e017569abc647c144b1bf0db9b2891f5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e017569abc647c144b1bf0db9b2891f5_JaffaCakes118
Size

106KB
MD5

e017569abc647c144b1bf0db9b2891f5
SHA1

160e75d1c15f37180ac03aa56cfc1c9e31248901
SHA256

0046abe40209f54860fe318cdcaee246ec2b21212f99bf7668e3c6f194ed158b
SHA512

823052d56268fc8204c66e3e6c9c0e38ddeb254c50d0914d952e19f965ffbf6f05e0e5d6cd70a1ec07ef7d309f4b9662b3c259e1d6b600a2513c665e82617846
SSDEEP

1536:x0UtDKy7uH8YlQs7mCxZgOJrhBG8UY2UIMmQXDyDbd36WmOatUIvcMhMo7:xJKPH8cQebOOJrF2bRQebd36VvcUh7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e017569abc647c144b1bf0db9b2891f5_JaffaCakes118

Files

e017569abc647c144b1bf0db9b2891f5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f4f1b1446c952bdd3a1ec15911c94e78

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

WaitForSingleObjectEx
CreateProcessW
GetProcAddress
LoadLibraryA
VirtualProtect
GetCurrentThread
SetThreadContext
SetConsoleCP
OpenSemaphoreW
GetLastError
GetStartupInfoW
GetSystemTimeAsFileTime
LoadLibraryA
TerminateProcess
LoadLibraryExA
LoadLibraryA
CreateProcessA
ReadProcessMemory
CreateProcessA
GetStartupInfoA
ReleaseMutex
WaitForSingleObjectEx
WaitForSingleObject
ReadProcessMemory
GetStartupInfoA
ReadProcessMemory
DeviceIoControl
VirtualProtectEx
CreateProcessW
WaitForSingleObjectEx
WriteProcessMemory
ReleaseMutex
ReadFile
VirtualProtect
ReleaseMutex
CreateProcessW
SleepEx
GetStartupInfoA
TerminateProcess
SleepEx
VirtualProtectEx
GetSystemTimeAsFileTime
CreateProcessA
CreateFileA
ReadProcessMemory
GetSystemTimeAsFileTime
Sleep
GetSystemTimeAsFileTime
VirtualProtectEx
SleepEx
VirtualProtect
SleepEx
GetSystemTimeAsFileTime
ReadFile
TerminateProcess
LoadLibraryExW
ReadProcessMemory
WaitForSingleObjectEx
VirtualProtect
WaitForSingleObjectEx
GetSystemTime
WaitForSingleObjectEx
LoadLibraryA
CreateProcessW
ReleaseMutex
CreateFileA
TerminateProcess
CreateProcessW
CreateFileA
SleepEx
CreateFileA
GetStartupInfoW
ReadFile
VirtualProtect
GetSystemTime
LoadLibraryA
GetStartupInfoW
LoadLibraryExA
SleepEx
WriteProcessMemory
ReadFile
WaitForSingleObjectEx
ReadFile
CreateProcessA
CreateProcessA
CreateProcessA
Sleep
CreateProcessW
WaitForSingleObject
CreateProcessA
CreateFileA
ReadFile
TerminateProcess
CreateFileA
GetSystemTime
GetSystemTime
WaitForSingleObjectEx
VirtualProtectEx
VirtualProtect
ReadFile
DeviceIoControl
WaitForSingleObject
LoadLibraryExW
TerminateProcess
WaitForSingleObjectEx
CreateProcessA
LoadLibraryExW
Sleep
CreateProcessA
LoadLibraryA
VirtualProtectEx

wintrust

WTHelperGetProvSignerFromChain
WintrustCertificateTrust
WintrustCertificateTrust
TrustFreeDecode
TrustFreeDecode
WinVerifyTrust
OfficeCleanupPolicy
WintrustCertificateTrust
WTHelperGetProvSignerFromChain
WintrustCertificateTrust
TrustFreeDecode
TrustFreeDecode
WintrustCertificateTrust
WTHelperGetProvSignerFromChain
WinVerifyTrust
WTHelperGetProvSignerFromChain
WintrustCertificateTrust
TrustFreeDecode
WintrustCertificateTrust
WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperGetProvSignerFromChain
TrustFreeDecode
WTHelperGetProvSignerFromChain
WTHelperGetProvSignerFromChain
TrustFreeDecode
WinVerifyTrust
TrustFreeDecode
WintrustCertificateTrust
WintrustCertificateTrust
TrustFreeDecode
WintrustCertificateTrust
TrustFreeDecode
WinVerifyTrust
WinVerifyTrust
WintrustCertificateTrust
WTHelperGetProvSignerFromChain
TrustFreeDecode
WinVerifyTrust
WintrustCertificateTrust
WinVerifyTrust
WintrustCertificateTrust
WinVerifyTrust
TrustFreeDecode
TrustFreeDecode
TrustFreeDecode
WintrustCertificateTrust
WTHelperGetProvSignerFromChain
WintrustCertificateTrust
WintrustCertificateTrust
WTHelperGetProvSignerFromChain
WintrustCertificateTrust
WTHelperGetProvSignerFromChain
WintrustCertificateTrust
TrustFreeDecode
WTHelperGetProvSignerFromChain
WinVerifyTrust
WinVerifyTrust
WTHelperGetProvSignerFromChain
WintrustCertificateTrust
TrustFreeDecode
WinVerifyTrust
WinVerifyTrust
TrustFreeDecode
WinVerifyTrust
WintrustCertificateTrust
TrustFreeDecode
WintrustCertificateTrust
WTHelperGetProvSignerFromChain
WintrustCertificateTrust
TrustFreeDecode
TrustFreeDecode
TrustFreeDecode
WTHelperGetProvSignerFromChain
TrustFreeDecode
WinVerifyTrust
WinVerifyTrust
WintrustCertificateTrust
WintrustCertificateTrust
WinVerifyTrust
WTHelperGetProvSignerFromChain
WintrustCertificateTrust
WTHelperGetProvSignerFromChain
WTHelperGetProvSignerFromChain
TrustFreeDecode
WTHelperGetProvSignerFromChain
WinVerifyTrust
WTHelperGetProvSignerFromChain
WinVerifyTrust
WinVerifyTrust
WTHelperGetProvSignerFromChain
WintrustCertificateTrust
WintrustCertificateTrust
TrustFreeDecode
TrustFreeDecode
WTHelperGetProvSignerFromChain
WintrustCertificateTrust
WintrustCertificateTrust
TrustFreeDecode
TrustFreeDecode
WinVerifyTrust
TrustFreeDecode
WTHelperGetProvSignerFromChain
WinVerifyTrust
WintrustCertificateTrust
WinVerifyTrust
WintrustCertificateTrust

Sections

.text
Size: 82KB - Virtual size: 388KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4f1b1446c952bdd3a1ec15911c94e78

Headers

File Characteristics

Imports

kernel32

wintrust

Sections

.text Size: 82KB - Virtual size: 388KB

.data Size: 5KB - Virtual size: 8KB

.idata Size: 16KB - Virtual size: 16KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 82KB - Virtual size: 388KB

.data
Size: 5KB - Virtual size: 8KB

.idata
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 1KB - Virtual size: 1KB