8db37bbe002c0b6334bcb19a3c89f074_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8db37bbe002c0b6334bcb19a3c89f074_JaffaCakes118
Size

442KB
MD5

8db37bbe002c0b6334bcb19a3c89f074
SHA1

ecf075abf8e54830685f6e94bceedb14c9ef56eb
SHA256

defe89808ca9f8a36ad265815536855fe4c53a2781cb31380d5d8bad08e7ef3f
SHA512

6f0dc1557829f78fd3741276c42c765f37377a6ae953e6585c21279dbf4a40d6f25d4fa9be4b911c7f490b87db97c173b7e150b429301f65f34c05c092309322
SSDEEP

12288:noLgNHM7o6a1OljhLFHACqcBufFlz/ER08Ho7/If1PC/:jNHMPAhBFlKozE1PI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8db37bbe002c0b6334bcb19a3c89f074_JaffaCakes118

Files

8db37bbe002c0b6334bcb19a3c89f074_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c2f4b14917c261c97cce20d5669405a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiOpenClassRegKeyExW
SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiOpenDevRegKey
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInfo
SetupDiOpenDeviceInfoW

user32

EnumPropsA
DlgDirListComboBoxA

kernel32

BackupRead
GetLastError
AddConsoleAliasA
VirtualAlloc

wininet

InternetGetCookieW

esent

JetBackup

crypt32

CryptProtectData
CryptMsgUpdate
CertCreateCertificateContext
CryptSignMessage
CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CertDuplicateCertificateChain
CryptStringToBinaryW
CertDuplicateCertificateContext
CertGetNameStringW
CertGetCertificateContextProperty
CertAddCertificateContextToStore
CertCloseStore
CryptVerifyDetachedMessageSignature
CertOpenStore
CryptDecodeObject
CryptBinaryToStringW
CertGetEnhancedKeyUsage
CertGetCertificateChain
CryptMsgClose
CertFindCertificateInStore
CertCompareCertificate
CertFindExtension
CertVerifySubjectCertificateContext
CertFreeCertificateChain
CryptMsgOpenToDecode

shell32

DragQueryFileW
ExtractIconW
SHAppBarMessage
SHFileOperationW
Shell_NotifyIconW

credui

CredUIParseUserNameW
CredUIPromptForCredentialsW

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

msimg32

GradientFill

cryptui

CryptUIDlgViewCertificateW

winmm

waveOutGetVolume
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutWrite
waveOutSetVolume
waveOutOpen
waveOutGetPitch
waveOutClose
waveOutReset

secur32

FreeCredentialsHandle
DecryptMessage
GetUserNameExW
QuerySecurityPackageInfoW
AcquireCredentialsHandleW
DeleteSecurityContext
InitializeSecurityContextW
FreeContextBuffer
EncryptMessage

ws2_32

WSALookupServiceEnd
WSALookupServiceBeginW
WSALookupServiceNextW
freeaddrinfo
WSANSPIoctl
WSAIoctl
getaddrinfo

urlmon

CopyStgMedium

rpcrt4

NdrOleAllocate
MesDecodeBufferHandleCreate
NdrDllGetClassObject
NdrCStdStubBuffer_Release
CStdStubBuffer_Connect
MesHandleFree
CStdStubBuffer_Invoke
NdrDllRegisterProxy
NdrDllCanUnloadNow
IUnknown_QueryInterface_Proxy
NdrMesTypeFree2
CStdStubBuffer_DebugServerRelease
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
NdrDllUnregisterProxy
NdrMesTypeDecode2
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_Disconnect
NdrOleFree
MesEncodeDynBufferHandleCreate
NdrMesTypeEncode2

iphlpapi

GetBestInterfaceEx

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 400KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c2f4b14917c261c97cce20d5669405a5

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

user32

kernel32

wininet

esent

crypt32

shell32

credui

wtsapi32

msimg32

cryptui

winmm

secur32

ws2_32

urlmon

rpcrt4

iphlpapi

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 13KB - Virtual size: 12KB

.reloc Size: 512B - Virtual size: 28B

.rsrc Size: 22KB - Virtual size: 21KB

.idata Size: 4KB - Virtual size: 4KB

.data Size: 400KB - Virtual size: 1.8MB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 13KB - Virtual size: 12KB

.reloc
Size: 512B - Virtual size: 28B

.rsrc
Size: 22KB - Virtual size: 21KB

.idata
Size: 4KB - Virtual size: 4KB

.data
Size: 400KB - Virtual size: 1.8MB