3febea3d824581e6b11892e95909fc06_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3febea3d824581e6b11892e95909fc06_JaffaCakes118
Size

57KB
MD5

3febea3d824581e6b11892e95909fc06
SHA1

e8639a370baa198728aab278415730502df34551
SHA256

9f55cf4e1a79605718206352181c1b5137709b59287715eea37ccba3e7b7ac73
SHA512

834cdc30a05098c67f245021011116625f3acbc19d5a4717f15f26485fb7edb8cbf91f3aea56561402fc2e5ea3a0f76c78f6949b4a29330b700651825ad1a4dc
SSDEEP

1536:4/P9KrKVrXVa8NzIb/+dXF+RC8H807g+00:W9KMlaVbMYgN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3febea3d824581e6b11892e95909fc06_JaffaCakes118

Files

3febea3d824581e6b11892e95909fc06_JaffaCakes118
.exe windows:4 windows x86 arch:x86

58e829288fcbb09e70a3ec69b3d8d457

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

resutils

ResUtilIsResourceClassEqual
ResUtilEnumResourcesEx
ResUtilSetPropertyParameterBlock
ResUtilFindDwordProperty
ResUtilGetResourceDependencyByClass
ResUtilSetResourceServiceStartParameters
ResUtilSetDwordValue
ResUtilSetUnknownProperties
ResUtilGetSzProperty
ResUtilEnumProperties
ResUtilFindExpandSzProperty
ResUtilPropertyListFromParameterBlock
ResUtilVerifyResourceService
ResUtilStartResourceService
ResUtilSetResourceServiceEnvironment
ClusWorkerStart
ResUtilGetResourceDependency
ResUtilGetPropertiesToParameterBlock
ClusWorkerTerminate
ResUtilEnumResources
ResUtilFindMultiSzProperty

wintrust

CryptCATCDFOpen
SoftpubDumpStructure
OpenPersonalTrustDBDialog
WTHelperCertFindIssuerCertificate
CryptCATCDFClose
SoftpubLoadSignature
MsCatConstructHashTag
WVTAsn1SpcFinancialCriteriaInfoDecode
CryptSIPPutSignedDataMsg
CryptCATCDFEnumAttributes
CryptCATAdminResolveCatalogPath
WVTAsn1SpcSigInfoDecode
CryptCATAdminPauseServiceForBackup
CryptCATAdminAcquireContext
OfficeCleanupPolicy
CryptCATCatalogInfoFromContext
WinVerifyTrustEx
DriverInitializePolicy
WTHelperGetAgencyInfo
CryptCATEnumerateCatAttr
HTTPSFinalProv
OpenPersonalTrustDBDialogEx

schannel

QuerySecurityPackageInfoW
SpLsaModeInitialize
EnumerateSecurityPackagesW
CompleteAuthToken
SslCrackCertificate
AcceptSecurityContext
FreeCredentialsHandle
SslGenerateRandomBits
UnsealMessage
DeleteSecurityContext
SslEmptyCacheA
ApplyControlToken
VerifySignature
SealMessage
QueryContextAttributesW

kernel32

EnumerateLocalComputerNamesA
Thread32Next
GetConsoleCharType
GetVersionExA
SetLocalPrimaryComputerNameW
EnumLanguageGroupLocalesA
GetVersion
GlobalUnWire
VirtualAlloc
GetWindowsDirectoryW
QueryPerformanceCounter
SetCommState
LoadLibraryA
CreateJobSet
lstrcmp
IsBadHugeWritePtr
SetPriorityClass
ReadConsoleA
GetOverlappedResult
ExitProcess
ReadFileEx
GetPrivateProfileSectionA
GetTapeParameters
GlobalAlloc
_lopen
OpenSemaphoreA
SetConsoleMenuClose
GlobalHandle
RaiseException

winsta

_WinStationNotifyLogon
WinStationGetTermSrvCountersValue
LogonIdFromWinStationNameW
WinStationGetLanAdapterNameA
WinStationQueryUpdateRequired
LogonIdFromWinStationNameA
WinStationEnumerateLicenses
WinStationOpenServerA
WinStationTerminateProcess
WinStationGetLanAdapterNameW
WinStationVirtualOpen
WinStationQueryInformationA
WinStationSetInformationW
WinStationRenameA
WinStationGetProcessSid

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

58e829288fcbb09e70a3ec69b3d8d457

Headers

File Characteristics

Imports

resutils

wintrust

schannel

kernel32

winsta

Sections

.text Size: 34KB - Virtual size: 34KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 16KB - Virtual size: 102KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 34KB - Virtual size: 34KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 16KB - Virtual size: 102KB

.rsrc
Size: 1KB - Virtual size: 1KB