5bb5b5d2c789d24d8a992400b1e849b0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5bb5b5d2c789d24d8a992400b1e849b0_JaffaCakes118
Size

101KB
MD5

5bb5b5d2c789d24d8a992400b1e849b0
SHA1

5bafbb4aa110cea5e1a20cf6fd3869ccac7eca82
SHA256

b8a5894723103883bafc386716542fed6fd7b3b235a007bea36d12872f87627a
SHA512

f3f6cdd6ff6c5c7ac06e0cd0bbeddc2299e3c21ff7f0fa3520780fb20142f149a72472aee4a477733ee4cb86fef67be336b60689723405187132f5c3e439ab03
SSDEEP

3072:O17D6kNrttSEFrP2OM9CgjBdsqiyH9flM6bo3jEH:Y7DRsqr5gj7H99MkoTS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5bb5b5d2c789d24d8a992400b1e849b0_JaffaCakes118

Files

5bb5b5d2c789d24d8a992400b1e849b0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e98c73682b013cb812512255f55a04ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

wintrust

CatalogCompactHashDatabase
mscat32DllUnregisterServer
WTHelperCertCheckValidSignature
WTHelperCertIsSelfSigned
CryptCATCDFEnumAttributes
WintrustAddActionID
CryptCATCatalogInfoFromContext
SoftpubInitialize
CryptCATCDFEnumCatAttributes
CryptCATPutMemberInfo
CryptCATStoreFromHandle
AddPersonalTrustDBPages
CryptCATPutAttrInfo
WinVerifyTrustEx
WTHelperGetProvSignerFromChain
SoftpubLoadDefUsageCallData
CryptSIPGetSignedDataMsg
HTTPSFinalProv
CryptCATCDFEnumAttributesWithCDFTag
WTHelperGetFileHash
SoftpubFreeDefUsageCallData
mssip32DllUnregisterServer
CryptCATCDFEnumMembers
CryptCATEnumerateMember
HTTPSCertificateTrust
SoftpubDefCertInit
CryptCATEnumerateAttr
WTHelperGetKnownUsages
CryptCATCDFClose
SoftpubDumpStructure
DriverCleanupPolicy
CryptCATGetAttrInfo
CryptCATAdminRemoveCatalog
CryptCATPersistStore
SoftpubCleanup
DriverInitializePolicy
CryptCATCDFEnumMembersByCDFTag
SoftpubLoadMessage
CryptCATEnumerateCatAttr

kernel32

SetThreadContext
SetCurrentDirectoryW
CreateNamedPipeA
FindAtomA
VirtualAlloc
EnumSystemLanguageGroupsA
LocalFileTimeToFileTime
GetSystemWindowsDirectoryA
GetEnvironmentVariableW
GetNumberFormatW
GetConsoleMode
GetProcessIoCounters
GetFileAttributesA
SetCurrentDirectoryA
ConsoleMenuControl
ProcessIdToSessionId
GetFileSize
RegisterWowBaseHandlers
GetConsoleInputWaitHandle
GetSystemTimeAsFileTime
LoadLibraryExA
EnumCalendarInfoW
IsBadCodePtr
SetSystemTime
GetFileAttributesExW
lstrcpy

advapi32

SetNamedSecurityInfoW
UnregisterTraceGuids
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegDeleteValueA
RegQueryValueExW
LsaFreeMemory
LookupPrivilegeNameA
LsaSetInformationPolicy
GetServiceKeyNameW
CryptEnumProvidersA
GetSecurityDescriptorControl
RegSetValueExA
SetSecurityInfo
RegisterServiceCtrlHandlerW
QueryServiceStatus
RegQueryValueA
CopySid
AccessCheck
StartServiceA
LsaEnumerateAccountRights
OpenEncryptedFileRawW
CloseServiceHandle
GetSidSubAuthority
LsaStorePrivateData
IsWellKnownSid
RegOpenKeyA
RegEnumKeyExA
RegQueryInfoKeyA
LsaSetTrustedDomainInfoByName
CreateServiceA
LsaEnumerateTrustedDomains
ReadEncryptedFileRaw
SetServiceStatus

gdi32

GdiEntry4
GdiProcessSetup
AddFontResourceTracking
GdiGetPageCount
GdiTransparentBlt
GetBrushOrgEx
GetTextCharset
GdiGetCharDimensions
GetMetaFileA
GdiSetAttrs
CreateICA
EnumMetaFile
EngQueryLocalTime
GetTextMetricsW
AngleArc
GdiInitSpool
GetEnhMetaFileDescriptionA
IsValidEnhMetaRecord
GetDIBits
CreateDCW
SetWorldTransform
CreateFontW
CreateEnhMetaFileA
GdiPlayEMF
FONTOBJ_vGetInfo
GetWindowOrgEx
SelectClipPath
GdiEntry6
HT_Get8BPPFormatPalette
CloseMetaFile
GetWorldTransform
PtVisible
GdiDllInitialize
EngGetCurrentCodePage
EngUnicodeToMultiByteN
UpdateColors
GdiRealizationInfo
GdiFixUpHandle
CloseFigure
GetWinMetaFileBits

Sections

BSS
Size: 52KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 30KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e98c73682b013cb812512255f55a04ec

Headers

DLL Characteristics

File Characteristics

Imports

wintrust

kernel32

advapi32

gdi32

Sections

BSS Size: 52KB - Virtual size: 88KB

BSS Size: 30KB - Virtual size: 106KB

.text Size: 9KB - Virtual size: 8KB

.rsrc Size: 8KB - Virtual size: 8KB

BSS
Size: 52KB - Virtual size: 88KB

BSS
Size: 30KB - Virtual size: 106KB

.text
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 8KB - Virtual size: 8KB