43fedca76bae329460dc770d03059f0e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

43fedca76bae329460dc770d03059f0e_JaffaCakes118
Size

386KB
MD5

43fedca76bae329460dc770d03059f0e
SHA1

ff057b5a72159e655c0c6211f7601812801ca4f5
SHA256

c883c3ecff25b9ba47d3a710d6a2a856aba64ab4b7546afe316d5a7c847ee48a
SHA512

d9fd21ebb8f34974c9135ae6e71c606d3b65832b5e6799eaa55d83f05e134cb45e8a55d3f44c75c7f850fce51f74f0c1d44c63679fd53b290dc965e62e8c36dd
SSDEEP

12288:gX4ylHDLgj8xv6pqtZNEl+4ipxfdodKZO45ITN:gXVLaovXNF5odv4q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
43fedca76bae329460dc770d03059f0e_JaffaCakes118

Files

43fedca76bae329460dc770d03059f0e_JaffaCakes118
.exe windows:3 windows x86 arch:x86

07b4286d52964afebf31ce101d63b19e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

IsDialogMessageA
ScreenToClient
SetWindowPos
MessageBeep
SetMenu
RegisterClassExA
SetCursor
IsChild
SystemParametersInfoA
TrackPopupMenuEx
DefWindowProcA
DispatchMessageA
DrawTextA
SetFocus
EnableMenuItem
GetDesktopWindow
LoadMenuA
CreateWindowExA
CreateDialogParamA
GetWindowLongA
GetDlgItem
SetWindowLongA
GetWindowTextA
LoadAcceleratorsA
CheckMenuItem
HideCaret
TranslateMessage
LoadCursorA
BeginPaint
WinHelpA
CloseClipboard
GetWindowRect
GetClientRect
GetProcessDefaultLayout
IsClipboardFormatAvailable
CharNextA
OffsetRect
MessageBoxA
EndDialog
CheckRadioButton
GetDlgCtrlID
GetSubMenu
CallWindowProcA
DestroyWindow
EndPaint
GetMenu
EnableWindow
SetWindowTextA
GetClipboardData
UpdateWindow
GetSysColor
InvalidateRect
SendMessageA
ShowWindow
SetDlgItemInt
GetMessageA
MapWindowPoints
GetSysColorBrush
DestroyMenu
OpenClipboard
CheckDlgButton
CheckMenuRadioItem
SetDlgItemTextA
SetProcessDefaultLayout
PostQuitMessage
ChildWindowFromPoint
LoadStringA
LoadIconA
TranslateAcceleratorA
DialogBoxParamA

advpack

NeedReboot
RegInstall
CloseINFEngine
FileSaveRestore
UserInstStubWrapper
RegSaveRestore
FileSaveMarkNotExist
TranslateInfStringEx
DoInfInstall
AdvInstallFile
TranslateInfString
RegRestoreAll
UserUnInstStubWrapper
IsNTAdmin
LaunchINFSectionEx
SetPerUserSecValues
RebootCheckOnInstall
RegSaveRestoreOnINF
ExtractFiles
DelNodeRunDLL32
AddDelBackupEntry
GetVersionFromFile
NeedRebootInit
ExecuteCab
LaunchINFSection
GetVersionFromFileEx
FileSaveRestoreOnINF
RunSetupCommand
DelNode
RegisterOCX
OpenINFEngine

cryptui

CryptUIWizCertRequest
CryptUIWizFreeDigitalSignContext
I_CryptUIProtect
CryptUIDlgSelectCertificateA
CryptUIWizQueryCertRequestNoDS
DllUnregisterServer
CryptUIDlgViewCRLA
CryptUIFreeCertificatePropertiesPagesA
CryptUIGetCertificatePropertiesPagesA
WizardFree
CryptUIWizFreeCertRequestNoDS
CryptUIStartCertMgr
DllRegisterServer
CryptUIWizImport
RetrievePKCS7FromCA
CryptUIDlgViewCertificateA
EnrollmentCOMObjectFactory_getInstance
CryptUIDlgViewCertificatePropertiesA
CryptUIDlgFreeCAContext
LocalEnrollNoDS
CryptUIDlgSelectCertificateFromStore
LocalEnroll
ACUIProviderInvokeUI
CryptUIWizExport
CryptUIDlgSelectStoreA
CryptUIWizBuildCTL
CryptUIDlgViewCTLA
CryptUIWizDigitalSign
CryptUIDlgViewContext
CryptUIDlgCertMgr
CryptUIWizCreateCertRequestNoDS
CryptUIGetViewSignaturesPagesA
I_CryptUIProtectFailure
CryptUIDlgViewSignerInfoA
CryptUIFreeViewSignaturesPagesA
CryptUIDlgSelectCA
CryptUIWizSubmitCertRequestNoDS

kernel32

GetFileTime
ReadFileEx
VirtualFree
GetNamedPipeHandleStateA
ExpandEnvironmentStringsA
GetSystemTimeAsFileTime
InterlockedIncrement
DosDateTimeToFileTime
GetSystemTimeAdjustment
TransactNamedPipe
GetProcessHeap
FileTimeToDosDateTime
lstrcmpiA
SetFirmwareEnvironmentVariableA
CloseHandle
FileTimeToSystemTime
WaitNamedPipeA
ReadFile
SetFilePointerEx
WriteFileEx
VirtualAlloc
lstrcatA
lstrcmpA
GetEnvironmentVariableA
FileTimeToLocalFileTime
GetSystemTime
DisconnectNamedPipe
GetModuleHandleA
GetFileAttributesExA
lstrcpyA
lstrcpynA
GetProcessHeaps
CreateFileA
FreeEnvironmentStringsA
InterlockedPopEntrySList
DeleteFileA
SetNamedPipeHandleState
SetFilePointer
ReadFileScatter
GetStringTypeExA
WriteFileGather
GetFileAttributesA
lstrlenA
GetStringTypeA
CallNamedPipeA
CompareStringA
InterlockedCompareExchange
InterlockedDecrement
GetEnvironmentStringsA
ConnectNamedPipe
InterlockedFlushSList
IsBadStringPtrA
HeapAlloc
InterlockedPushEntrySList
HeapSize
GetFirmwareEnvironmentVariableA
SetEnvironmentVariableA
GetNamedPipeInfo
SystemTimeToFileTime
GetSystemTimes
InterlockedExchangeAdd
PeekNamedPipe
WriteFile
GetLocalTime
InterlockedExchange

Sections

.text
Size: 278KB - Virtual size: 278KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 720KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

07b4286d52964afebf31ce101d63b19e

Headers

DLL Characteristics

File Characteristics

Imports

user32

advpack

cryptui

kernel32

Sections

.text Size: 278KB - Virtual size: 278KB

.data Size: 10KB - Virtual size: 9KB

.rsrc Size: 96KB - Virtual size: 720KB

.text
Size: 278KB - Virtual size: 278KB

.data
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 96KB - Virtual size: 720KB