615a2cab83031f3d70c47ea12686c6d0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

615a2cab83031f3d70c47ea12686c6d0_JaffaCakes118
Size

106KB
MD5

615a2cab83031f3d70c47ea12686c6d0
SHA1

eed0c6eaae937c7dc078eda7b5ab69f5ded3b844
SHA256

2af073a74f3dff0a533c370ab3cae7733e7753176422dce3cd7f15b6771746a3
SHA512

938381f6a18e0e489b31af28b42d171c07f64e34d6a2ab574f9ea9bcf6066c213a08b6da5b4555a918dd6f596b832c8cd924b4a69f82e9d6595d83b4c10406a6
SSDEEP

1536:qFdDbQY0hxOQMmvhEH28nXCN9LRYrH0WTQUlrFGxVoEDLbvjqclAWc:qFdDbQYu3MxHjAWT/lrFGztXqclAn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
615a2cab83031f3d70c47ea12686c6d0_JaffaCakes118

Files

615a2cab83031f3d70c47ea12686c6d0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d27cca0b384ce675cb24438b190b34cb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

WaitForSingleObject
GetSystemTimeAsFileTime
GetProcAddress
LoadLibraryA
VirtualProtect
GetCurrentThread
SetThreadContext
SetConsoleCP
OpenSemaphoreW
GetLastError
WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
LoadLibraryA
CreateProcessW
LoadLibraryExA
CreateFileA
ReleaseMutex
DeviceIoControl
ReadFile
GetSystemTimeAsFileTime
CreateProcessW
GetStartupInfoA
ReleaseMutex
GetSystemTimeAsFileTime
WaitForSingleObject
WriteProcessMemory
LoadLibraryExA
WaitForSingleObjectEx
GetSystemTimeAsFileTime
ReadProcessMemory
GetSystemTime
VirtualProtect
VirtualProtect
DeviceIoControl
LoadLibraryExA
LoadLibraryA
SleepEx
ReadProcessMemory
CreateProcessW
TerminateProcess
VirtualProtect
ReadProcessMemory
VirtualProtect
Sleep
CreateProcessW
LoadLibraryExA
GetStartupInfoW
LoadLibraryExA
ReadFile
SleepEx
CreateProcessA
ReadFile
CreateProcessA
VirtualProtectEx
TerminateProcess
GetStartupInfoA
LoadLibraryExA
VirtualProtect
WaitForSingleObject
LoadLibraryExW
LoadLibraryA
WaitForSingleObject
GetSystemTime
LoadLibraryA
ReleaseMutex
VirtualProtectEx
CreateFileA
VirtualProtect
WaitForSingleObject
GetSystemTimeAsFileTime
CreateProcessA
VirtualProtect
LoadLibraryExA
WriteProcessMemory
CreateProcessW
WriteProcessMemory
WaitForSingleObject
VirtualProtect
LoadLibraryExW
GetStartupInfoW
Sleep
VirtualProtect
WriteProcessMemory
ReadProcessMemory
GetStartupInfoA
WriteProcessMemory
SleepEx
Sleep
LoadLibraryA
CreateProcessW
SleepEx
GetSystemTimeAsFileTime
ReleaseMutex
DeviceIoControl
LoadLibraryExA
VirtualProtect
WaitForSingleObject
WaitForSingleObject
GetSystemTimeAsFileTime
GetStartupInfoW
VirtualProtect
GetStartupInfoA
GetSystemTime
Sleep
GetSystemTime
Sleep
SleepEx
CreateFileA
SleepEx
LoadLibraryA

wintrust

TrustFreeDecode
WinVerifyTrust
OfficeCleanupPolicy
TrustFreeDecode
WintrustCertificateTrust
WintrustCertificateTrust
WinVerifyTrust
WintrustCertificateTrust
WinVerifyTrust
WinVerifyTrust
WinVerifyTrust
WinVerifyTrust
WTHelperGetProvSignerFromChain
TrustFreeDecode
TrustFreeDecode
TrustFreeDecode
WTHelperGetProvSignerFromChain
WintrustCertificateTrust
WTHelperGetProvSignerFromChain
WintrustCertificateTrust
WintrustCertificateTrust
WintrustCertificateTrust
WintrustCertificateTrust
WintrustCertificateTrust
WintrustCertificateTrust
WinVerifyTrust
TrustFreeDecode
WintrustCertificateTrust
WinVerifyTrust
WinVerifyTrust
TrustFreeDecode
TrustFreeDecode
TrustFreeDecode
TrustFreeDecode
TrustFreeDecode
WinVerifyTrust
WTHelperGetProvSignerFromChain
TrustFreeDecode
WinVerifyTrust
TrustFreeDecode
WTHelperGetProvSignerFromChain
WintrustCertificateTrust
WTHelperGetProvSignerFromChain
TrustFreeDecode
WinVerifyTrust
WinVerifyTrust
WTHelperGetProvSignerFromChain
TrustFreeDecode
TrustFreeDecode
WintrustCertificateTrust
WintrustCertificateTrust
TrustFreeDecode
TrustFreeDecode
WintrustCertificateTrust
WTHelperGetProvSignerFromChain
WinVerifyTrust
WintrustCertificateTrust
WintrustCertificateTrust
WTHelperGetProvSignerFromChain
WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperGetProvSignerFromChain
WinVerifyTrust
WinVerifyTrust
WTHelperGetProvSignerFromChain
WintrustCertificateTrust
WTHelperGetProvSignerFromChain
WintrustCertificateTrust
WinVerifyTrust
TrustFreeDecode
TrustFreeDecode
WintrustCertificateTrust
WTHelperGetProvSignerFromChain
WTHelperGetProvSignerFromChain
WinVerifyTrust
WinVerifyTrust
WintrustCertificateTrust
WTHelperGetProvSignerFromChain
WinVerifyTrust
WinVerifyTrust
WinVerifyTrust
TrustFreeDecode
WinVerifyTrust
WinVerifyTrust
WintrustCertificateTrust
WintrustCertificateTrust
WintrustCertificateTrust
WinVerifyTrust
WTHelperGetProvSignerFromChain
WinVerifyTrust
WTHelperGetProvSignerFromChain
WintrustCertificateTrust
WintrustCertificateTrust
TrustFreeDecode
TrustFreeDecode
WintrustCertificateTrust
WinVerifyTrust
WintrustCertificateTrust
WinVerifyTrust
WinVerifyTrust
TrustFreeDecode
WinVerifyTrust
TrustFreeDecode

Sections

.text
Size: 82KB - Virtual size: 388KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d27cca0b384ce675cb24438b190b34cb

Headers

File Characteristics

Imports

kernel32

wintrust

Sections

.text Size: 82KB - Virtual size: 388KB

.data Size: 5KB - Virtual size: 8KB

.idata Size: 16KB - Virtual size: 16KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 82KB - Virtual size: 388KB

.data
Size: 5KB - Virtual size: 8KB

.idata
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 1KB - Virtual size: 1KB