aaa0584f85649ef7f9a547afd1730fa4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

aaa0584f85649ef7f9a547afd1730fa4_JaffaCakes118
Size

96KB
MD5

aaa0584f85649ef7f9a547afd1730fa4
SHA1

6eb4e6dfda36908dd899e212e2386c80594e2e5b
SHA256

c49cabf1bae723471abab97f2f12f89a2028967bd203df5526c0e90a25f128aa
SHA512

8cd05be80ecbf60c99555f7132c7683da18b73ecf063615318322d6b53a5e3efed49bb107fd8a924e392cd153f26830045ab2d5ac81dbd1f5d095d52adf7d219
SSDEEP

1536:6A+cuGRLZnYPMbWq16ZU9swN+zz/fSCHuYlosS+jMW0G:v+LGjnYMbj1YUqzmwllTS+jn0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aaa0584f85649ef7f9a547afd1730fa4_JaffaCakes118

Files

aaa0584f85649ef7f9a547afd1730fa4_JaffaCakes118
.dll windows:5 windows x86 arch:x86

80f0e5023141084b77b90c5b685d6f19

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\hudson\jobs\Win11\workspace\win11\installer\CustomActions\bin\Release\enca.pdb

Imports

msi

ord124
ord17
ord103
ord74
ord80
ord145
ord73
ord158
ord125
ord8
ord163
ord118
ord160
ord159
ord32
ord49
ord64

shell32

SHGetSpecialFolderPathW
ord165
SHFileOperationW

shlwapi

PathRemoveBackslashW
PathIsRootW
PathFileExistsW
SHDeleteKeyW
SHCopyKeyW
PathCombineW
PathAppendW

kernel32

GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetVersion
GetLastError
LoadLibraryW
GetProcAddress
FreeLibrary
RemoveDirectoryW
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesW
DeleteFileW
WriteConsoleW
TerminateProcess
CloseHandle
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapSize
HeapFree
GlobalFindAtomW
GlobalDeleteAtom
SetLastError
GlobalAddAtomW
GetTickCount
GetConsoleCP
SetFilePointer
GetLocaleInfoA
CreateFileA
FlushFileBuffers
OpenProcess
GetStringTypeW
GetStringTypeA
LCMapStringA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
WriteFile
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapDestroy
GetCurrentProcess
HeapCreate
CreateProcessW
CreateFileW
DeviceIoControl
CreateDirectoryW
lstrcpyW
LocalFree
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW

user32

CharNextW
SendMessageTimeoutW
FindWindowW
EnumWindows
RegisterWindowMessageW
wsprintfW
GetWindowThreadProcessId

advapi32

CreateProcessAsUserW
GetLengthSid
SetTokenInformation
ConvertStringSidToSidW
DuplicateTokenEx
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyW
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegCreateKeyExW

psapi

GetModuleBaseNameW
EnumProcessModules
EnumProcesses

Exports

Exports

AdjustShortcutFolderWithBranding
AdjustShortcutsWithBranding
ClearPrivateData
ExitEvernoteApplications
Link35
RestoreRegistry
RunClipperUnelevated
RunEvernoteUnelevated
SaveCustomDBPath
SaveEN35Link
SetPendingReboot
SetShowEULA
Unlink35

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

80f0e5023141084b77b90c5b685d6f19

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msi

shell32

shlwapi

kernel32

user32

advapi32

psapi

Exports

Exports

Sections

.text Size: 63KB - Virtual size: 62KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 4KB - Virtual size: 15KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 63KB - Virtual size: 62KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 4KB - Virtual size: 15KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 7KB - Virtual size: 7KB