ebe1f40004e4ddae37ab77dc3abb419d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ebe1f40004e4ddae37ab77dc3abb419d_JaffaCakes118
Size

864KB
MD5

ebe1f40004e4ddae37ab77dc3abb419d
SHA1

44a684cda4bd575fa2d2b1ce320a515360419746
SHA256

64829d6585865fd3727cbecc346258f7b84ca7eceddd7fef0b6ab1e4e5785a3c
SHA512

ccbac94c3a9dbc0701fd8ec61282cef7e1df362207df4ea4727c839898f63c51d0ea45a46aefe078f89d6aab2445ca6ffe8b7baac49ffd2b94577131a591b808
SSDEEP

24576:nSinNcMiqcO0YvU+7z5I2c/XG/1on+lhn:nNnNlchj+7zOPG/1lh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ebe1f40004e4ddae37ab77dc3abb419d_JaffaCakes118

Files

ebe1f40004e4ddae37ab77dc3abb419d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

82948551390961cc24cd669b14c28816

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__p__commode
getwc
_getcwd
_mbclen
__CxxLongjmpUnwind
_mbsnccnt
_control87
strpbrk
_telli64
toupper
_j1
_CIasin
printf
??0bad_cast@@QAE@ABQBD@Z
_fmode
abs
_wchmod
_mbscmp
__getmainargs
towupper
??_Eexception@@UAEPAXI@Z
_mbsspn
_ismbcalpha
_mktime64
__set_app_type
_inp
_aligned_offset_malloc
exit
??_U@YAPAXI@Z
_mbscspn
_isctype

duser

GetStdPalette
WaitMessageEx
LookupGadgetTicket
DUserGetAlphaPRID
ForwardGadgetMessage
UtilDrawOutlineRect
GetGadgetFocus
RegisterGadgetProperty
GetStdColorI
GetGadgetTicket
SetGadgetRootInfo
DUserGetGutsData
GetGadgetRect
RegisterGadgetMessage
InitGadgetComponent
SetGadgetMessageFilter
GetGadgetScale
UnregisterGadgetMessage
SetGadgetRotation
GetGadgetSize
SetGadgetCenterPoint
GetMessageExA
UnregisterGadgetProperty
GetStdColorPenI
IsStartDelete
PeekMessageExA
SetGadgetBufferInfo
SetGadgetStyle
IsGadgetParentChainStyle
DeleteHandle
DUserRegisterSuper
InitGadgets
DUserRegisterGuts
AddGadgetMessageHandler
FireGadgetMessages
GetGadgetAnimation
GetStdColorName
SetGadgetOrder
DUserRegisterStub
DUserPostEvent
SetGadgetFillF
RegisterGadgetMessageString
FindGadgetFromPoint
DUserCastHandle

kernel32

GetProcessHeap
WriteFileEx
SetErrorMode
GetNamedPipeInfo
DelayLoadFailureHook
DeleteTimerQueue
LoadLibraryA
InterlockedExchangeAdd
ReadConsoleOutputA
GetGeoInfoA
GetFileInformationByHandle
GetStringTypeW
GetVersionExW
QueryPerformanceCounter
GetEnvironmentVariableA
GetCurrentActCtx
GetComputerNameA
FindResourceW
MulDiv
ExpungeConsoleCommandHistoryW
GetExitCodeProcess
ReadFile
SetTimeZoneInformation
UnmapViewOfFile
EnumLanguageGroupLocalesA
FreeLibrary
_hread
VDMConsoleOperation
CancelDeviceWakeupRequest
CreateJobObjectA
GetGeoInfoW
GetConsoleAliasExesLengthW
VerifyVersionInfoW
HeapReAlloc
QueryMemoryResourceNotification
VirtualAlloc
InitializeCriticalSectionAndSpinCount
HeapDestroy
GlobalFindAtomA
DeleteTimerQueueEx
GetConsoleAliasA
GetProcessPriorityBoost
GetEnvironmentStringsA
GetConsoleCursorInfo

cryptui

CryptUIDlgSelectStoreA
CryptUIWizExport
CryptUIWizSubmitCertRequestNoDS
CryptUIWizFreeCertRequestNoDS
CryptUIDlgViewCertificateW
CryptUIFreeCertificatePropertiesPagesA
CryptUIWizFreeDigitalSignContext
CryptUIDlgViewSignerInfoA
CryptUIGetViewSignaturesPagesA
CryptUIDlgViewCRLA
CryptUIWizDigitalSign
CryptUIFreeViewSignaturesPagesW
CryptUIWizCertRequest
RetrievePKCS7FromCA
CryptUIFreeViewSignaturesPagesA
CryptUIGetCertificatePropertiesPagesA
EnrollmentCOMObjectFactory_getInstance
CryptUIDlgFreeCAContext
CryptUIDlgViewCertificatePropertiesW
CryptUIDlgCertMgr
CryptUIDlgViewCTLA
CryptUIWizCreateCertRequestNoDS
CryptUIWizBuildCTL
LocalEnroll
CryptUIDlgViewCRLW
CryptUIDlgViewCertificatePropertiesA
CryptUIGetCertificatePropertiesPagesW
CryptUIDlgSelectCertificateA
CryptUIDlgSelectCertificateFromStore
ACUIProviderInvokeUI
CryptUIDlgSelectStoreW
LocalEnrollNoDS
CryptUIDlgViewCTLW
CryptUIDlgSelectCA
CryptUIDlgViewContext
CryptUIGetViewSignaturesPagesW
CryptUIFreeCertificatePropertiesPagesW
I_CryptUIProtect
CryptUIDlgSelectCertificateW
CryptUIStartCertMgr
WizardFree
I_CryptUIProtectFailure
CryptUIDlgViewSignerInfoW
CryptUIWizImport
CryptUIDlgViewCertificateA

ntlanman

NPAddConnection3
NPGetConnection
NPGetCaps
NPCloseEnum
NPGetResourceInformation
NPGetConnectionPerformance
NPGetResourceParent
NPGetConnection3
I_SystemFocusDialog
NPOpenEnum
NPCancelConnection
DllMain
NPGetReconnectFlags
NPFormatNetworkName
NPEnumResource
NPGetUniversalName
NPGetUser
NPAddConnection

user32

IsWinEventHookInstalled
SetScrollPos
RegisterSystemThread
ChildWindowFromPointEx
SetDebugErrorLevel
RegisterClassExA
CreateWindowStationA
RegisterClassA
IsZoomed
DrawFocusRect
GetLayeredWindowAttributes
ShowWindow
EndDialog
DdeUninitialize
MsgWaitForMultipleObjectsEx
GetPropW
LoadLocalFonts
TrackPopupMenuEx
SetWindowTextW
UserLpkPSMTextOut
EnumDisplayMonitors
AnyPopup
ExitWindowsEx
GetAppCompatFlags2
DefWindowProcA
PostQuitMessage
DdeEnableCallback
mouse_event
GetLastInputInfo
HiliteMenuItem

Sections

.text
Size: 327KB - Virtual size: 327KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 354KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

82948551390961cc24cd669b14c28816

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

duser

kernel32

cryptui

ntlanman

user32

Sections

.text Size: 327KB - Virtual size: 327KB

.rdata Size: 179KB - Virtual size: 179KB

.data Size: 354KB - Virtual size: 1.8MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 327KB - Virtual size: 327KB

.rdata
Size: 179KB - Virtual size: 179KB

.data
Size: 354KB - Virtual size: 1.8MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B