvironmentVariableA
SetEnvironmentVariableA
DeleteFileA
IsBadStringPtrA
GetSystemTimes
SetNamedPipeHandleState
SetFilePointerEx
ExpandEnvironmentStringsA
CallNamedPipeA
GetSystemTimeAdjustment
VirtualAlloc
WriteFileEx
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetFileAttributesExA
GetNamedPipeInfo
GetSystemTime
WaitNamedPipeA
HeapAlloc
ReadFile
InterlockedExchangeAdd
DosDateTimeToFileTime
CreateFileA
WriteFileGather
GetFileTime
GetEnvironmentStringsA
PeekNamedPipe
GetProcessHeap
InterlockedFlushSList
TransactNamedPipe
InterlockedPushEntrySList
FreeEnvironmentStringsA
FileTimeToLocalFileTime
HeapSize
ReadFileScatter
InterlockedDecrement
GetFirmwareEnvironmentVariableA

advpack

TranslateInfStringEx
NeedReboot
NeedRebootInit
ExtractFiles
IsNTAdmin
LaunchINFSection
RegSaveRestoreOnINF
CloseINFEngine
RegSaveRestore
GetVersionFromFile
TranslateInfString
DelNode
AdvInstallFile
OpenINFEngine
AddDelBackupEntry
ExecuteCab
RunSetupCommand
RegisterOCX
RebootCheckOnInstall
LaunchINFSectionEx
DelNodeRunDLL32
UserUnInstStubWrapper
FileSaveRestoreOnINF
FileSaveRestore
UserInstStubWrapper
GetVersionFromFileEx
SetPerUserSecValues
RegInstall
FileSaveMarkNotExist
DoInfInstall

Sections

.text
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 724KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be98adc5c845df3ef17256c1b7e02e7f

Headers

DLL Characteristics

File Characteristics

Imports

user32

cryptui

kernel32

advpack

Sections

.text Size: 272KB - Virtual size: 272KB

.data Size: 12KB - Virtual size: 11KB

.rsrc Size: 76KB - Virtual size: 724KB

.text
Size: 272KB - Virtual size: 272KB

.data
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 76KB - Virtual size: 724KB