d69a64c77b30c07590f07cb81c31ec47_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d69a64c77b30c07590f07cb81c31ec47_JaffaCakes118
Size

1.2MB
MD5

d69a64c77b30c07590f07cb81c31ec47
SHA1

72f0772d240a8942bdd4a15d0e4bae168280f574
SHA256

8798be6ab2dbfc08a7a248a6f510977e1560e1b836ceac8fd5b790e5fca561fb
SHA512

cd8ef07de321227c2ede75f550fd2dc94b48474e9bce3b278d0f24517a343cf993ab9e170a0401c1af7090778cedaf6958fce2d11d6fef41db411a52e3b924cc
SSDEEP

24576:bRowbT5hb4vNnAR44FkfXKro+4wORMbxZ+VxQYbm2x2doNF8gQm9vyz:1D5wnlqbr+HP3bZQm0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d69a64c77b30c07590f07cb81c31ec47_JaffaCakes118

Files

d69a64c77b30c07590f07cb81c31ec47_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8829a71f8948cf2e57c95b7dc81c6c36

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryInfoKeyW

user32

GetSysColorBrush
LoadBitmapW
FillRect
SetDlgItemInt
EnableScrollBar
IsDlgButtonChecked

kernel32

CloseHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
FileTimeToLocalFileTime
OutputDebugStringW
CreateFileMappingW
DeleteCriticalSection
InitializeCriticalSection
GetStartupInfoW
GlobalAlloc
GlobalLock
VirtualAlloc
GetBinaryTypeW
InitAtomTable
GetCommModemStatus
GetSystemTimes
PeekNamedPipe
EnumResourceNamesW
GlobalAddAtomW
CreateNamedPipeW
CancelIo
BuildCommDCBAndTimeoutsW
GetOEMCP
IsValidLanguageGroup
LCMapStringW
HeapSize
HeapReAlloc
HeapAlloc
GetCommandLineW
RaiseException
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
GetLastError
SetLastError
GetCurrentThreadId
DecodePointer
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
GetModuleFileNameW
WriteFile
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
IsValidCodePage
GetACP
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
HeapFree
LoadLibraryExW
RtlUnwind
GetStringTypeW
CreateFileW

wintrust

CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext
CryptCATAdminReleaseCatalogContext
CryptCATAdminCalcHashFromFileHandle
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
CryptCATCatalogInfoFromContext
WTHelperGetProvCertFromChain
WinVerifyTrust

Sections

.text
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 169KB - Virtual size: 48.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.72sk1
Size: 502KB - Virtual size: 501KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rrdne1
Size: 309KB - Virtual size: 309KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8829a71f8948cf2e57c95b7dc81c6c36

Headers

File Characteristics

Imports

advapi32

user32

kernel32

wintrust

Sections

.text Size: 256KB - Virtual size: 255KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 169KB - Virtual size: 48.2MB

.72sk1 Size: 502KB - Virtual size: 501KB

.rrdne1 Size: 309KB - Virtual size: 309KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 256KB - Virtual size: 255KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 169KB - Virtual size: 48.2MB

.72sk1
Size: 502KB - Virtual size: 501KB

.rrdne1
Size: 309KB - Virtual size: 309KB

.rsrc
Size: 2KB - Virtual size: 1KB