8437a94ec2f1575a92b9e0120dfd6fee_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8437a94ec2f1575a92b9e0120dfd6fee_JaffaCakes118
Size

179KB
MD5

8437a94ec2f1575a92b9e0120dfd6fee
SHA1

8e9b8c5bcb73394b79affee52e6fb747a8ed7d23
SHA256

e547ccdbb90d4c82fe83452d3a865e59e82ca3ec36ee622a40877934ffa07f7e
SHA512

48df5a485b2d6d1137a7288d67c90f686f1d10d3494c42eeb9ae3af8c7d3e80ae184b57483763d9fe91e1966a6898382c35faa55819d24de2a99d60f19dec04d
SSDEEP

3072:H3LEBAHGwuJ6q9VwUw5wi8KVQbeElo1cx0tfJzLClv6Yjw5qm9oJl3HtmSKu:XLE6GHHVwJL5h9JzL0voT9cH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8437a94ec2f1575a92b9e0120dfd6fee_JaffaCakes118

Files

8437a94ec2f1575a92b9e0120dfd6fee_JaffaCakes118
.exe windows:5 windows x86 arch:x86

04c656e95a9429dd2ea5412c9029ffec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

FlatSB_SetScrollRange
FlatSB_EnableScrollBar
PropertySheetA
CreatePropertySheetPage
ImageList_DragLeave
ImageList_GetFlags
MakeDragList
ShowHideMenuCtl
ImageList_GetImageInfo
DrawStatusText
ImageList_Read
CreateUpDownControl
ImageList_DragEnter
ImageList_AddMasked
ImageList_GetDragImage
ImageList_ReplaceIcon
DllGetVersion
FlatSB_GetScrollProp
ImageList_DragShowNolock
ImageList_LoadImage
PropertySheet
ImageList_Write
DrawStatusTextA
ImageList_DrawIndirect
CreateMappedBitmap
PropertySheetW
ImageList_SetImageCount
InitCommonControlsEx
ImageList_GetIconSize
DrawStatusTextW
FlatSB_GetScrollPos
ImageList_GetImageRect
ImageList_Merge
FlatSB_SetScrollPos
CreateStatusWindow

atmlib

ATMGetPostScriptNameA
ATMRemoveSubstFontA
ATMMakePSSW
ATMBBoxBaseXYShowTextA
ATMSelectObject
ATMGetFontInfoW
ATMGetVersionEx
ATMGetGlyphList
ATMGetVersionExW
ATMForceFontChange
ATMGetGlyphListA
ATMEnumFontsA
ATMFontAvailableW
ATMFontStatusA
ATMFontSelected
ATMEnumFontsW
ATMEnumMMFontsA
ATMBeginFontChange
ATMGetVersion
ATMXYShowText
ATMBBoxBaseXYShowTextW
ATMEndFontChange
ATMFontStatusW
ATMAddFontExW
ATMGetBuildStr
ATMGetNtmFieldsW
ATMMakePFM
ATMGetOutlineA
ATMMakePSSA
ATMGetBuildStrW
ATMAddFontEx
ATMGetVersionExA
ATMClient
ATMGetFontBBox
ATMGetPostScriptNameW

kernel32

HeapSummary
GetProcessShutdownParameters
SetConsoleTitleA
BaseFlushAppcompatCache
GetCurrentProcessId
EnumSystemCodePagesW
HeapQueryInformation
FindClose
ScrollConsoleScreenBufferW
RemoveDirectoryW
LockFileEx
SetSystemTimeAdjustment
GetTimeZoneInformation
AddLocalAlternateComputerNameA
EnumResourceLanguagesA
FindNextFileA
LocalFlags
GetFirmwareEnvironmentVariableW
VirtualAlloc
GetFileSize
FindNextVolumeMountPointA
LoadLibraryA
EnumSystemLanguageGroupsA
FindFirstChangeNotificationW
AddAtomA
Process32Next
DisconnectNamedPipe
CreateWaitableTimerW
OutputDebugStringA
QueryPerformanceCounter
ReadFileEx
SetComputerNameA
ClearCommError
HeapDestroy
BaseInitAppcompatCacheSupport
WritePrivateProfileSectionA
AreFileApisANSI
BaseUpdateAppcompatCache
GetLongPathNameW
GetVolumeNameForVolumeMountPointA
SetConsoleMenuClose
SetCommConfig
LoadLibraryExW
GetOEMCP
FileTimeToLocalFileTime
GetWriteWatch
LZRead
GetACP
GetTempPathA
lstrcat
GetProcessVersion
CompareFileTime
WritePrivateProfileStringW
Heap32First
EnumDateFormatsExW
FindFirstFileExA
CreateMemoryResourceNotification
GetSystemDefaultUILanguage
GlobalUnfix
TryEnterCriticalSection
GetStringTypeW
GetThreadPriority
GetDiskFreeSpaceA
WriteConsoleA
GetPrivateProfileSectionW
GetConsoleAliasA
GlobalGetAtomNameA
WriteProfileSectionA
SetFileApisToOEM
GetProfileIntW
IsProcessorFeaturePresent
SetConsoleCursor
IsBadHugeWritePtr
GetEnvironmentStringsW
LCMapStringW

