f3554f93e653108c6cf12edd54db05ae_JaffaCakes118

General

Target

f3554f93e653108c6cf12edd54db05ae_JaffaCakes118
Size

78KB
MD5

f3554f93e653108c6cf12edd54db05ae
SHA1

af9f2009ccc0e26f2a4ff32f0c7903cc37d460c6
SHA256

e350efd69893b28033dfa6ba293f402c04281453c766022a266ae6be6fbe31aa
SHA512

a8f7ea2a5ec7ededaa1f62b47e598f47a44de4b5a87dc66f79f0ca651c661eaa06cf70721f36466ab51065c58502f1ce8b1a4c13bd3cecba741e29e960dc6fe7
SSDEEP

1536:GHSpeffJzpa4PKvvMupbRzh7mI565HrVTblQfqA:GHSpefhpa4PKHffw9hTSf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f3554f93e653108c6cf12edd54db05ae_JaffaCakes118

Files

f3554f93e653108c6cf12edd54db05ae_JaffaCakes118
.exe windows:5 windows x86 arch:x86

01dd93f996c09615db1474b28d83a9ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

authz

AuthzFreeContext
AuthzAddSidsToContext
AuthzFreeAuditEvent
AuthzFreeResourceManager
AuthzInitializeContextFromSid

wtsapi32

WTSFreeMemory
WTSVirtualChannelPurgeInput
WTSEnumerateServersA
WTSEnumerateProcessesA
WTSEnumerateSessionsW

kernel32

WriteProcessMemory
OpenEventA
MoveFileA
GetFileAttributesW
DecodePointer
InterlockedIncrement
GetACP
CreateEventA
GetModuleHandleA
OpenFileMappingA
GetEnvironmentVariableA
VirtualAlloc
GetEnvironmentVariableW
LoadLibraryExW

user32

LoadBitmapW
IsCharLowerA
MessageBoxExW
GetMessageA
MessageBoxW
CreateWindowExW
SetWindowTextW
GetWindow
InsertMenuW
FindWindowW
FindWindowW
GetFocus

shell32

ExtractIconW
DragQueryFileA
ShellMessageBoxA
ShellExecuteW
DragQueryPoint
FindExecutableW
SHEmptyRecycleBinW
FindExecutableW
SHDefExtractIconW
ShellAboutA
SHGetFileInfoA
SHGetDataFromIDListW

resutils

ClusWorkerTerminate
ResUtilDupString

certcli

CAEnumNextCA
CACloseCertType

advapi32

RegSaveKeyW
RegReplaceKeyA
IsValidSid
RegDeleteValueW
CryptSignHashA
ReadEventLogW
RegCreateKeyExW
RegUnLoadKeyA
IsValidAcl
InitializeAcl
OpenEventLogA

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qwer
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

01dd93f996c09615db1474b28d83a9ca

Headers

DLL Characteristics

File Characteristics

Imports

authz

wtsapi32

kernel32

user32

shell32

resutils

certcli

advapi32

Sections

.text Size: 10KB - Virtual size: 10KB

.qwer Size: 67KB - Virtual size: 66KB

.text
Size: 10KB - Virtual size: 10KB

.qwer
Size: 67KB - Virtual size: 66KB