67130e859879b41ba0c133d3e9895124_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

67130e859879b41ba0c133d3e9895124_JaffaCakes118
Size

12.4MB
MD5

67130e859879b41ba0c133d3e9895124
SHA1

c744cee5a1b35729072303d4ae9f5ed359adfafc
SHA256

8586cd86d027799ea16dfe375c9c8d259ffbfa9a2ea3690c71cef8edaeae6bea
SHA512

b62ceb4a00ee96d42115cceaf8f621084295767d75dbd43a516b580e859ddac28612903ea6f66fcf18f64e3d3442b80b1e8543dee0b804af72f13268381acecc
SSDEEP

196608:O1BNRtjr8V/1BK0/GlxNhq395lfaLKECqZd1dn:GNPjr6sVha95lf+KECq7/n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
67130e859879b41ba0c133d3e9895124_JaffaCakes118

Files

67130e859879b41ba0c133d3e9895124_JaffaCakes118
.exe windows:5 windows x86 arch:x86

39c4fadede48921d6067d820444f5820

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\repositories\tests\ssdinstaller\Release\ssdinstaller.pdb

Imports

crypt32

CertCloseStore
CertCreateCertificateContext
CertSetCertificateContextProperty
CryptEncodeObject
CertDuplicateCertificateContext
CryptSignAndEncodeCertificate
CertGetCertificateContextProperty
CryptExportPublicKeyInfo
CertStrToNameW
CertFindCertificateInStore
CertAddCertificateContextToStore
CertFreeCertificateContext
CertOpenStore
CryptAcquireCertificatePrivateKey

imagehlp

CheckSumMappedFile

advapi32

LockServiceDatabase
CryptHashData
GetSecurityDescriptorDacl
RegSetValueExW
EnumServicesStatusExW
RegCloseKey
QueryServiceConfigW
AdjustTokenPrivileges
CryptDestroyHash
ControlService
GetLengthSid
UnlockServiceDatabase
CryptDestroyKey
AddAce
CryptGenKey
RegOpenKeyExW
RegSetKeySecurity
CreateServiceW
CryptGetHashParam
CloseServiceHandle
OpenProcessToken
CryptAcquireContextW
DeleteService
OpenSCManagerW
StartServiceCtrlDispatcherW
GetUserNameW
SetSecurityDescriptorControl
OpenServiceW
RegisterServiceCtrlHandlerExW
GetTokenInformation
GetAclInformation
EqualSid
CryptReleaseContext
RegQueryValueExW
InitializeSecurityDescriptor
GetFileSecurityW
LookupAccountNameW
SetSecurityDescriptorDacl
LookupPrivilegeValueW
GetAce
ChangeServiceConfig2W
RegGetKeySecurity
StartServiceW
SetFileSecurityW
RegDeleteValueW
CryptGenRandom
InitializeAcl
SetServiceStatus
SetSecurityDescriptorOwner
CryptCreateHash
AddAccessAllowedAce
SetSecurityInfo

shell32

ShellExecuteW

kernel32

GetEnvironmentVariableW
EnumResourceNamesW
GetFileSize
FindFirstFileW
SetFilePointer
FindResourceW
FreeLibrary
LoadResource
CreateProcessW
LoadLibraryExW
SystemTimeToFileTime
MoveFileExW
GetCurrentProcess
CreateDirectoryW
WaitForSingleObject
GetModuleHandleW
WriteFile
LoadLibraryW
Sleep
CopyFileW
SizeofResource
GetVersionExW
ReadFile
GetModuleFileNameW
CreateFileW
GetLastError
GetProcAddress
FindClose
LocalAlloc
LockResource
RemoveDirectoryW
GetSystemInfo
FindNextFileW
CloseHandle
EnumResourceLanguagesW
DeleteFileW
LocalFree
GetSystemTime
GetVolumeInformationW
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
RaiseException
HeapFree
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeW
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapAlloc
GetStringTypeA
VirtualAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
GetModuleHandleA

Sections

.text
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39c4fadede48921d6067d820444f5820

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crypt32

imagehlp

advapi32

shell32

kernel32

Sections

.text Size: 132KB - Virtual size: 132KB

.rdata Size: 84KB - Virtual size: 84KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 2.6MB - Virtual size: 2.6MB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 132KB - Virtual size: 132KB

.rdata
Size: 84KB - Virtual size: 84KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

.reloc
Size: 18KB - Virtual size: 17KB