713b41c609a8f4f3a7dc6e6eed9d6205_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

713b41c609a8f4f3a7dc6e6eed9d6205_JaffaCakes118
Size

50KB
MD5

713b41c609a8f4f3a7dc6e6eed9d6205
SHA1

c29498c78e066acd535962749e47c6fc6501921c
SHA256

c53a6aec9880be27032b3d951b662417a057edf9b574d0fcccc948e1cfdfaf61
SHA512

93752ef67126ec161461eeeecb96e8b25ffb87ae3cd641824665072106fd1bc3ace3dd738f9eeb8125940a6e9770d7b3b09086a9f9fabf8cd920db404394596f
SSDEEP

768:FQnvknnII/ZZGmraie4glp+glUj5ZlyYc5NMonAUOt46AM5yg1VZRMVWQe0lfN:VnII/ZhrM9v+8ac5at41Sy8T2VWZyN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
713b41c609a8f4f3a7dc6e6eed9d6205_JaffaCakes118

Files

713b41c609a8f4f3a7dc6e6eed9d6205_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c2f4b14917c261c97cce20d5669405a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiOpenClassRegKeyExW
SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiOpenDevRegKey
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInfo
SetupDiOpenDeviceInfoW

user32

EnumPropsA
DlgDirListComboBoxA

kernel32

BackupRead
GetLastError
AddConsoleAliasA
VirtualAlloc

wininet

InternetGetCookieW

esent

JetBackup

crypt32

CryptProtectData
CryptMsgUpdate
CertCreateCertificateContext
CryptSignMessage
CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CertDuplicateCertificateChain
CryptStringToBinaryW
CertDuplicateCertificateContext
CertGetNameStringW
CertGetCertificateContextProperty
CertAddCertificateContextToStore
CertCloseStore
CryptVerifyDetachedMessageSignature
CertOpenStore
CryptDecodeObject
CryptBinaryToStringW
CertGetEnhancedKeyUsage
CertGetCertificateChain
CryptMsgClose
CertFindCertificateInStore
CertCompareCertificate
CertFindExtension
CertVerifySubjectCertificateContext
CertFreeCertificateChain
CryptMsgOpenToDecode

shell32

DragQueryFileW
ExtractIconW
SHAppBarMessage
SHFileOperationW
Shell_NotifyIconW

credui

CredUIParseUserNameW
CredUIPromptForCredentialsW

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

msimg32

GradientFill

cryptui

CryptUIDlgViewCertificateW

winmm

waveOutGetVolume
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutWrite
waveOutSetVolume
waveOutOpen
waveOutGetPitch
waveOutClose
waveOutReset

secur32

FreeCredentialsHandle
DecryptMessage
GetUserNameExW
QuerySecurityPackageInfoW
AcquireCredentialsHandleW
DeleteSecurityContext
InitializeSecurityContextW
FreeContextBuffer
EncryptMessage

ws2_32

WSALookupServiceEnd
WSALookupServiceBeginW
WSALookupServiceNextW
freeaddrinfo
WSANSPIoctl
WSAIoctl
getaddrinfo

urlmon

CopyStgMedium

rpcrt4

NdrOleAllocate
MesDecodeBufferHandleCreate
NdrDllGetClassObject
NdrCStdStubBuffer_Release
CStdStubBuffer_Connect
MesHandleFree
CStdStubBuffer_Invoke
NdrDllRegisterProxy
NdrDllCanUnloadNow
IUnknown_QueryInterface_Proxy
NdrMesTypeFree2
CStdStubBuffer_DebugServerRelease
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
NdrDllUnregisterProxy
NdrMesTypeDecode2
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_Disconnect
NdrOleFree
MesEncodeDynBufferHandleCreate
NdrMesTypeEncode2

iphlpapi

GetBestInterfaceEx

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 400KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c2f4b14917c261c97cce20d5669405a5

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

user32

kernel32

wininet

esent

crypt32

shell32

credui

wtsapi32

msimg32

cryptui

winmm

secur32

ws2_32

urlmon

rpcrt4

iphlpapi

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 13KB - Virtual size: 12KB

.reloc Size: 512B - Virtual size: 28B

.rsrc Size: 22KB - Virtual size: 21KB

.idata Size: 4KB - Virtual size: 4KB

.data Size: 400KB - Virtual size: 1.8MB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 13KB - Virtual size: 12KB

.reloc
Size: 512B - Virtual size: 28B

.rsrc
Size: 22KB - Virtual size: 21KB

.idata
Size: 4KB - Virtual size: 4KB

.data
Size: 400KB - Virtual size: 1.8MB