da0fde292c7532f1513bc97199d42046_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

da0fde292c7532f1513bc97199d42046_JaffaCakes118
Size

1.2MB
MD5

da0fde292c7532f1513bc97199d42046
SHA1

f13a81bc8a3593ac1d2fdc68853b551ebc1e0328
SHA256

72cf06f4f31b41cfacc31ae40226bb096b23a7ce997c46710c5391623ed7231b
SHA512

29b7df86e0808f573c25ea8339baac3ce6277c4ad035bbed039885386c9ea000925ed7f21e6d951c7dd054ae237f7fcc5e104189c2144b0bebb39b045bfd2306
SSDEEP

24576:248oy9yvciBgFU0EKK5QGoRSBbG84Vnzmy:2h992cUsYK860BS84pzmy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
da0fde292c7532f1513bc97199d42046_JaffaCakes118

Files

da0fde292c7532f1513bc97199d42046_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ceed906385cc706902829bb2b5c376f0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

PageSetupDlgW

kernel32

DeleteCriticalSection
WaitForSingleObject
LoadResource
WriteFile
ReadFile
SetEndOfFile
FindClose
CloseHandle
GetSystemTimeAsFileTime
SystemTimeToFileTime
lstrcmpiW
TlsAlloc
GetModuleFileNameW
GetModuleHandleW
CreateProcessW
GetStartupInfoW
OutputDebugStringW
FindResourceW
GetSystemDirectoryW
CreateDirectoryW
GetFullPathNameW
CreateFileW
GetFileAttributesW
FindNextFileW
GetVersionExW
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetLocaleInfoW
GetThreadLocale
LeaveCriticalSection
EnterCriticalSection
GetLastError
GetCurrentThreadId
UnhandledExceptionFilter
GetEnvironmentStringsW
ExitProcess
GetCurrentProcessId
GetCurrentProcess
HeapFree
HeapReAlloc
HeapAlloc
VirtualAlloc
GetProcAddress
RtlUnwind
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteConsoleW
LCMapStringW
GetCommandLineW
SetLastError
EncodePointer
DecodePointer
GetModuleHandleExW
GetProcessHeap
GetStdHandle
GetFileType
QueryPerformanceCounter
FreeEnvironmentStringsW
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
TerminateProcess
TlsGetValue
TlsSetValue
TlsFree
IsValidCodePage
GetACP
GetOEMCP
IsDebuggerPresent
IsProcessorFeaturePresent
LoadLibraryExW
GetStringTypeW
HeapSize

crypt32

CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CryptProtectData
CryptAcquireCertificatePrivateKey
CertFindExtension
CertVerifyTimeValidity
CryptHashCertificate
CertGetEnhancedKeyUsage
CertControlStore
CertFreeCTLContext
CertAddCertificateContextToStore
CryptMsgUpdate
CryptEnumOIDInfo
CryptEncodeObject

wintrust

CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseContext
WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
CryptCATCatalogInfoFromContext

uxtheme

GetCurrentThemeName
EnableThemeDialogTexture
IsThemeActive
SetWindowTheme
GetThemeColor
GetThemePartSize

Sections

.text
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 750KB - Virtual size: 750KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 7.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 362KB - Virtual size: 361KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ceed906385cc706902829bb2b5c376f0

Headers

File Characteristics

Imports

comdlg32

kernel32

crypt32

wintrust

uxtheme

Sections

.text Size: 89KB - Virtual size: 88KB

.rdata Size: 750KB - Virtual size: 750KB

.data Size: 15KB - Virtual size: 7.4MB

.rsrc Size: 362KB - Virtual size: 361KB

.text
Size: 89KB - Virtual size: 88KB

.rdata
Size: 750KB - Virtual size: 750KB

.data
Size: 15KB - Virtual size: 7.4MB

.rsrc
Size: 362KB - Virtual size: 361KB