104791ee91758a9672f727f3784d1af2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

104791ee91758a9672f727f3784d1af2_JaffaCakes118
Size

44KB
MD5

104791ee91758a9672f727f3784d1af2
SHA1

2956dce7e0c0eea8b95531a64bfdd21b437bcd5d
SHA256

81e1d0864ebfac98a7dd82d93427b9050a9faf3b4a911f3dba2c10580a0c94a3
SHA512

8e6d1e5e4f3238ac1439f30a81bfa06dc8486c796475eaae407322676b80fd1aedc2733d357500b030357a37aa2cbf1a40e0bc0302a422f729b1d2d2ba9d21cb
SSDEEP

768:rS8kAmnLsAnEtLNICnD1SFJDROeiTLtjyk3ZsdLLvwSe4yf64x6SY:u8klLsAnsLNICD1SLEZT3Zsd4l4yRjY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
104791ee91758a9672f727f3784d1af2_JaffaCakes118

Files

104791ee91758a9672f727f3784d1af2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f4cd3b314c84d05078bf043ab14bd199

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalAlloc
GetStartupInfoA
CreateDirectoryExA
SetFileAttributesW
ReadConsoleW
QueryPerformanceCounter
GetDefaultCommConfigA
EnumSystemLanguageGroupsW
IsValidLocale
BeginUpdateResourceA
LoadLibraryA
CreateEventW
TransactNamedPipe
InterlockedExchangeAdd
GetThreadContext
ReadFileEx
GetCurrentThread
VirtualAlloc
GetTapeStatus
GetConsoleFontInfo
SetFirmwareEnvironmentVariableW

gdi32

GdiEntry16
GdiConvertBitmapV5
GdiEntry7
GdiSetAttrs
AbortPath
GetCharABCWidthsFloatA
GdiSetLastError
EngPlgBlt
GetMetaFileBitsEx
GetBkColor
EudcUnloadLinkW
PathToRegion
PATHOBJ_bEnum
GetKerningPairs
StartPage
PolyPatBlt
GdiEndPageEMF
GetTextCharset
EnumFontFamiliesExW
UpdateICMRegKeyA
GdiEntry4
DdEntry45

cryptui

RetrievePKCS7FromCA
ACUIProviderInvokeUI
CryptUIDlgViewCertificatePropertiesA
CryptUIDlgCertMgr
EnrollmentCOMObjectFactory_getInstance
CryptUIFreeCertificatePropertiesPagesA
CryptUIGetCertificatePropertiesPagesW
WizardFree
I_CryptUIProtectFailure
CryptUIDlgFreeCAContext
CryptUIGetCertificatePropertiesPagesA
CryptUIGetViewSignaturesPagesW
CryptUIDlgSelectCertificateA
CryptUIWizSubmitCertRequestNoDS
CryptUIDlgViewContext
CryptUIGetViewSignaturesPagesA
CryptUIDlgSelectCertificateW
CryptUIDlgViewCertificateW
CryptUIStartCertMgr
CryptUIDlgViewCRLW
I_CryptUIProtect
CryptUIWizQueryCertRequestNoDS

wship6

WSHGetWinsockMapping
WSHIoctl
WSHGetProviderGuid
WSHSetSocketInformation
WSHStringToAddress
WSHNotify
WSHJoinLeaf
WSHGetWildcardSockaddr
WSHEnumProtocols
WSHOpenSocket2
WSHAddressToString
WSHGetSocketInformation
WSHGetWSAProtocolInfo
WSHGetSockaddrType
WSHOpenSocket

ntdll

DbgUiGetThreadDebugObject
RtlCustomCPToUnicodeN
NtImpersonateClientOfPort
wcsspn
RtlQueryProcessHeapInformation
ZwSetInformationProcess
RtlCaptureStackBackTrace
RtlSetGroupSecurityDescriptor
RtlSetProcessIsCritical
ZwAdjustGroupsToken
ZwCallbackReturn
RtlPushFrame
RtlAppendUnicodeToString
NtQueryDefaultUILanguage
ZwSetLdtEntries
ZwQueryMutant
RtlEnableEarlyCriticalSectionEventCreation
NtOpenKey
ZwSetInformationToken
ZwAreMappedFilesTheSame

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.d0ata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4cd3b314c84d05078bf043ab14bd199

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

cryptui

wship6

ntdll

Sections

.text Size: 35KB - Virtual size: 35KB

.rdata Size: 4KB - Virtual size: 3KB

.d0ata Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 35KB - Virtual size: 35KB

.rdata
Size: 4KB - Virtual size: 3KB

.d0ata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB