37529ea705c7c2109a655db31e99f3b4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

37529ea705c7c2109a655db31e99f3b4_JaffaCakes118
Size

376KB
MD5

37529ea705c7c2109a655db31e99f3b4
SHA1

b554d1b113e0c3b56658c2cde63041dc8d1e2de9
SHA256

b49458750e9d2a6ab6f3031fe444c30e73e0c8f44281f8c9538a4ee3b758bee1
SHA512

73e654b8a8c43eb0b4adc751b8d0f4ddb3866d45088d7bdc72bebd806461d812fbbcf3d2d025f680fa2f923b2e53dfcf4d5083574a14f30b7a42311604d406f4
SSDEEP

6144:FJiUHdKEVSZjuR1JW/c8n0MBBRj5dpXCOhF2/jFeY3Nw8Yv4egQM1xI:BKEVCuR1WcoN5+lcAe5M1y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37529ea705c7c2109a655db31e99f3b4_JaffaCakes118

Files

37529ea705c7c2109a655db31e99f3b4_JaffaCakes118
.exe windows:6 windows x86 arch:x86

9a81834a35041e6329b2e65e97aebee5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

FileTimeToSystemTime
GetEnvironmentStringsA
GetSystemTimeAdjustment
GetProcessHeap
GetStringTypeA
GetEnvironmentVariableA
IsBadStringPtrA
SetFilePointerEx
GetSystemTimeAsFileTime
lstrcatA
WriteFileGather
InterlockedExchange
FileTimeToDosDateTime
VirtualFree
SetFirmwareEnvironmentVariableA
lstrlenA
InterlockedCompareExchange
InterlockedFlushSList
GetFirmwareEnvironmentVariableA
GetModuleHandleA
lstrcpynA
TransactNamedPipe
FreeEnvironmentStringsA
GetFileAttributesExA
CompareStringA
DisconnectNamedPipe
SystemTimeToFileTime
CreateFileA
PeekNamedPipe
CallNamedPipeA
GetSystemTime
GetSystemTimes
SetEnvironmentVariableA
CloseHandle
InterlockedPopEntrySList
DosDateTimeToFileTime
InterlockedPushEntrySList
InterlockedExchangeAdd
ConnectNamedPipe
SetNamedPipeHandleState
GetProcessHeaps
ExpandEnvironmentStringsA
GetNamedPipeHandleStateA
HeapSize
lstrcmpA
HeapAlloc
ReadFile
FileTimeToLocalFileTime
lstrcmpiA
lstrcpyA
GetLocalTime
WriteFileEx
ReadFileScatter
WaitNamedPipeA
GetNamedPipeInfo
GetFileTime
DeleteFileA
SetFilePointer
InterlockedIncrement
VirtualAlloc
WriteFile
ReadFileEx
InterlockedDecrement
GetFileAttributesA
GetStringTypeExA

user32

CheckDlgButton
CheckMenuItem
RegisterClassExA
MapWindowPoints
TrackPopupMenuEx
EndPaint
CallWindowProcA
IsDialogMessageA
UpdateWindow
DrawTextA
WinHelpA
LoadIconA
GetClientRect
SetWindowLongA
DestroyWindow
TranslateAcceleratorA
GetClipboardData
GetMessageA
SetProcessDefaultLayout
SetFocus
SetWindowTextA
IsClipboardFormatAvailable
GetWindowRect
CloseClipboard
EnableWindow
GetSysColor
TranslateMessage
LoadCursorA
SystemParametersInfoA
CheckMenuRadioItem
GetDlgItem
ScreenToClient
SetWindowPos
GetWindowLongA
HideCaret
MessageBoxA
EnableMenuItem
OffsetRect
GetDlgCtrlID
SetMenu
DestroyMenu
SetCursor
CreateWindowExA
LoadStringA
SetDlgItemTextA
GetMenu
SendMessageA
DispatchMessageA
GetDesktopWindow
OpenClipboard
GetSysColorBrush
SetDlgItemInt
LoadAcceleratorsA
ShowWindow
GetSubMenu
InvalidateRect
EndDialog
LoadMenuA
CheckRadioButton
IsChild
GetProcessDefaultLayout
PostQuitMessage
CreateDialogParamA
CharNextA
ChildWindowFromPoint
DefWindowProcA
MessageBeep
DialogBoxParamA
GetWindowTextA
BeginPaint

advpack

RegSaveRestoreOnINF
FileSaveRestoreOnINF
ExecuteCab
FileSaveRestore
DelNodeRunDLL32
LaunchINFSectionEx
NeedReboot
DelNode
FileSaveMarkNotExist
DoInfInstall
TranslateInfStringEx
UserInstStubWrapper
ExtractFiles
RegisterOCX
LaunchINFSection
GetVersionFromFile
UserUnInstStubWrapper
RegRestoreAll
GetVersionFromFileEx
RebootCheckOnInstall
RegSaveRestore
CloseINFEngine
SetPerUserSecValues
RunSetupCommand
TranslateInfString
AddDelBackupEntry
RegInstall
OpenINFEngine
AdvInstallFile
IsNTAdmin
NeedRebootInit

cryptui

CryptUIDlgSelectCertificateA
CryptUIDlgViewCRLA
CryptUIStartCertMgr
CryptUIWizImport
EnrollmentCOMObjectFactory_getInstance
CryptUIWizQueryCertRequestNoDS
CryptUIDlgViewContext
DllUnregisterServer
CryptUIWizDigitalSign
CryptUIDlgViewSignerInfoA
CryptUIWizFreeCertRequestNoDS
LocalEnrollNoDS
CryptUIWizBuildCTL
LocalEnroll
CryptUIDlgViewCTLA
CryptUIDlgFreeCAContext
CryptUIDlgSelectStoreA
CryptUIDlgCertMgr
CryptUIFreeCertificatePropertiesPagesA
I_CryptUIProtect
WizardFree
CryptUIGetCertificatePropertiesPagesA
CryptUIGetViewSignaturesPagesA
CryptUIWizSubmitCertRequestNoDS
CryptUIDlgSelectCA
CryptUIWizCertRequest
CryptUIFreeViewSignaturesPagesA
RetrievePKCS7FromCA
DllRegisterServer
CryptUIWizCreateCertRequestNoDS
CryptUIDlgViewCertificateA
I_CryptUIProtectFailure
CryptUIWizFreeDigitalSignContext
CryptUIDlgViewCertificatePropertiesA
CryptUIWizExport
ACUIProviderInvokeUI
CryptUIDlgSelectCertificateFromStore

Sections

.text
Size: 281KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 736KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a81834a35041e6329b2e65e97aebee5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advpack

cryptui

Sections

.text Size: 281KB - Virtual size: 281KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 90KB - Virtual size: 736KB

.text
Size: 281KB - Virtual size: 281KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 90KB - Virtual size: 736KB