786bb4c9ab49126929af1c80ed6fa3fe_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

786bb4c9ab49126929af1c80ed6fa3fe_JaffaCakes118
Size

61KB
MD5

786bb4c9ab49126929af1c80ed6fa3fe
SHA1

c33a9c19498cdea58919f01a64da3d54c98d6f77
SHA256

63721d1a8f689ee8b9e2dbb41b9c64f597d4a0d16236618d2babca13da9473b3
SHA512

74a3d51895da4cb44834e117a58252373e66ae0c3fb6cc2699d75c7d14fac4fdb62bbc2d3f271222acafeb50d686afe2f635917f0fc232225e6e24e764d8eaed
SSDEEP

1536:/oN2EwR9Pdj93LgzJZSFtkDF0xus8c3SPqfikQDgNg6xbM:/EY9dj90zAtkDgu0eibxbM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
786bb4c9ab49126929af1c80ed6fa3fe_JaffaCakes118

Files

786bb4c9ab49126929af1c80ed6fa3fe_JaffaCakes118
.exe windows:5 windows x86 arch:x86

def4688ea15e1f3b198843217d772689

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

certcli

CASetCAProperty
GetProxyDllInfo
CASetCAFlags
CAFindByCertType
CAFindByIssuerDN
CACertTypeAccessCheckEx
CACertTypeAccessCheck
CAEnumNextCA
CASetCertTypeProperty
CAGetCertTypeExpiration
CAGetCAFlags
CAAddCACertificateType
CASetCertTypeExpiration
CAGetCertTypeFlagsEx
CAFindByName
CACloneCertType
DllCanUnloadNow
CAUpdateCA
CACertTypeSetSecurity
CACountCAs
CASetCASecurity
CAOIDGetProperty
CAEnumCertTypesForCAEx
CACreateNewCA
CACountCertTypes
CAInstallDefaultCertType
DllGetClassObject
CAEnumFirstCA
CAGetCertTypeKeySpec
DllUnregisterServer
CASetCAExpiration
CAEnumCertTypesEx
CACreateCertType
CAGetCertTypeExtensions
CAUpdateCertType
CAGetCertTypeProperty
CASetCertTypeExtension
CACloseCertType
CAFreeCertTypeExtensions
CASetCACertificate
CAOIDFreeProperty
CACreateLocalAutoEnrollmentObject
CACloseCA
CAOIDFreeLdapURL
CAGetCASecurity
CAAccessCheck
CAOIDAdd

kernel32

AllocConsole
DosPathToSessionPathW
GetConsoleCursorInfo
GetSystemInfo
GetDefaultCommConfigA
GetStartupInfoA
GetMailslotInfo
InterlockedPushEntrySList
OpenSemaphoreA
DeleteAtom
LoadLibraryA
LocalShrink
SetLastError
GetHandleContext
SetConsoleHardwareState
GetNamedPipeHandleStateA
NlsGetCacheUpdateCount
GetWriteWatch
HeapCreate
CompareStringW
UnlockFileEx
SetFileShortNameW
GetEnvironmentVariableW
BuildCommDCBW
SetConsoleTitleA
GetVolumeNameForVolumeMountPointA
EnumResourceTypesA
VirtualAlloc
lstrcmpiA

resutils

ResUtilFindSzProperty
ResUtilGetMultiSzProperty
ResUtilGetPropertiesToParameterBlock
ResUtilSetBinaryValue
ResUtilGetResourceDependencyByName
ResUtilEnumProperties
ResUtilIsResourceClassEqual
ResUtilGetCoreClusterResources
ResUtilFindExpandSzProperty
ResUtilSetPrivatePropertyList
ResUtilVerifyService
ResUtilStopService
ResUtilFreeEnvironment
ResUtilFindMultiSzProperty
ResUtilResourceTypesEqual
ResUtilEnumResources
ResUtilGetResourceName
ResUtilFindDwordProperty
ResUtilResourcesEqual
ResUtilGetPropertyFormats
ResUtilGetDwordProperty
ResUtilFindBinaryProperty
ResUtilGetPropertySize
ResUtilSetUnknownProperties

gdi32

PtVisible
CreateMetaFileW
DdEntry41
GdiConvertMetaFilePict
EndFormPage
GdiGetBatchLimit
SetICMMode
CLIPOBJ_bEnum
PolyDraw
EudcUnloadLinkW
GetNearestColor
DeleteColorSpace
EngCreatePalette
GetCharWidthFloatW
GdiEntry10
EngCopyBits
EngCreateSemaphore
PolyPatBlt
CreateFontIndirectW
GdiCreateLocalEnhMetaFile
DrawEscape
EngStretchBltROP
UnrealizeObject

msvcrt

_ftime64
_fpreset
_sopen
_wstat64
_snwprintf
fputc
_onexit
wcsstr
vsprintf
_wctime
__p___winitenv
_wexecl
vfwprintf
_assert
_execvpe
puts
_get_sbh_threshold
_finite
___lc_handle_func
_spawnlp
_Getmonths
_wcslwr
_wspawnl
putwc
_cgetws
_adj_fdiv_r
_fgetwchar
srand
__p___initenv
?what@exception@@UBEPBDXZ
_pwctype
??_E__non_rtti_object@@UAEPAXI@Z
??_Ebad_cast@@UAEPAXI@Z
??9type_info@@QBEHABV0@@Z
__wcserror
_swab
??8type_info@@QBEHABV0@@Z
_wfopen
ferror
_mbsnccnt
calloc
_mbsnbcnt
__p__timezone
??_Eexception@@UAEPAXI@Z
_wcsdup
__set_app_type
atan2
??0__non_rtti_object@@QAE@PBD@Z
iswprint
exit
_tolower
__p__commode
__CxxExceptionFilter

wininet

FtpDeleteFileA
FtpRenameFileW
ResumeSuspendedDownload
UrlZonesDetach
InternetQueryDataAvailable
GetUrlCacheConfigInfoA
ShowCertificate
InternetCheckConnectionA
InternetSetDialStateA
InternetGetCookieExA
DeleteUrlCacheEntry
GetUrlCacheConfigInfoW
InternetGetCertByURL
RetrieveUrlCacheEntryStreamW
InternetFortezzaCommand
InternetReadFile
InternetSetStatusCallbackA
FtpFindFirstFileW
InternetAutodialHangup
RunOnceUrlCache
HttpCheckDavCompliance
InternetGoOnlineA
LoadUrlCacheContent

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

def4688ea15e1f3b198843217d772689

Headers

DLL Characteristics

File Characteristics

Imports

certcli

kernel32

resutils

gdi32

msvcrt

wininet

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 13KB - Virtual size: 70KB

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: 512B - Virtual size: 232B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 13KB - Virtual size: 70KB

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 512B - Virtual size: 232B