d6d6b30e13ebef44cd3eee228bd4354f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d6d6b30e13ebef44cd3eee228bd4354f_JaffaCakes118
Size

82KB
MD5

d6d6b30e13ebef44cd3eee228bd4354f
SHA1

9673d9ee1dd0076d369e34713b57fdcafb73172c
SHA256

63c7c0012fe1ea14af3249f7c1ee550e41c1eb3f6dd6ac00251af8f981711947
SHA512

42b59c1ad7018e100450cc2fc591568d2fe1cf67373f2e57d3343f590a762cb276345ac50b4773362ac34e06f5f84838ee3296128100268ac4df3b8c49fd3ae8
SSDEEP

1536:QL09QMQQlfNnBpcCGHsIT7ueC0VXvR5ISyRCJFdPp/CPABGwQdxVF:Qsv1uHuF0vCrRgFFLBY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6d6b30e13ebef44cd3eee228bd4354f_JaffaCakes118

Files

d6d6b30e13ebef44cd3eee228bd4354f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c2aa2320162026a14ecbb55af1ec8289

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mssign32

PvkPrivateKeySaveToMemory
SpcGetCertFromKey
SignerAddTimeStampResponseEx
PvkPrivateKeyLoadFromMemoryA
PvkPrivateKeyLoad
SignerAddTimeStampResponse
SignerSign
PvkGetCryptProv
PvkPrivateKeyAcquireContextFromMemory
DllUnregisterServer
PvkPrivateKeyAcquireContext
DllRegisterServer
PvkPrivateKeyAcquireContextA
SignerCreateTimeStampRequest
PvkPrivateKeySaveA

msvcrt

_mbctombb
_wtempnam
_telli64
__p__daylight
_CIlog
gets
_vsnprintf
exit
_ultow
_ismbchira
_execle
asin
wcscspn
ldiv

kernel32

FindFirstVolumeA
GetUserGeoID
GetFirmwareEnvironmentVariableA
GetConsoleMode
lstrcmpi
VirtualAlloc
EnumSystemLanguageGroupsW
TerminateJobObject
WritePrivateProfileStringW
IsBadStringPtrW
CreateSemaphoreA
GetSystemWow64DirectoryW
SwitchToThread
GetSystemDefaultLangID
LoadLibraryA
MapUserPhysicalPagesScatter

mapi32

FixMAPI@0
UNKOBJ_FreeRows@8
CchOfEncoding@4
OpenTnefStreamEx@32
UNKOBJ_ScSzFromIdsAlloc@20
UNKOBJ_COFree@8
MAPIInitialize@4
DllGetClassObject
HrAddColumns@16
MAPIFreeBuffer@4
ChangeIdleRoutine@28
FreePadrlist@4
OpenIMsgOnIStg@44
MAPIUninitialize@0
HrDecomposeMsgID@24
FBadRow@4

apphelp

SdbQueryData
ApphelpCheckMsiPackage
ApphelpGetNTVDMInfo
SdbReadWORDTag
SdbOpenDatabase
SdbTagToString
SdbGetDatabaseMatch
SdbReadDWORDTagRef
SdbReadStringTagRef
SdbGetDatabaseVersion
SdbReadQWORDTag
SdbGrabMatchingInfo
GetPermLayers
SdbReadMsiTransformInfo

shell32

SHGetMalloc

user32

MessageBoxA
EndDialog

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c2aa2320162026a14ecbb55af1ec8289

Headers

DLL Characteristics

File Characteristics

Imports

mssign32

msvcrt

kernel32

mapi32

apphelp

shell32

user32

Sections

.text Size: 37KB - Virtual size: 36KB

.data Size: 25KB - Virtual size: 32KB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 300B

.text
Size: 37KB - Virtual size: 36KB

.data
Size: 25KB - Virtual size: 32KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 300B