628f5227e4cc040c33bcb12b19f5437d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

628f5227e4cc040c33bcb12b19f5437d_JaffaCakes118
Size

453KB
MD5

628f5227e4cc040c33bcb12b19f5437d
SHA1

7ae72c0b2a250e493f5202c4e1b33adc86dbb84a
SHA256

5ec39605d51e32d5a52d6eb9f762c6f5066320c31aab340095bb6e3c47bb3281
SHA512

a3c64b55d06df801bdb7342d6f15f3261e9deb881525dd6d62e272498b2de68048d08d01a08697f2a3dcb2310f0b392d4641beee3f12d8ea7373f1f85e5031e1
SSDEEP

12288:eBv8tCC8jO/Ob8Sa86KddOF4OHjwq5KRE:oviN8y/Ob8SO2OF4ODP5KR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
628f5227e4cc040c33bcb12b19f5437d_JaffaCakes118

Files

628f5227e4cc040c33bcb12b19f5437d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

aa4661079a9e195a439b5f1d8e5ce16d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ntdll

RtlCompareUnicodeString

ntdsapi

DsFreeNameResultW
DsUnBindW
DsCrackNamesW
DsBindW

crypt32

CertGetCRLFromStore
CertFindCertificateInStore
CertCompareCertificate
CryptMsgGetParam
CertFreeCRLContext
CertGetSubjectCertificateFromStore
CertEnumCRLsInStore
CertAddCTLContextToStore
CertAddEncodedCTLToStore
CryptEnumOIDInfo
CertOpenStore
CertEnumCTLsInStore
CertGetNameStringW
CryptFindOIDInfo
CertDuplicateCertificateContext
CertNameToStrW
CertEnumCertificatesInStore
CryptFindLocalizedName
CertDeleteCTLFromStore
CertEnumSystemStore
CryptMsgOpenToDecode
CertEnumPhysicalStore
CertFreeCertificateContext
CertFreeCertificateChain
CryptDecodeObject
CertFindExtension
CertGetEnhancedKeyUsage
CertControlStore
CryptQueryObject
CertAddStoreToCollection
CryptMsgClose
CertFreeCTLContext
CryptMsgUpdate
CertGetCTLContextProperty
CryptMsgEncodeAndSignCTL
CryptFindCertificateKeyProvInfo
CertGetCertificateChain
CertAddCertificateContextToStore
CertCloseStore
CertGetStoreProperty
CertAddSerializedElementToStore
CertDuplicateCTLContext
CertSetCertificateContextProperty
CertDeleteCRLFromStore
CryptUnregisterOIDInfo
CertDeleteCertificateFromStore
CertFindCTLInStore
CertDuplicateCRLContext
CertGetCertificateContextProperty
CertAddCRLContextToStore

user32

SetWindowLongW
LoadIconW
GetClientRect
DlgDirListA
GetParent
GetDlgItem
RegisterClipboardFormatW
ShowWindow
EnableMenuItem
LoadMenuW
GetDlgCtrlID
GetSystemMetrics
GetWindowRect
GetMenu
SendMessageW
ScreenToClient
LoadBitmapW
GetSubMenu
SetMenu
DestroyIcon
UnhookWindowsHookEx
ReleaseDC
GetDC
LoadStringW
InvalidateRect
PostMessageW
EnumPropsA
DialogBoxParamW
GetWindowLongW
SetWindowsHookExW
GetCursorPos
SendDlgItemMessageW
ChildWindowFromPointEx
CallNextHookEx
GetSysColor
WinHelpW
MessageBoxW
EnableWindow

gdi32

CreateFontIndirectW
GetDeviceCaps
DeleteObject

wintrust

WTHelperGetFileHash

ole32

CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
StringFromCLSID
GetHGlobalFromStream
CLSIDFromString
CoCreateGuid
StringFromGUID2
CoTaskMemFree
ReleaseStgMedium
CoTaskMemAlloc
CoInitialize

