c1b021ae9e584fe247c86309941c59e8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c1b021ae9e584fe247c86309941c59e8_JaffaCakes118
Size

1.4MB
MD5

c1b021ae9e584fe247c86309941c59e8
SHA1

f3eb23a5fa625c8c433cd5d983489356d962781e
SHA256

36291e46a47bc47cfd5733ef1759ac881d3d38c0f15ef2401ec71b785b211b58
SHA512

d35e698af53e90c739cbab26e94b687dd50f04dd4ad353614dcea543a829e8599f5d5f4be8c8e8444e392126ff0646fbfa8db5f96192066bf38477291763075d
SSDEEP

24576:k3bzienqvEDmAkAY0+8g9qYnqAS5rD4rtRyYxsLT+NNF/CahxXOBO/:k3bzYw3O9a5XqtyKN//C8+BI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1b021ae9e584fe247c86309941c59e8_JaffaCakes118

Files

c1b021ae9e584fe247c86309941c59e8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fef94f080445022dd41c2b4be055ac0d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetConsoleWindow
MoveFileWithProgressW
WritePrivateProfileStructW
GetModuleHandleW
lstrlenW
GetCurrentThreadId
GetCurrentThread
VirtualAlloc
GlobalAlloc
FreeResource
GetSystemDirectoryW
DeleteCriticalSection
GetCPInfo
FindFirstFileW
lstrcmpW
WriteConsoleW
LocalAlloc
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
OutputDebugStringW
LCMapStringW
HeapAlloc
LoadLibraryExW
GetModuleFileNameW
WriteFile
GetStdHandle
GetStringTypeW
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
CreateMutexW
InitializeCriticalSection
GetVersionExW
HeapReAlloc
GetCommandLineW
GetLocaleInfoW
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
GetProcAddress
TlsSetValue
TlsGetValue
TerminateProcess
GetCurrentProcess
Sleep
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
TlsAlloc
GetACP
SetLastError
GetLastError
GetOEMCP
IsValidCodePage
DecodePointer
IsDebuggerPresent
EncodePointer
IsProcessorFeaturePresent
RaiseException
CreateFileW

wintrust

WTHelperGetProvSignerFromChain

crypt32

CertEnumCertificatesInStore
CryptBinaryToStringW
CertAddCertificateContextToStore
CertCreateCertificateContext
CertNameToStrW
CertGetNameStringW
CertGetCertificateContextProperty
CertGetEnhancedKeyUsage
CryptMsgOpenToDecode
CertFreeCRLContext
CryptQueryObject
CryptExportPublicKeyInfo
CryptEncodeObjectEx
CryptStringToBinaryW
CryptDecodeObject
CryptExportPKCS8
CertCloseStore
CryptFindOIDInfo
CertFreeCertificateContext
CertVerifyTimeValidity
CertControlStore
CryptHashPublicKeyInfo
CertGetCertificateChain
CertOpenStore
CertFreeCTLContext
CertFreeCertificateChain
CryptEnumOIDInfo
CertAddStoreToCollection
CryptEncodeObject

setupapi

SetupDiOpenDeviceInfoW
CM_Locate_DevNodeW
SetupGetIntField
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDriverInfoW
SetupDiSetDeviceInstallParamsW
SetupOpenFileQueue
SetupInstallFromInfSectionW
SetupCloseFileQueue
SetupDiGetActualSectionToInstallW
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceInfoListDetailW
CM_Get_DevNode_Registry_Property_ExW
SetupGetStringFieldW
CM_Get_DevNode_Status
SetupOpenInfFileW
SetupDiGetDriverInfoDetailW
SetupDiCreateDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
CM_Get_Device_ID_ExW

user32

ValidateRgn
EnableScrollBar
GetRawInputBuffer
GetGUIThreadInfo
CopyRect
GetClassInfoW

winscard

SCardGetStatusChangeW
SCardListReadersW

advapi32

RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
GetTraceEnableFlags
RegEnumValueW
RegQueryInfoKeyW

rasapi32

RasGetEntryPropertiesW

wininet

InternetCrackUrlW
InternetOpenW
HttpOpenRequestW
HttpAddRequestHeadersW

opengl32

glGenTextures
glEnable
glColorMask
glBindTexture
glDepthFunc
glViewport
glFlush
glClearColor
glStencilOp

comdlg32

PrintDlgExW

ntdsapi

DsBindW
DsFreeNameResultW

wsock32

WSAAsyncGetHostByName
WSAAsyncSelect

msacm32

acmFormatSuggest
acmStreamPrepareHeader

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 7.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fef94f080445022dd41c2b4be055ac0d

Headers

File Characteristics

Imports

kernel32

wintrust

crypt32

setupapi

user32

winscard

advapi32

rasapi32

wininet

opengl32

comdlg32

ntdsapi

wsock32

msacm32

Sections

.text Size: 53KB - Virtual size: 52KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 1.2MB - Virtual size: 7.7MB

.rsrc Size: 102KB - Virtual size: 102KB

.text
Size: 53KB - Virtual size: 52KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 1.2MB - Virtual size: 7.7MB

.rsrc
Size: 102KB - Virtual size: 102KB