ae608e4e555896c704c9285a44dc1187_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ae608e4e555896c704c9285a44dc1187_JaffaCakes118
Size

385KB
MD5

ae608e4e555896c704c9285a44dc1187
SHA1

b85895c01bd16aee9395d502ffe7202d162e8fbb
SHA256

6533f96c26b8b7a5798845652b395d50ffadbf21080da56bf97bf6f25f434b38
SHA512

56c279fc62b8dec3f339ac81facd6b3a966fc77abff1d5fa500524258f36a613d26cdbb93dfc1859cfe5559aa35705d59bded02eb093c5ac473f22f5acf3c2dc
SSDEEP

12288:+LbSgqEd7BLOmIJvlIwLXRD5xZn6Lf3CxeT7ly5eLMYn:augdBSttyw1XIrMOxywh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ae608e4e555896c704c9285a44dc1187_JaffaCakes118

Files

ae608e4e555896c704c9285a44dc1187_JaffaCakes118
.exe windows:3 windows x86 arch:x86

d14d6c9c5317e9f19c24cd4345418235

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cryptui

CryptUIGetViewSignaturesPagesA
LocalEnrollNoDS
CryptUIDlgViewCTLA
CryptUIWizImport
CryptUIDlgSelectCertificateFromStore
CryptUIDlgSelectStoreA
CryptUIWizSubmitCertRequestNoDS
CryptUIFreeViewSignaturesPagesA
DllUnregisterServer
CryptUIWizCertRequest
CryptUIDlgViewCRLA
DllRegisterServer
CryptUIWizExport
CryptUIWizCreateCertRequestNoDS
I_CryptUIProtectFailure
CryptUIDlgViewCertificateA
CryptUIFreeCertificatePropertiesPagesA
EnrollmentCOMObjectFactory_getInstance
CryptUIWizDigitalSign
WizardFree
CryptUIStartCertMgr
CryptUIDlgCertMgr
RetrievePKCS7FromCA
ACUIProviderInvokeUI
LocalEnroll
CryptUIWizBuildCTL
CryptUIDlgSelectCertificateA
CryptUIGetCertificatePropertiesPagesA
CryptUIDlgViewCertificatePropertiesA
CryptUIDlgViewSignerInfoA
CryptUIDlgViewContext
CryptUIDlgSelectCA
CryptUIDlgFreeCAContext
CryptUIWizFreeCertRequestNoDS
CryptUIWizQueryCertRequestNoDS
I_CryptUIProtect
CryptUIWizFreeDigitalSignContext

user32

DispatchMessageA
CreateWindowExA
SetWindowPos
CheckRadioButton
TranslateAcceleratorA
ShowWindow
TranslateMessage
OffsetRect
UpdateWindow
GetDlgItem
GetSysColorBrush
LoadMenuA
ScreenToClient
PostQuitMessage
SetDlgItemInt
IsChild
GetClipboardData
ChildWindowFromPoint
MessageBoxA
BeginPaint
SystemParametersInfoA
GetSubMenu
GetWindowLongA
DestroyWindow
DrawTextA
SetWindowLongA
GetWindowRect
SetCursor
GetDlgCtrlID
WinHelpA
SetDlgItemTextA
LoadAcceleratorsA
GetWindowTextA
MapWindowPoints
GetProcessDefaultLayout
CharNextA
GetDesktopWindow
CreateDialogParamA
LoadCursorA
EndDialog
SetProcessDefaultLayout
DialogBoxParamA
InvalidateRect
CheckDlgButton
SendMessageA
EndPaint
SetMenu
MessageBeep
EnableMenuItem
CloseClipboard
TrackPopupMenuEx
LoadIconA
GetSysColor
CallWindowProcA
GetMenu
OpenClipboard
IsDialogMessageA
DefWindowProcA
IsClipboardFormatAvailable
RegisterClassExA
HideCaret
DestroyMenu
SetWindowTextA
GetMessageA
SetFocus
LoadStringA
CheckMenuItem
CheckMenuRadioItem
GetClientRect
EnableWindow

kernel32

ReadFile
GetSystemTimeAdjustment
GetProcessHeap
IsBadStringPtrA
lstrcmpA
GetNamedPipeHandleStateA
GetProcessHeaps
DosDateTimeToFileTime
WriteFileGather
InterlockedPopEntrySList
GetSystemTimes
GetSystemTime
lstrcpynA
SetFilePointerEx
GetFileAttributesA
TransactNamedPipe
lstrcmpiA
FreeEnvironmentStringsA
WaitNamedPipeA
InterlockedDecrement
GetFileAttributesExA
ExpandEnvironmentStringsA
SystemTimeToFileTime
ReadFileScatter
WriteFile
GetNamedPipeInfo
InterlockedIncrement
CallNamedPipeA
lstrcatA
GetLocalTime
VirtualAlloc
HeapAlloc
GetModuleHandleA
ConnectNamedPipe
InterlockedPushEntrySList
SetFirmwareEnvironmentVariableA
InterlockedExchange
CloseHandle
CreateFileA
WriteFileEx
FileTimeToSystemTime
HeapSize
GetFileTime
FileTimeToLocalFileTime
PeekNamedPipe
lstrlenA
GetStringTypeA
GetEnvironmentStringsA
SetNamedPipeHandleState
GetEnvironmentVariableA
SetFilePointer
GetFirmwareEnvironmentVariableA
CompareStringA
GetSystemTimeAsFileTime
VirtualFree
FileTimeToDosDateTime
lstrcpyA
InterlockedCompareExchange
DeleteFileA
DisconnectNamedPipe
GetStringTypeExA
InterlockedFlushSList
SetEnvironmentVariableA
InterlockedExchangeAdd
ReadFileEx

advpack

IsNTAdmin
DoInfInstall
UserUnInstStubWrapper
UserInstStubWrapper
ExtractFiles
AddDelBackupEntry
FileSaveRestore
LaunchINFSectionEx
LaunchINFSection
RegSaveRestore
NeedRebootInit
RegSaveRestoreOnINF
RegisterOCX
DelNode
RegRestoreAll
GetVersionFromFile
CloseINFEngine
AdvInstallFile
OpenINFEngine
GetVersionFromFileEx
DelNodeRunDLL32
TranslateInfStringEx
FileSaveRestoreOnINF
RegInstall
TranslateInfString
SetPerUserSecValues
FileSaveMarkNotExist
RunSetupCommand
RebootCheckOnInstall
NeedReboot
ExecuteCab

Sections

.text
Size: 279KB - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 716KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d14d6c9c5317e9f19c24cd4345418235

Headers

DLL Characteristics

File Characteristics

Imports

cryptui

user32

kernel32

advpack

Sections

.text Size: 279KB - Virtual size: 279KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 96KB - Virtual size: 716KB

.text
Size: 279KB - Virtual size: 279KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 96KB - Virtual size: 716KB