4b5dd061a15908824ad9634d87d183d3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4b5dd061a15908824ad9634d87d183d3_JaffaCakes118
Size

351KB
MD5

4b5dd061a15908824ad9634d87d183d3
SHA1

d46e8a22286f3ce559fddabe0a6e36c9c09d0e79
SHA256

5b54f2b54bd2e3c35115218b53b5b8559f2a7c23bbfcd85a8fe2a7992899bd42
SHA512

bf4fb617025c666c1af1e3a8b7ff476cd329d6dd538b0ff2dd49f91c237158a3e5f4255eef78d16a944d25ca988106018d5f64beaa09d95e295245290a8792c3
SSDEEP

6144:PDuCTrxWG69oTcODqHyek1+3us+3fx6DrmQE5QAOPPkUzMF:LuCTrLoyekfB3fx6V9k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b5dd061a15908824ad9634d87d183d3_JaffaCakes118

Files

4b5dd061a15908824ad9634d87d183d3_JaffaCakes118
.exe windows:8 windows x86 arch:x86

a15a7e4ea59516c341c4c3d1c5ee9f61

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advpack

RegisterOCX
IsNTAdmin
DelNode
ExecuteCab
RunSetupCommand
CloseINFEngine
LaunchINFSection
GetVersionFromFile
DelNodeRunDLL32
RegInstall
TranslateInfStringEx
ExtractFiles
NeedReboot
RegRestoreAll
LaunchINFSectionEx
FileSaveRestoreOnINF
SetPerUserSecValues
AdvInstallFile
RegSaveRestoreOnINF
FileSaveRestore
OpenINFEngine
FileSaveMarkNotExist
GetVersionFromFileEx
TranslateInfString
UserInstStubWrapper
RebootCheckOnInstall
RegSaveRestore
NeedRebootInit
UserUnInstStubWrapper
AddDelBackupEntry

user32

EndDialog
EnableMenuItem
CreateDialogParamA
LoadIconA
SetMenu
SetCursor
CheckMenuRadioItem
GetProcessDefaultLayout
SetWindowTextA
DrawTextA
OpenClipboard
DialogBoxParamA
SendMessageA
InvalidateRect
UpdateWindow
GetClientRect
EndPaint
LoadMenuA
DestroyMenu
SetDlgItemTextA
GetWindowTextA
OffsetRect
GetWindowLongA
PostQuitMessage
SetWindowLongA
SetProcessDefaultLayout
GetSysColorBrush
CloseClipboard
GetDlgCtrlID
MessageBoxA
ShowWindow
IsDialogMessageA
GetSubMenu
GetDlgItem
LoadStringA
WinHelpA
SetFocus
TranslateMessage
CharNextA
GetSysColor
DestroyWindow
GetWindowRect
GetMenu
MapWindowPoints
DispatchMessageA
CheckDlgButton
SetWindowPos
LoadAcceleratorsA
RegisterClassExA
HideCaret
CheckMenuItem
MessageBeep
BeginPaint
GetDesktopWindow
CallWindowProcA
ChildWindowFromPoint
TrackPopupMenuEx
SystemParametersInfoA
SetDlgItemInt
CreateWindowExA
IsChild
TranslateAcceleratorA
IsClipboardFormatAvailable
GetMessageA
ScreenToClient
LoadCursorA
EnableWindow
GetClipboardData
DefWindowProcA
CheckRadioButton

kernel32

IsBadStringPtrA
ReadFileEx
SetEnvironmentVariableA
SetFirmwareEnvironmentVariableA
lstrcmpiA
GetLocalTime
InterlockedExchangeAdd
CloseHandle
GetFirmwareEnvironmentVariableA
TransactNamedPipe
CallNamedPipeA
ExpandEnvironmentStringsA
WaitNamedPipeA
InterlockedIncrement
InterlockedPushEntrySList
DeleteFileA
WriteFile
PeekNamedPipe
WriteFileGather
InterlockedFlushSList
SystemTimeToFileTime
GetSystemTimeAdjustment
GetEnvironmentVariableA
FreeEnvironmentStringsA
GetModuleHandleA
CreateFileA
CompareStringA
VirtualFree
lstrlenA
InterlockedPopEntrySList
GetSystemTime
lstrcmpA
GetStringTypeExA
GetNamedPipeHandleStateA
GetProcessHeap
lstrcpynA
GetFileAttributesA
FileTimeToLocalFileTime
HeapAlloc
ReadFileScatter
GetFileAttributesExA
InterlockedCompareExchange
ConnectNamedPipe
GetFileTime
GetStringTypeA
lstrcpyA
ReadFile
HeapSize
GetEnvironmentStringsA
WriteFileEx
GetProcessHeaps
FileTimeToDosDateTime
DisconnectNamedPipe
GetSystemTimeAsFileTime
SetNamedPipeHandleState
InterlockedExchange
GetSystemTimes
FileTimeToSystemTime
lstrcatA
DosDateTimeToFileTime
VirtualAlloc
InterlockedDecrement
SetFilePointerEx
SetFilePointer

cryptui

ACUIProviderInvokeUI
CryptUIFreeViewSignaturesPagesA
EnrollmentCOMObjectFactory_getInstance
CryptUIDlgViewCTLA
CryptUIGetViewSignaturesPagesA
CryptUIWizCreateCertRequestNoDS
CryptUIDlgSelectStoreA
DllRegisterServer
CryptUIDlgViewContext
CryptUIFreeCertificatePropertiesPagesA
CryptUIWizImport
DllUnregisterServer
CryptUIWizBuildCTL
CryptUIStartCertMgr
CryptUIDlgViewCertificateA
CryptUIDlgViewSignerInfoA
CryptUIDlgViewCertificatePropertiesA
CryptUIWizQueryCertRequestNoDS
I_CryptUIProtect
RetrievePKCS7FromCA
CryptUIWizDigitalSign
I_CryptUIProtectFailure
CryptUIDlgSelectCertificateFromStore
CryptUIWizExport
CryptUIDlgFreeCAContext
CryptUIDlgCertMgr
CryptUIWizSubmitCertRequestNoDS
CryptUIDlgViewCRLA
WizardFree
LocalEnroll
CryptUIWizFreeDigitalSignContext
CryptUIWizCertRequest
CryptUIGetCertificatePropertiesPagesA
CryptUIDlgSelectCertificateA

Sections

.text
Size: 273KB - Virtual size: 273KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 712KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a15a7e4ea59516c341c4c3d1c5ee9f61

Headers

DLL Characteristics

File Characteristics

Imports

advpack

user32

kernel32

cryptui

Sections

.text Size: 273KB - Virtual size: 273KB

.data Size: 10KB - Virtual size: 9KB

.rsrc Size: 67KB - Virtual size: 712KB

.text
Size: 273KB - Virtual size: 273KB

.data
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 67KB - Virtual size: 712KB