ee8d232e00c076c1300ff7469a16946a_JaffaCakes118

General

Target

ee8d232e00c076c1300ff7469a16946a_JaffaCakes118
Size

533KB
MD5

ee8d232e00c076c1300ff7469a16946a
SHA1

03c7edb17f4d65ddb95f4b15a4d10828d695b29d
SHA256

c1690a91cfb3fa60b695fb16ac7a0a157d3306a5c36e1ddecf86be68ccb8bd8e
SHA512

2a5c56adbd9ba10256f997e724f502d5c9dca9f161f7820270c070cbd7a8f38102ff7a65a5ed67cbf2884727c7aaefeea62f26eeee7925e5bba60501a77c4647
SSDEEP

12288:7SgRnRDA3qzxq3QPWHamsOvBvMMvaYYyVFvZQx:vpA3qdqAIaROvhDv7YmxQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ee8d232e00c076c1300ff7469a16946a_JaffaCakes118

Files

ee8d232e00c076c1300ff7469a16946a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f84d4397ae23732607c62a0f3de704c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocalTime
LeaveCriticalSection
GetTickCount
HeapAlloc
OpenFileMappingW
lstrlenA
WaitNamedPipeW
OpenMutexA
CreateMutexW
SetErrorMode
lstrlenA
GetProcAddress
CreateFileMappingA
GetStartupInfoW
ReadFile
AllocConsole
DeleteFileA
GetStringTypeW
LoadLibraryExA
LoadLibraryA
lstrlenA
GetVersionExA

user32

LoadMenuA
InsertMenuA
GetDlgItemTextW
IsDialogMessageA
GetPropW
DispatchMessageW
IsCharLowerW
PeekMessageW
LoadIconA
GetClassLongW

nddeapi

NDdeShareEnumA
NDdeShareAddA
NDdeShareGetInfoA
NDdeShareDelA

crypt32

CryptFindOIDInfo
CryptMemAlloc
CertAlgIdToOID
CertFreeCRLContext
CertDuplicateCRLContext
CertSaveStore
CertDeleteCRLFromStore
CertControlStore
CertNameToStrA
CertOpenStore
CertFindAttribute
CertFindChainInStore
CertCreateCTLContext
CertCreateContext
CertGetNameStringA
CertDuplicateStore
CertFindExtension

cfgmgr32

CM_Add_IDA
CM_Add_Empty_Log_Conf

dsprop

FindSheet
CrackName

certcli

CACloseCA
CADeleteCA

Exports

Exports

b

Sections

.text
Size: 518KB - Virtual size: 518KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.qdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_MEM_READ

.gdata
Size: 1024B - Virtual size: 744B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f84d4397ae23732607c62a0f3de704c8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

nddeapi

crypt32

cfgmgr32

dsprop

certcli

Exports

Exports

Sections

.text Size: 518KB - Virtual size: 518KB

.qdata Size: 11KB - Virtual size: 11KB

.gdata Size: 1024B - Virtual size: 744B

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 518KB - Virtual size: 518KB

.qdata
Size: 11KB - Virtual size: 11KB

.gdata
Size: 1024B - Virtual size: 744B

.rsrc
Size: 1KB - Virtual size: 1KB