0664fdb827135fde6ffee57f77672b2d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0664fdb827135fde6ffee57f77672b2d_JaffaCakes118
Size

103KB
MD5

0664fdb827135fde6ffee57f77672b2d
SHA1

4d4c928be2714461252cc76849bcf2f266c563fa
SHA256

090b021c957c283c9f499c07b1259c96332d73bf0344d41e5fc4f89ee248d527
SHA512

11a5703594c49b863f8bc199ddff9ea36ef9da24d944e6cc11132618dd540a2304207c53f2f74e03477f47052e6ad0262ac69ff0fe58d06a29faa3af8eb2f943
SSDEEP

3072:z1YHriXgablF1qdbyIDIyOQuGZ1EMHC9GEAZZr5:RGAvLMdbljxijA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0664fdb827135fde6ffee57f77672b2d_JaffaCakes118

Files

0664fdb827135fde6ffee57f77672b2d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d47291b240196403e9a5276066e29e6b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemWindowsDirectoryW
LoadLibraryW
SetUnhandledExceptionFilter
GetModuleHandleA
CreateFileW
FormatMessageW
IsBadReadPtr
lstrcmpiW
DeleteCriticalSection
OutputDebugStringW
LocalFree
lstrlenW
GetTickCount
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentProcess
LocalReAlloc
CloseHandle
InterlockedIncrement
FileTimeToSystemTime
GetModuleFileNameW
InitializeCriticalSection
GetStartupInfoA
GetLastError
GetSystemDefaultLangID
OutputDebugStringA
GetEnvironmentStringsW
GetComputerNameW
FileTimeToLocalFileTime
GlobalAlloc
SetLastError
InterlockedDecrement
RemoveDirectoryA
WideCharToMultiByte
GetACP
GetDateFormatW
GlobalLock
lstrcpyW
GlobalUnlock
GlobalFree

user32

SystemParametersInfoW
EndDialog
SetWindowTextW
SetFocus
GetDlgItem
SetWindowLongW
LoadStringW
LoadBitmapW
ReleaseDC
wsprintfW
MessageBoxW
GetDlgItemTextA
WinHelpW
SendMessageW
DialogBoxParamW
EnableWindow
GetParent
PostMessageW
SendDlgItemMessageW
LoadCursorW
InsertMenuItemW
RegisterClipboardFormatW
SetDlgItemTextW
LoadImageW
LoadIconW
GetWindowLongW
SetCursor
GetDC

msvcrt

wcstoul
??2@YAPAXI@Z
mbstowcs
vswprintf
_adjust_fdiv
wcscmp
wcsrchr
free
wcscpy
?terminate@@YAXXZ
wcscat
wcsstr
_initterm
malloc
wcslen
??3@YAXPAX@Z
__dllonexit
memmove
_onexit
_except_handler3
_wcsicmp
??1type_info@@UAE@XZ
wcschr
__RTDynamicCast
_wcsupr
_purecall

certcli

CAGetCertTypeProperty
CASetCertTypeFlags
CAGetCertTypePropertyEx
CAEnumNextCertType
CAFindByName
CASetCertTypeKeySpec
CAEnumCertTypesForCA
CAGetCAProperty
CASetCertTypeProperty
CAFreeCAProperty
CAFreeCertTypeProperty
CAUpdateCA
CAEnumCertTypes
CAAddCACertificateType
CAFindCertTypeByName
CAGetCertTypeKeySpec
CAUpdateCertType
CACloseCertType
CASetCertTypeExtension
CACertTypeSetSecurity
CAFreeCertTypeExtensions
CACertTypeGetSecurity
CAGetCertTypeExtensions
CACreateCertType
CARemoveCACertificateType
CAGetCertTypeFlags
CACloseCA

advapi32

RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegSetValueExW
RegCloseKey
RegDeleteKeyW
RegEnumKeyExW
RegCreateKeyExW

comctl32

CreatePropertySheetPageW
PropertySheetW

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d47291b240196403e9a5276066e29e6b

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

certcli

advapi32

comctl32

Sections

.text Size: 46KB - Virtual size: 46KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 16KB - Virtual size: 109KB

.rsrc Size: 25KB - Virtual size: 25KB

.text
Size: 46KB - Virtual size: 46KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 16KB - Virtual size: 109KB

.rsrc
Size: 25KB - Virtual size: 25KB