b8c6e52cf44b86472bcdb1e3db315603_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b8c6e52cf44b86472bcdb1e3db315603_JaffaCakes118
Size

866KB
MD5

b8c6e52cf44b86472bcdb1e3db315603
SHA1

2fb46d97454203a0026a5e8ade16a26bc5870410
SHA256

d12180e13a997d4bc60ad4cb5d70094b68c16eeb143508e21a7d34856efc86e4
SHA512

077a3ade9b1f8065851d3ca20005ba0de3033e9b80ef5bf2e7bb8508c47c92cc1fbfb7d444b2fadd768e7dca9891fb314190bca95173d4169d4bb8bb2df6201e
SSDEEP

24576:ikGCkdKXGIjklmgzh5foTsDqHkXCnbDSz0V:ikGpLnfzh5xDqHkY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b8c6e52cf44b86472bcdb1e3db315603_JaffaCakes118

Files

b8c6e52cf44b86472bcdb1e3db315603_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5debb96cda699e7b88bb7b252b13ed08

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertAddEncodedCertificateToStore
CryptEnumOIDFunction
CertGetCRLContextProperty
I_CryptGetLruEntryData
CryptGetOIDFunctionAddress
CertDeleteCTLFromStore
CertCompareCertificateName
RegEnumValueU
I_CryptFindLruEntry
CryptFormatObject
CryptSetOIDFunctionValue
CryptSIPVerifyIndirectData
CertControlStore
CryptEncodeObjectEx
I_CryptReadTrustedPublisherDWORDValueFromRegistry
CryptGetMessageCertificates
CertCloseStore
CryptStringToBinaryW
I_CryptGetDefaultCryptProvForEncrypt
CertNameToStrA
CertFreeCertificateContext
I_CryptEnableLruOfEntries
I_CryptSetTls
CertAddEncodedCertificateToSystemStoreA
CryptEncryptMessage
CryptMsgCountersign
CryptMsgOpenToEncode
CertAddStoreToCollection
I_CryptFindLruEntryData
I_CryptFlushLruCache
CertUnregisterSystemStore
CertGetEnhancedKeyUsage
CertCompareIntegerBlob

msoert2

CenterDialog
PVGetMsgParam
HrFindInetTimeZone
OpenFileStreamShareW
SzGetCertificateEmailAddress
HrGetMsgParam
IsUpper
FIsValidFileNameCharW
HrRewindStream
DeleteTempFile
HrCopyStreamCBEndOnCRLF
UlStripWhitespaceW
PszScanToCharA
CreateEnumFormatEtc
HrStreamToByte
CrackNotificationPackage
FBuildTempPathW
HrCopyStreamCB
FreeTempFileList
CreateDataObject
HrGetElementImpl
MessageBoxInst
PszScanToWhiteA
ChConvertFromHex
HrSafeGetStreamSize
CleanupGlobalTempFiles
HrBSTRToLPSZ
OpenFileStreamW
UlStripWhitespace
GetHtmlCharset
HrGetCertificateParam
CreateSystemHandleName
PszSkipWhiteA
HrGetBodyElement
CchFileTimeToDateTimeW
CleanupFileNameInPlaceW
CryptAllocFunc
HrCopyStream

wsock32

s_perror
inet_ntoa
gethostbyaddr
MigrateWinsockConfiguration
SetServiceW
recv
WSARecvEx
NPLoadNameSpaces
WSAAsyncGetProtoByNumber
gethostname
connect
EnumProtocolsA
GetAcceptExSockaddrs
getprotobyname
WSApSetPostRoutine
WSAIsBlocking
ioctlsocket
gethostbyname
EnumProtocolsW
GetServiceW
WSAAsyncGetHostByName
sendto
WSACancelAsyncRequest
recvfrom
AcceptEx
GetNameByTypeA
GetAddressByNameW
WSAAsyncGetServByPort
listen
WSACancelBlockingCall
TransmitFile
GetNameByTypeW
GetServiceA
inet_addr
WSAAsyncGetHostByAddr
__WSAFDIsSet

ntshrui

DllGetClassObject
IsPathSharedA
IsPathSharedW
IsFolderPrivateForUser
IsPathShared
GetLocalPathFromNetResource
GetNetResourceFromLocalPathW
SetFolderPermissionsForSharing
GetLocalPathFromNetResourceA
GetNetResourceFromLocalPathA
GetNetResourceFromLocalPath
GetLocalPathFromNetResourceW

gdi32

EnumFontFamiliesW
SetSystemPaletteUse
FillPath
CreatePalette
DdEntry25
CreateBrushIndirect
PlayEnhMetaFile
SetDCPenColor
GdiGradientFill
SetBitmapBits
DdEntry46
GdiGetLocalDC
XLATEOBJ_iXlate
LineTo
GetCurrentPositionEx
GetCharWidthFloatW
UpdateICMRegKeyW
RectInRegion
GetObjectType
CreateRectRgnIndirect
GdiAddFontResourceW
PtVisible
DdEntry0
GdiRealizationInfo
GetEnhMetaFileHeader
SetColorSpace
FixBrushOrgEx
ExtTextOutW
PaintRgn
CreateEllipticRgnIndirect
EngCreateClip
SetLayoutWidth
GdiQueryFonts
EngStrokePath
TranslateCharsetInfo
SetBoundsRect
GdiEndDocEMF
CopyEnhMetaFileA
EngStrokeAndFillPath
GetCharABCWidthsI
CreateCompatibleBitmap

kernel32

IsBadHugeReadPtr
FindResourceW
GetDevicePowerState
WriteConsoleA
SetEvent
lstrcpynW
CloseHandle
MulDiv
DuplicateHandle
VirtualAlloc
GetFileAttributesExA
GetCurrentThreadId
LoadLibraryA
GetConsoleAliasesA
_lread
SystemTimeToFileTime
GlobalAlloc
SetFileShortNameA
EnumSystemLanguageGroupsA
EnumTimeFormatsA
CopyFileExA
RegisterWaitForSingleObject
GetFirmwareEnvironmentVariableW
VirtualQueryEx
LZCopy
CreateMutexW
VerLanguageNameA
SetThreadPriority
GetCommState
ReadConsoleOutputA
EnumTimeFormatsW
GetCurrentThread
GetFileSizeEx
GetFirmwareEnvironmentVariableA
MoveFileWithProgressA
HeapCreate
ClearCommBreak
WriteConsoleOutputCharacterA
WriteConsoleInputVDMA
GetVersionExA
GetTickCount
GetEnvironmentStringsA
GetNamedPipeInfo
GlobalMemoryStatus
GetConsoleKeyboardLayoutNameW
SetSystemTime
GetTempFileNameA
RemoveVectoredExceptionHandler
TerminateThread

Sections

.text
Size: 181KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 550KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 132KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5debb96cda699e7b88bb7b252b13ed08

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

msoert2

wsock32

ntshrui

gdi32

kernel32

Sections

.text Size: 181KB - Virtual size: 184KB

.rdata Size: 550KB - Virtual size: 552KB

.data Size: 132KB - Virtual size: 1.5MB

.rsrc Size: 1KB - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 181KB - Virtual size: 184KB

.rdata
Size: 550KB - Virtual size: 552KB

.data
Size: 132KB - Virtual size: 1.5MB

.rsrc
Size: 1KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 4KB