oleaut32

VarI8FromUI1
VarCyCmpR8
DosDateTimeToVariantTime
VarDateFromI4
VarR4FromCy
VarDecFromR4
VarR8FromUI1
CreateDispTypeInfo
SafeArrayDestroyData
VarDecFromI2
DllGetClassObject
VarUI8FromI2
VarBoolFromCy
VarDateFromDec
VarUI4FromUI2
VarDecDiv
VarCat
VARIANT_UserUnmarshal
SafeArrayDestroy
VarDateFromDisp
VarUI1FromI1
VarIdiv
VarUI8FromR4
VarDateFromUI4
SysFreeString
VarCyFromR4
VarDecFromUI1
UnRegisterTypeLib
VarUI4FromI4
VarDecFromBool
VarCyNeg
DispCallFunc
VARIANT_UserMarshal
VarI1FromDec
BstrFromVector
VarFormatCurrency
SafeArraySetIID
VarCyAbs
VarUI8FromI1
VarUI4FromI8
CreateTypeLib
VarI4FromUI2
DispGetIDsOfNames
VarDecFromI4

msvcrt40

??_Efilebuf@@UAEPAXI@Z
_wtmpnam
?bitalloc@ios@@SAJXZ
ispunct
_ismbbkana
sqrt
_aexit_rtn
??1__non_rtti_object@@UAE@XZ
_wpopen
?fill@ios@@QBEDXZ
_wsearchenv
_fpclass
?rdbuf@strstream@@QBEPAVstrstreambuf@@XZ
__unDName
wcscoll
printf
??_8iostream@@7Bostream@@@
feof
??_8ofstream@@7B@
wcslen
??5istream@@QAEAAV0@AAO@Z
abort
malloc
strcmp
_spawnle
_chsize
_fileno
_adj_fdivr_m16i
memcpy
putwc
cosh
??4ios@@IAEAAV0@ABV0@@Z
_wchdir
??_7exception@@6B@
_adj_fdiv_m32i
isgraph
_CIcos
??_7istrstream@@6B@
iscntrl
?sync@stdiobuf@@UAEHXZ
?terminate@@YAXXZ
isupper
tmpnam
_fgetwchar
_execvpe

wintrust

SoftpubFreeDefUsageCallData
TrustDecode
CatalogCompactHashDatabase
WVTAsn1CatNameValueEncode
CryptSIPGetInfo
SoftpubAuthenticode
WintrustGetRegPolicyFlags
WTHelperProvDataFromStateData
CryptCATOpen
CryptCATCatalogInfoFromContext
WVTAsn1SpcStatementTypeDecode
WVTAsn1SpcLinkEncode
WintrustLoadFunctionPointers
WVTAsn1SpcMinimalCriteriaInfoDecode
IsCatalogFile
WTHelperGetProvPrivateDataFromChain
SoftpubCheckCert
WVTAsn1SpcPeImageDataDecode
CryptCATAdminEnumCatalogFromHash
CryptCATCDFOpen
AddPersonalTrustDBPages
SoftpubLoadSignature
CryptCATCDFEnumCatAttributes
WTHelperGetProvCertFromChain
CryptCATAdminReleaseCatalogContext
SoftpubDefCertInit
WinVerifyTrustEx
WVTAsn1SpcSpOpusInfoEncode
CryptSIPGetSignedDataMsg
WVTAsn1CatMemberInfoEncode
SoftpubLoadMessage
mssip32DllUnregisterServer
HTTPSFinalProv
CryptCATAdminRemoveCatalog
CryptCATCDFEnumMembersByCDFTag
OpenPersonalTrustDBDialog
WintrustCertificateTrust
SoftpubCleanup
CryptCATAdminCalcHashFromFileHandle
WTHelperGetKnownUsages
WTHelperGetAgencyInfo

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

04c656e95a9429dd2ea5412c9029ffec

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

atmlib

kernel32

oleaut32

msvcrt40

wintrust

Sections

.text Size: 89KB - Virtual size: 89KB

.rdata Size: 38KB - Virtual size: 38KB

.data Size: 45KB - Virtual size: 241KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 89KB - Virtual size: 89KB

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 45KB - Virtual size: 241KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 1024B