b24b402f60b81d76a3e8ba49988e41dc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b24b402f60b81d76a3e8ba49988e41dc_JaffaCakes118
Size

847KB
MD5

b24b402f60b81d76a3e8ba49988e41dc
SHA1

4d2a078931ac595126aacd1e96468725d8dad59f
SHA256

ee41345586e0bcdd39b78a86bd3f8ebad2d59733da472568fe34ff85e854a260
SHA512

5dcabd323748aa0218fcdce2d792bdfe88f8a4ca6e856e947924df836b2fb4314c10d6d48b68bf44b7755abcf2fe20071aea63ffe2ef3fb028c63503f293baf6
SSDEEP

12288:RgDAdRXYeHsYkUFMlKiG5puzocwv2XUWgsPO5OADutSZDY0LCS6+sfwFcdZAg7Q:Rg8dRIeDUKtpu8cFUCP0HLfcucdn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b24b402f60b81d76a3e8ba49988e41dc_JaffaCakes118

Files

b24b402f60b81d76a3e8ba49988e41dc_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6a1ab33c982d07f87b6506d088ab5908

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crtdll

_ismbblead
_CIlog
wcstol
qsort
fgetc
strncat
wcstombs
_XcptFilter
_getdrives
_getdcwd
_getdrive
_fcloseall
_j0
_osmode_dll
_tell
_snwprintf
div
_daylight_dll
fgetpos
wcsncpy
_mbclen

activeds

SecurityDescriptorToBinarySD
PropVariantToAdsType
AllocADsMem
ADsDecodeBinaryData
AdsTypeToPropVariant2
ADsEnumerateNext
ADsBuildVarArrayInt
AdsTypeToPropVariant
ReallocADsStr
PropVariantToAdsType2
ADsEncodeBinaryData
ADsFreeEnumerator
FreeADsMem
ConvertSecurityDescriptorToSecDes
ADsSetLastError

crypt32

CryptGetMessageCertificates
CertGetIssuerCertificateFromStore
CertVerifyCRLTimeValidity
I_CryptRemoveLruEntry
CertSetCertificateContextPropertiesFromCTLEntry
CryptDecryptMessage
CertSerializeCertificateStoreElement
CryptSIPRemoveSignedDataMsg
CryptUninstallDefaultContext
I_CryptAddSmartCardCertToStore
CryptRegisterDefaultOIDFunction
PFXVerifyPassword
CertDuplicateCertificateContext
CertGetEnhancedKeyUsage
CryptSignMessage
CryptDecryptAndVerifyMessageSignature
CryptSignAndEncryptMessage
CertAddCTLContextToStore
I_CryptUninstallAsn1Module
CryptEncodeObjectEx
CryptSIPGetSignedDataMsg
CertNameToStrA
I_CryptGetFileVersion

kernel32

GetConsoleCharType
TermsrvAppInstallMode
CallNamedPipeW
WriteProfileStringA
FindFirstFileExA
FindFirstChangeNotificationW
GetCPInfoExW
LoadLibraryA
SetUserGeoID
WritePrivateProfileSectionA
HeapCreate
GetThreadTimes
GlobalHandle
DeleteFileA
EnumUILanguagesW
GetConsoleFontInfo
UTRegister
LZOpenFileA
ClearCommError
VirtualAlloc
PulseEvent
GetBinaryTypeW
GetNamedPipeInfo
GetEnvironmentStringsW

Sections

.text
Size: 716KB - Virtual size: 716KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a1ab33c982d07f87b6506d088ab5908

Headers

DLL Characteristics

File Characteristics

Imports

crtdll

activeds

crypt32

kernel32

Sections

.text Size: 716KB - Virtual size: 716KB

.rdata Size: 124KB - Virtual size: 123KB

.data Size: 3KB - Virtual size: 1.5MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1012B

.text
Size: 716KB - Virtual size: 716KB

.rdata
Size: 124KB - Virtual size: 123KB

.data
Size: 3KB - Virtual size: 1.5MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1012B