cf212335b83223f74cf8bdd6cdbfd21a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cf212335b83223f74cf8bdd6cdbfd21a_JaffaCakes118
Size

180KB
MD5

cf212335b83223f74cf8bdd6cdbfd21a
SHA1

9a466e8be68a0e1fe4e9ed4be0d4e3f22da5fcbf
SHA256

8d586df92692a2a20d03afbd52de463389c385f3d5c9066827bffce18b9195fb
SHA512

9379292efdf04a0819bc757872a74e9c94bfc75ca1befc7ac5ea54dc4d328368cd19967bfcea2b995cd69506e7b4f04edd7028c787e86f531810961bbf2e5555
SSDEEP

3072:8WtwaoXtUMMnMMMMMX7I7Da6acIYkImcQYnhgFNXPb7cCLZhQHwSa1cU7PC:8ywaoXuMMnMMMMMakc1bQYnOXD7hlhox

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf212335b83223f74cf8bdd6cdbfd21a_JaffaCakes118

Files

cf212335b83223f74cf8bdd6cdbfd21a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

41b8d25e8786f5268e98ceac51a81e73

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wintrust

WinVerifyTrust
WTHelperGetProvCertFromChain
WintrustAddActionID
WintrustRemoveActionID
WTHelperGetProvSignerFromChain
WTHelperCertIsSelfSigned

shlwapi

StrCpyNW
StrCatBuffA
wnsprintfA
StrCatBuffW

shell32

ShellExecuteA

kernel32

ExitProcess
GetProcAddress
TerminateProcess
QueryPerformanceCounter
InterlockedCompareExchange
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCommandLineA
GetTickCount
HeapReAlloc
lstrlenW
GetCurrentProcess
GetCurrentProcessId
GetDateFormatA
DeleteCriticalSection
EnterCriticalSection
lstrlenA
GetLastError
UnhandledExceptionFilter
lstrcmpiA
SetProcessWorkingSetSize
CompareFileTime
GetCurrentThreadId
FileTimeToSystemTime
HeapAlloc
InitializeCriticalSection
WinExec
VirtualAlloc

user32

DialogBoxIndirectParamA
GetWindowRect
SetDlgItemTextA
DialogBoxIndirectParamW
LoadBitmapA
ShowWindow
GetDlgItemTextA
EnableWindow
SendDlgItemMessageA
SendMessageW
GetDC
ReleaseDC
SetWindowLongA
CallMsgFilterA
GetWindowLongA
GetParent
DialogBoxParamW
LoadStringA
SetFocus
SetCursor
EndDialog
CreateWindowExW
SendMessageA
GetSysColor
LoadImageA
MessageBeep
LoadCursorA
GetDlgItem
WinHelpA

gdi32

GetTextMetricsA
SelectObject
GetTextExtentPointW
GetTextExtentPointA
DeleteObject
GetTextMetricsW

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

41b8d25e8786f5268e98ceac51a81e73

Headers

DLL Characteristics

File Characteristics

Imports

wintrust

shlwapi

shell32

kernel32

user32

gdi32

Sections

.text Size: 2KB - Virtual size: 2KB

.rsrc Size: 31KB - Virtual size: 30KB

.idata Size: 2KB - Virtual size: 2KB

.rdata Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 24B

.data Size: 140KB - Virtual size: 384KB

.text
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 31KB - Virtual size: 30KB

.idata
Size: 2KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 24B

.data
Size: 140KB - Virtual size: 384KB