8a69ec65134386b4bf8d7db9e02f253a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8a69ec65134386b4bf8d7db9e02f253a_JaffaCakes118
Size

56KB
MD5

8a69ec65134386b4bf8d7db9e02f253a
SHA1

87c5a59ae08e73ecec64517dd06fc070c87fcd3d
SHA256

eb38b8ee4fe24d7d879191a7af888b610e22d4878505570301021aef3878161f
SHA512

b11e31cef5daf612eb8f6f78692c45d9ab761385737bc248edbd64d9cdd7f3f2e9fa63f362e44f1c8fd4c33eca14d22882b2692e9d56b722d862816f974adfbd
SSDEEP

768:ID2geRIVRs8eKI7iwHVeHZ06Wkluzv5WNY48KBUil22Eo2Oew8D328D4DF:o2xRKRs8XyVeHZ06lW5WNYIuiUjOJ5F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8a69ec65134386b4bf8d7db9e02f253a_JaffaCakes118

Files

8a69ec65134386b4bf8d7db9e02f253a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7dd03c840b966e11d3b8f06838d30234

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

DeviceIoControl
LoadLibraryExA
GetProcAddress
LoadLibraryA
VirtualProtect
GetCurrentThread
SetThreadContext
SetConsoleCP
OpenSemaphoreW
GetLastError
CreateProcessA
CreateProcessA
LoadLibraryExA
LoadLibraryA
CreateProcessA
WaitForSingleObject
GetStartupInfoW
GetStartupInfoW
CreateProcessW
LoadLibraryExW
DeviceIoControl
TerminateProcess
ReadProcessMemory
LoadLibraryA
CreateProcessA
SleepEx
DeviceIoControl
CreateProcessA
LoadLibraryExA
GetStartupInfoA
LoadLibraryExA
DeviceIoControl
VirtualProtectEx
LoadLibraryExA
ReadFile
ReadProcessMemory
WriteProcessMemory
CreateFileA
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObjectEx
LoadLibraryExW
WaitForSingleObjectEx
Sleep
TerminateProcess
TerminateProcess
GetStartupInfoA
ReleaseMutex
WaitForSingleObjectEx
TerminateProcess
GetSystemTime
LoadLibraryExA
LoadLibraryA
ReleaseMutex
GetStartupInfoW
WaitForSingleObjectEx
WriteProcessMemory
SleepEx
SleepEx
ReleaseMutex
WaitForSingleObject
LoadLibraryExW
GetStartupInfoA
LoadLibraryA
DeviceIoControl
CreateFileA
DeviceIoControl
GetStartupInfoA
LoadLibraryA
CreateProcessW
LoadLibraryExW
VirtualProtect
WaitForSingleObject
WaitForSingleObjectEx
DeviceIoControl
GetSystemTimeAsFileTime
GetStartupInfoA
GetSystemTimeAsFileTime
ReadFile
ReadProcessMemory
WriteProcessMemory
ReleaseMutex
CreateProcessW
CreateProcessW
LoadLibraryA
ReleaseMutex
LoadLibraryExW
ReadFile
CreateProcessW
TerminateProcess
CreateFileA
SleepEx
DeviceIoControl
GetStartupInfoW
TerminateProcess
SleepEx
CreateFileA
GetStartupInfoW
ReadProcessMemory
GetStartupInfoA
GetSystemTimeAsFileTime
WaitForSingleObject
CreateFileA
ReadFile
LoadLibraryA
GetStartupInfoW
LoadLibraryA
GetStartupInfoA
CreateProcessW
WriteProcessMemory
GetStartupInfoW

wintrust

WTHelperGetProvSignerFromChain
WinVerifyTrust
OfficeCleanupPolicy
WintrustCertificateTrust
WintrustCertificateTrust
WTHelperGetProvSignerFromChain
WinVerifyTrust
WinVerifyTrust
WintrustCertificateTrust
WinVerifyTrust
TrustFreeDecode
WinVerifyTrust
WTHelperGetProvSignerFromChain
WintrustCertificateTrust
WinVerifyTrust
WTHelperGetProvSignerFromChain
WinVerifyTrust
WTHelperGetProvSignerFromChain
TrustFreeDecode
TrustFreeDecode
TrustFreeDecode
WintrustCertificateTrust
WTHelperGetProvSignerFromChain
WTHelperGetProvSignerFromChain
WinVerifyTrust
TrustFreeDecode
WintrustCertificateTrust
WintrustCertificateTrust
TrustFreeDecode
WTHelperGetProvSignerFromChain
WTHelperGetProvSignerFromChain
WintrustCertificateTrust
WinVerifyTrust
TrustFreeDecode
WintrustCertificateTrust
WinVerifyTrust
WintrustCertificateTrust
TrustFreeDecode
WintrustCertificateTrust
TrustFreeDecode
WintrustCertificateTrust
TrustFreeDecode
WinVerifyTrust
TrustFreeDecode
WTHelperGetProvSignerFromChain
TrustFreeDecode
WintrustCertificateTrust
TrustFreeDecode
WintrustCertificateTrust
WinVerifyTrust
WintrustCertificateTrust
TrustFreeDecode
TrustFreeDecode
TrustFreeDecode
WTHelperGetProvSignerFromChain
TrustFreeDecode
WintrustCertificateTrust
WinVerifyTrust
WintrustCertificateTrust
WTHelperGetProvSignerFromChain
TrustFreeDecode
WintrustCertificateTrust
WTHelperGetProvSignerFromChain
TrustFreeDecode
WintrustCertificateTrust
WTHelperGetProvSignerFromChain
WintrustCertificateTrust
WTHelperGetProvSignerFromChain
TrustFreeDecode
TrustFreeDecode
WintrustCertificateTrust
WinVerifyTrust
WTHelperGetProvSignerFromChain
TrustFreeDecode
WinVerifyTrust
WinVerifyTrust
WinVerifyTrust
TrustFreeDecode
WintrustCertificateTrust
WTHelperGetProvSignerFromChain
WintrustCertificateTrust
WTHelperGetProvSignerFromChain
WintrustCertificateTrust
WTHelperGetProvSignerFromChain
WinVerifyTrust
WinVerifyTrust
TrustFreeDecode
WinVerifyTrust
WintrustCertificateTrust
TrustFreeDecode
WintrustCertificateTrust
WinVerifyTrust
TrustFreeDecode
TrustFreeDecode
WinVerifyTrust
WTHelperGetProvSignerFromChain
WintrustCertificateTrust
TrustFreeDecode
TrustFreeDecode
WintrustCertificateTrust
WTHelperGetProvSignerFromChain
WintrustCertificateTrust
WinVerifyTrust

Sections

.text
Size: 32KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7dd03c840b966e11d3b8f06838d30234

Headers

File Characteristics

Imports

kernel32

wintrust

Sections

.text Size: 32KB - Virtual size: 72KB

.data Size: 5KB - Virtual size: 8KB

.idata Size: 16KB - Virtual size: 16KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 32KB - Virtual size: 72KB

.data
Size: 5KB - Virtual size: 8KB

.idata
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 1KB - Virtual size: 1KB