b98fcb2cd1598cb4007930701711e8e3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b98fcb2cd1598cb4007930701711e8e3_JaffaCakes118
Size

406KB
MD5

b98fcb2cd1598cb4007930701711e8e3
SHA1

0c6983319b2f55003bb82ee5c80dfae8ded81d73
SHA256

949831f733f3251c360c8ed172651fc5a8967fb375624b814e3de3a0f5720768
SHA512

4c2f2bccab061e92c6877d4643c37c4b9efe15846d435c7d815132488429affeb13deecd3dcf40187be701ae12ff81729bd115c2aa2799b127533c488f11b96d
SSDEEP

6144:5N3BgYCUO6Jp7GOXfctx3C4VZG3+7YCUPvYxVAGeh4p38TZZCtbxsFxdJ6kSZ9B0:mQO5O0tx3Cj4dxVA1ha38FZysF7J6dW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b98fcb2cd1598cb4007930701711e8e3_JaffaCakes118

Files

b98fcb2cd1598cb4007930701711e8e3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d0fcc21933f73e0126a5b9d5d7b5fa0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

certcli

CAFindCertTypeByName
CAGetCACertificate
CAEnumFirstCA
CAGetCertTypeProperty
CAGetCertTypeExtensions
CAGetCertTypePropertyEx
CAGetCertTypeFlags
CACountCAs
CAFreeCertTypeProperty
CACloseCA
CAFreeCAProperty
CAEnumCertTypes
CACloseCertType
CAEnumNextCA
CAGetCAProperty
CAEnumNextCertType

wintrust

WTHelperGetFileHash

crypt32

CertFreeCertificateChain
CertDuplicateCRLContext
CertAddCTLContextToStore
CryptMsgUpdate
CertAddSerializedElementToStore
CertEnumCertificatesInStore
CryptDecodeObject
CertNameToStrW
CertFindCertificateInStore
CertAddCertificateContextToStore
CryptMsgOpenToDecode
CryptFindCertificateKeyProvInfo
CertEnumSystemStore
CertFindCTLInStore
CryptMsgGetParam
CertGetSubjectCertificateFromStore
CryptUnregisterOIDInfo
CertEnumCTLsInStore
CertFreeCTLContext
CertDeleteCRLFromStore
CertGetEnhancedKeyUsage
CertEnumPhysicalStore
CertFindExtension
CertCloseStore
CertDuplicateCTLContext
CertGetCertificateContextProperty
CertControlStore
CryptMsgClose
CryptFindLocalizedName
CryptFindOIDInfo
CertGetCRLFromStore
CertGetCertificateChain
CryptMsgEncodeAndSignCTL
CertGetNameStringW
CertGetStoreProperty
CertFreeCertificateContext
CertCompareCertificate
CertEnumCRLsInStore
CertFreeCRLContext
CryptEnumOIDInfo
CertDeleteCertificateFromStore
CryptQueryObject
CertGetCTLContextProperty
CertAddStoreToCollection
CertOpenStore
CertAddCRLContextToStore
CertDuplicateCertificateContext
CertDeleteCTLFromStore
CertSetCertificateContextProperty
CertAddEncodedCTLToStore

advpack

AdvInstallFile

kernel32

GetComputerNameW
IsBadWritePtr
LeaveCriticalSection
LoadLibraryW
GetDateFormatW
GetCurrentThreadId
lstrcmpiW
SystemTimeToFileTime
CompareStringW
IsBadReadPtr
GetCurrentProcess
CreateFileW
SetUnhandledExceptionFilter
GetCommandLineW
lstrcpyW
ReadFile
OutputDebugStringA
FreeLibrary
UnhandledExceptionFilter
lstrlenW
GetShortPathNameW
GetVersionExW
GetProcAddress
FileTimeToSystemTime
GetSystemTime
TerminateProcess
GetModuleHandleW
WaitForSingleObject
GetModuleHandleA
EnterCriticalSection
FileTimeToLocalFileTime
CreateFileMappingW
QueryPerformanceCounter
GetFileTime
CompareFileTime
LocalFree
GetTickCount
GetWindowsDirectoryW
MultiByteToWideChar
SetEvent
CreateEventW
GetCurrentProcessId
GetFileSizeEx
GetSystemWindowsDirectoryW
GlobalFree
LocalAlloc
MapViewOfFile
lstrcpynW
InterlockedDecrement
InitializeCriticalSection
UnmapViewOfFile
MapViewOfFileEx
CloseHandle
GetUserDefaultLangID
GlobalUnlock
LoadResource
GlobalAlloc
InterlockedIncrement
FindResourceW
GetFileSize
GetModuleFileNameW
SetLastError
GetLastError
FormatMessageW
GetComputerNameExW
LoadLibraryA
VirtualAlloc
ResetEvent
GlobalLock
OpenEventW
GetSystemTimeAsFileTime
DeleteCriticalSection

ntdsapi

DsBindW
DsUnBindW
DsCrackNamesW
DsFreeNameResultW

gdi32

DeleteObject
CreateFontIndirectW
GetDeviceCaps

user32

GetClientRect
InvalidateRect
GetDC
GetParent
ShowWindow
EnumPropsA
SetWindowsHookExW
PostMessageW
EnableMenuItem
LoadStringW
GetDlgCtrlID
SendDlgItemMessageW
GetDlgItem
SetMenu
DialogBoxParamW
wsprintfW
UnhookWindowsHookEx
GetMenu
LoadIconW
ReleaseDC
GetSystemMetrics
DestroyIcon
DlgDirListA
RegisterClipboardFormatW
GetCursorPos
MessageBoxW
SendMessageW
LoadBitmapW
WinHelpW
SystemParametersInfoW
LoadMenuW
GetWindowLongW
GetSubMenu
ScreenToClient
SetWindowLongW
GetSysColor
ChildWindowFromPointEx
GetWindowRect

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 346KB - Virtual size: 345KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d0fcc21933f73e0126a5b9d5d7b5fa0b

Headers

DLL Characteristics

File Characteristics

Imports

version

certcli

wintrust

crypt32

advpack

kernel32

ntdsapi

gdi32

user32

Sections

.text Size: 1KB - Virtual size: 1KB

.data Size: 11KB - Virtual size: 2.4MB

.rdata Size: 346KB - Virtual size: 345KB

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 39KB - Virtual size: 39KB

.reloc Size: 512B - Virtual size: 28B

.text
Size: 1KB - Virtual size: 1KB

.data
Size: 11KB - Virtual size: 2.4MB

.rdata
Size: 346KB - Virtual size: 345KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 39KB - Virtual size: 39KB

.reloc
Size: 512B - Virtual size: 28B