shell32

SHGetFileInfoW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc

kernel32

QueryPerformanceCounter
MultiByteToWideChar
CreateFileW
MapViewOfFileEx
FileTimeToLocalFileTime
ReadFile
GlobalUnlock
lstrcpynW
UnhandledExceptionFilter
GlobalLock
lstrcpyW
LoadLibraryW
GetModuleHandleA
LoadLibraryA
GetWindowsDirectoryW
GetComputerNameW
FreeLibrary
IsBadWritePtr
InterlockedIncrement
GetModuleHandleW
WaitForSingleObject
SetEvent
GetFileSize
VirtualAlloc
LoadResource
SystemTimeToFileTime
LocalAlloc
TerminateProcess
lstrlenW
GetProcAddress
CompareFileTime
lstrcmpiW
DeleteCriticalSection
SetLastError
InitializeCriticalSection
GlobalAlloc
CloseHandle
CreateFileMappingW
FindResourceW
GetDateFormatW
GlobalFree
ResetEvent
GetTimeFormatW
GetModuleFileNameW
GetFileTime
GetLastError
SetUnhandledExceptionFilter
LeaveCriticalSection
GetCommandLineW
GetCurrentThreadId
CompareStringW
CreateEventW
MapViewOfFile
GetVersionExW
GetFileSizeEx
GetShortPathNameW
OutputDebugStringA
FormatMessageW
GetTickCount
LocalFree
IsBadReadPtr
GetUserDefaultLangID
GetCurrentProcessId
GetSystemTime
GetSystemTimeAsFileTime
InterlockedDecrement
OpenEventW
EnterCriticalSection
CreateDirectoryA
FileTimeToSystemTime
GetComputerNameExW
GetCurrentProcess

certcli

CACloseCA
CAEnumNextCertType
CAEnumNextCA
CAGetCertTypeProperty
CAEnumFirstCA
CAFindCertTypeByName
CAGetCertTypeExtensions
CAEnumCertTypes
CAGetCAProperty
CACloseCertType
CAGetCertTypePropertyEx
CACountCAs
CAGetCACertificate
CAFreeCAProperty
CAFreeCertTypeProperty
CAGetCertTypeFlags

netapi32

DsRoleGetPrimaryDomainInformation
DsGetDcNameW
DsRoleFreeMemory
NetApiBufferFree
NetServerGetInfo

advpack

AdvInstallFile

advapi32

CloseServiceHandle
FreeSid
SaferCreateLevel
GetTokenInformation
LookupAccountNameW
CryptAcquireContextW
RegDeleteValueW
RegSetValueExW
RegDeleteKeyW
RegCloseKey
OpenProcessToken
AllocateAndInitializeSid
SaferCloseLevel
CryptDestroyHash
RegCreateKeyExW
SaferGetLevelInformation
SaferSetLevelInformation
RegOpenKeyExW
RegQueryValueExW
SaferGetPolicyInformation
CryptReleaseContext
CryptCreateHash
GetLengthSid
SaferiChangeRegistryScope
EnumServicesStatusW
RegEnumKeyExW
SaferSetPolicyInformation
CryptGetHashParam
OpenSCManagerW
SaferiPopulateDefaultsInRegistry
CopySid
GetUserNameW
CryptHashData
CheckTokenMembership

cryptui

CryptUIDlgViewCRLW
CryptUIWizBuildCTL
CryptUIWizExport
CryptUIGetCertificatePropertiesPagesW
CryptUIDlgViewCertificateW
CryptUIDlgViewCTLW
CryptUIWizCertRequest
CryptUIWizImport
CryptUIDlgViewCertificatePropertiesW

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 173KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 117KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

aa4661079a9e195a439b5f1d8e5ce16d

Headers

DLL Characteristics

File Characteristics

Imports

version

ntdll

ntdsapi

crypt32

user32

gdi32

wintrust

ole32

shell32

kernel32

certcli

netapi32

advpack

advapi32

cryptui

Sections

.text Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 28B

.rsrc Size: 152KB - Virtual size: 151KB

.rdata Size: 173KB - Virtual size: 172KB

.idata Size: 8KB - Virtual size: 7KB

.data Size: 117KB - Virtual size: 1.9MB

.text
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 28B

.rsrc
Size: 152KB - Virtual size: 151KB

.rdata
Size: 173KB - Virtual size: 172KB

.idata
Size: 8KB - Virtual size: 7KB

.data
Size: 117KB - Virtual size: 1.9MB