1228ceb94fc3e2a2be5df5dd9481d722_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1228ceb94fc3e2a2be5df5dd9481d722_JaffaCakes118
Size

137KB
MD5

1228ceb94fc3e2a2be5df5dd9481d722
SHA1

c696580e214b85724455ddf1fd46d6ef8952e05e
SHA256

a2e002882bcdd7236fa56dbe05c75a019ddd029255c34b4f5e7fac633fb559be
SHA512

19b6aaceef6cbbe084ec9a66c93c945cd05bbebc42ab3db2f333e8227d8fed835f78dd3f0d10809e64f277b45e1dc9ddd88fd9268c4c0ce56243110878fdd68c
SSDEEP

3072:rxPHHfhliODfr9Txnl78ST9yy8GQoIAt07qLcA6WuB+d2zfy:rxHp7Drzn1fgA07OcA6DDf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1228ceb94fc3e2a2be5df5dd9481d722_JaffaCakes118

Files

1228ceb94fc3e2a2be5df5dd9481d722_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9e20901c635d4a8be5f200d4e7b527a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAInstallServiceClassA
WSAStringToAddressW
WSACancelBlockingCall
WSAProviderConfigChange
WSAConnect
htonl
WSCEnableNSProvider
WEP
WSARemoveServiceClass
WSACloseEvent
WSASetEvent
WSASendTo
connect
WSAGetServiceClassNameByClassIdA
WSAAccept
WSAUnhookBlockingHook

security

DeleteSecurityContext
AcquireCredentialsHandleA
QuerySecurityPackageInfoA
QueryContextAttributesA
AcquireCredentialsHandleW
MakeSignature
VerifySignature
DeleteSecurityPackageW
InitializeSecurityContextW
FreeCredentialsHandle
ImportSecurityContextA
EnumerateSecurityPackagesA
ImportSecurityContextW
CompleteAuthToken
AddSecurityPackageA
DeleteSecurityPackageA
ImpersonateSecurityContext
QueryCredentialsAttributesA
InitSecurityInterfaceW
ExportSecurityContext
EnumerateSecurityPackagesW
InitializeSecurityContextA

netapi32

I_NetlogonComputeServerDigest
NetReplExportDirDel
NetUseGetInfo
NetStatisticsGet
NetConnectionEnum
NetScheduleJobDel
DsGetForestTrustInformationW
NetLocalGroupDelMember
NetpwPathCanonicalize
NetUserChangePassword
NetReplExportDirAdd
NetUserAdd
NetDfsRename
NetAlertRaise
NetMessageNameEnum

kernel32

GetThreadContext
LoadLibraryExA
VirtualAlloc
SetConsoleActiveScreenBuffer
FindNextFileW
RegisterWaitForSingleObjectEx
AreFileApisANSI
GetPrivateProfileStructA
LoadLibraryA
FindFirstVolumeMountPointW
GetModuleHandleW
InitializeCriticalSection
GetCommandLineA
HeapCreate
SetConsoleMaximumWindowSize
GetFirmwareEnvironmentVariableA
GetDefaultCommConfigA
GetEnvironmentVariableW
MoveFileExW

wintrust

WTHelperGetProvSignerFromChain
CryptCATCDFEnumMembers
AddPersonalTrustDBPages
WVTAsn1SpcSpOpusInfoDecode
WVTAsn1SpcStatementTypeDecode
DriverInitializePolicy
CryptCATAdminEnumCatalogFromHash
mscat32DllUnregisterServer
GenericChainFinalProv
SoftpubDllRegisterServer
CryptCATCDFEnumMembersByCDFTag
SoftpubLoadMessage
DriverCleanupPolicy
WVTAsn1SpcLinkEncode
WTHelperCertFindIssuerCertificate

Sections

.text
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e20901c635d4a8be5f200d4e7b527a9

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

security

netapi32

kernel32

wintrust

Sections

.text Size: 115KB - Virtual size: 114KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 167KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 115KB - Virtual size: 114KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 167KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB