3904bb48c7561446c525616613f10c80_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3904bb48c7561446c525616613f10c80_JaffaCakes118
Size

1.2MB
MD5

3904bb48c7561446c525616613f10c80
SHA1

2543dcb5bc80e53479bab8f1919248c9afa85bc3
SHA256

b07dea2c9801cb0ab108596aab419060625751e7f983d9892ed46b8cba1761ae
SHA512

aa5fd3a42dcc6fca14ab285b9531dc53e51e668a9f219e30402e2ac9753b66db7fecee06eebb11c5b5b4b0179d66976df27722cb556cf3fc0be9d822f6a81c75
SSDEEP

24576:xkeLHX/eL2cL93q7zmUtypmoY6GvHcy+hykuug:xZbX/8HYYYxv+h2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3904bb48c7561446c525616613f10c80_JaffaCakes118

Files

3904bb48c7561446c525616613f10c80_JaffaCakes118
.exe windows:0 windows x86 arch:x86

80a9ef37407de27e7cf50a012b771f3c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

GetSysColorBrush
LoadStringA
ChildWindowFromPoint
OffsetRect
GetSysColor
DestroyWindow
EnableWindow
GetWindowRect
EndDialog
DrawTextA
BeginPaint
GetWindowLongA
LoadIconA
CreateWindowExA
SystemParametersInfoA
UpdateWindow
EnableMenuItem
GetClipboardData
DefWindowProcA
CheckMenuItem
LoadAcceleratorsA
CharNextA
CreateDialogParamA
CallWindowProcA
CheckRadioButton
GetClientRect
RegisterClassExA
SetWindowLongA
SetDlgItemInt
ScreenToClient
DispatchMessageA
GetWindowTextA
HideCaret
SetCursor
InvalidateRect
MessageBoxA
GetProcessDefaultLayout
EndPaint
CloseClipboard
MapWindowPoints
ShowWindow
IsClipboardFormatAvailable
GetMessageA
LoadCursorA
DialogBoxParamA
IsDialogMessageA
OpenClipboard
PostQuitMessage
SetWindowPos
DestroyMenu
IsChild
GetSubMenu
SetWindowTextA
TranslateAcceleratorA
GetMenu
GetDlgItem
SetMenu
GetDesktopWindow
SendMessageA
TrackPopupMenuEx
CheckDlgButton
GetDlgCtrlID
CheckMenuRadioItem
SetProcessDefaultLayout
MessageBeep
LoadMenuA
SetFocus
WinHelpA
SetDlgItemTextA
TranslateMessage

kernel32

GetFileTime
lstrlenA
SetNamedPipeHandleState
GetStringTypeExA
VirtualAlloc
GetFileAttributesExA
GetSystemTimeAsFileTime
WriteFileGather
SetFirmwareEnvironmentVariableA
CreateMutexA
GetNamedPipeInfo
WaitNamedPipeA
lstrcpynA
ReadFileEx
GetLocalTime
GetFirmwareEnvironmentVariableA
DosDateTimeToFileTime
SetFilePointerEx
SystemTimeToFileTime
WriteFile
PeekNamedPipe
WriteFileEx
SetFilePointer
InterlockedPopEntrySList
InterlockedDecrement
InterlockedFlushSList
DeleteFileA
ConnectNamedPipe
CallNamedPipeA
InterlockedPushEntrySList
DisconnectNamedPipe
CloseHandle
FileTimeToDosDateTime
GetLastError
InterlockedExchange
InterlockedCompareExchange
CreateFileA
lstrcmpA
GetStringTypeA
GetFileAttributesA
FreeEnvironmentStringsA
GetSystemTime
ReadFile
SetEnvironmentVariableA
ReadFileScatter
GetProcessHeaps
lstrcmpiA
GetSystemTimes
GetEnvironmentVariableA
CompareStringA
InterlockedExchangeAdd
TransactNamedPipe
InterlockedIncrement
GetNamedPipeHandleStateA
IsBadStringPtrA
ExpandEnvironmentStringsA
GetSystemTimeAdjustment
ReleaseMutex
HeapCreate
FileTimeToSystemTime
VirtualFree
lstrcpyA
lstrcatA
FileTimeToLocalFileTime
GetEnvironmentStringsA
GetCurrentProcessId
OpenMutexA

cryptui

CryptUIDlgSelectCertificateFromStore
CryptUIDlgViewCertificatePropertiesA
CryptUIDlgSelectCertificateA
WizardFree
CryptUIWizSubmitCertRequestNoDS
CryptUIWizExport
CryptUIDlgViewCTLA
CryptUIDlgSelectStoreA
CryptUIFreeCertificatePropertiesPagesA
CryptUIDlgFreeCAContext
CryptUIDlgSelectCA
CryptUIWizFreeDigitalSignContext
CryptUIWizBuildCTL
CryptUIDlgViewCRLA
CryptUIWizFreeCertRequestNoDS
CryptUIFreeViewSignaturesPagesA
DllUnregisterServer
CryptUIWizCertRequest
CryptUIGetViewSignaturesPagesA
CryptUIDlgViewContext
CryptUIWizDigitalSign
EnrollmentCOMObjectFactory_getInstance
RetrievePKCS7FromCA
CryptUIDlgViewCertificateA
CryptUIDlgViewSignerInfoA
CryptUIDlgCertMgr
I_CryptUIProtectFailure
CryptUIWizCreateCertRequestNoDS
I_CryptUIProtect
LocalEnroll
ACUIProviderInvokeUI
CryptUIWizQueryCertRequestNoDS
CryptUIWizImport
LocalEnrollNoDS
CryptUIGetCertificatePropertiesPagesA
CryptUIStartCertMgr
DllRegisterServer

advpack

LaunchINFSectionEx
AddDelBackupEntry
FileSaveRestoreOnINF
UserUnInstStubWrapper
GetVersionFromFileEx
FileSaveMarkNotExist
UserInstStubWrapper
RunSetupCommand
DelNodeRunDLL32
FileSaveRestore
RegSaveRestoreOnINF
GetVersionFromFile
RegRestoreAll
DelNode
NeedRebootInit
ExtractFiles
AdvInstallFile
TranslateInfString
RegisterOCX
OpenINFEngine
CloseINFEngine
LaunchINFSection
NeedReboot
IsNTAdmin
DoInfInstall
SetPerUserSecValues
RegInstall
ExecuteCab
TranslateInfStringEx
RegSaveRestore
RebootCheckOnInstall

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 89KB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

80a9ef37407de27e7cf50a012b771f3c

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

cryptui

advpack

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.data Size: 52KB - Virtual size: 51KB

.rsrc Size: 89KB - Virtual size: 3.1MB

.text
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 52KB - Virtual size: 51KB

.rsrc
Size: 89KB - Virtual size: 3.1MB