3b1aba9abeb89a0a7043ccce397c1aec_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3b1aba9abeb89a0a7043ccce397c1aec_JaffaCakes118
Size

64KB
MD5

3b1aba9abeb89a0a7043ccce397c1aec
SHA1

477c618dfb5a7250281255984bbee34888fec4b5
SHA256

4760932aaab7fc5777392bfcaf1e510c9d9361230315d1ea1479f8a5b90f3727
SHA512

04d723ecdc3a9998bdcfb4bdb4f510d24b4e751091e23c676b87d15242a799c1b12e205a15878e88f049f769139273642520721f2ee975b199e58fa89f4f81a9
SSDEEP

1536:lIX8cjXssLo0KYiB/KJPV7V1pFEqQgzby+AWqc2hrHytMtpx:lnsVKB/0f1pFnQqbWhrHoMB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b1aba9abeb89a0a7043ccce397c1aec_JaffaCakes118

Files

3b1aba9abeb89a0a7043ccce397c1aec_JaffaCakes118
.exe windows:5 windows x86 arch:x86

23beb651722004388118416b9caefbb2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dssenh

CPReleaseContext
CPGetUserKey
CPGetHashParam
CPGetKeyParam
CPSetKeyParam
CPHashSessionKey
CPSetProvParam
CPDuplicateKey
CPDecrypt
CPDestroyKey
CPSignHash
CPDuplicateHash
CPDeriveKey
CPCreateHash
CPEncrypt
CPGetProvParam
CPGenKey
CPImportKey
CPAcquireContext
CPSetHashParam
CPDestroyHash
CPVerifySignature
CPExportKey
CPGenRandom
CPHashData

crypt32

CertVerifyCertificateChainPolicy
CertDuplicateCRLContext
CertGetCertificateChain
CertCreateCRLContext
I_CryptAddSmartCardCertToStore
CryptFindOIDInfo
CertCreateSelfSignCertificate
RegCreateKeyExU
CertAddEncodedCertificateToStore
CryptVerifySignatureU
CertVerifyCRLRevocation
CertCreateCertificateContext
RegCreateHKCUKeyExU
CryptExportPublicKeyInfo
CertGetIssuerCertificateFromStore
CertGetEnhancedKeyUsage
CryptRegisterDefaultOIDFunction
CryptAcquireContextU
CertVerifyRevocation
CryptVerifyDetachedMessageSignature
I_CryptRegisterSmartCardStore
CertAddStoreToCollection
CryptEncodeObject
I_CryptGetDefaultCryptProv
CryptEncodeObjectEx
I_CertProtectFunction
CryptVerifyMessageSignatureWithKey
CertSerializeCertificateStoreElement
CertOIDToAlgId
CryptSignAndEncryptMessage
CertEnumCTLContextProperties
CryptCreateKeyIdentifierFromCSP
I_CryptGetFileVersion
CryptSIPRetrieveSubjectGuid
CertVerifyTimeValidity
CertEnumSubjectInSortedCTL

ole32

DllGetClassObject
HWND_UserFree
CoDisableCallCancellation
GetErrorInfo
CoAllowSetForegroundWindow
CoFreeUnusedLibraries
CreateOleAdviseHolder
CoGetMalloc
WdtpInterfacePointer_UserMarshal
HMETAFILE_UserFree
CoRegisterMallocSpy
StgOpenStorageOnILockBytes
CoGetPSClsid
SNB_UserMarshal
OleLockRunning
HGLOBAL_UserSize
STGMEDIUM_UserSize
CLSIDFromProgID
OleCreateEmbeddingHelper
OleConvertOLESTREAMToIStorageEx
ComPs_NdrDllCanUnloadNow
StgCreatePropSetStg
HBITMAP_UserMarshal
HICON_UserSize
HMETAFILEPICT_UserFree
HPALETTE_UserMarshal
ReadClassStg
StgOpenStorageEx
CoGetInterceptor
CreateGenericComposite
MonikerCommonPrefixWith
OleSetContainedObject
GetHGlobalFromILockBytes

kernel32

VerifyVersionInfoW
GlobalFindAtomW
GetNumaAvailableMemoryNode
PostQueuedCompletionStatus
GetStartupInfoW
GetConsoleScreenBufferInfo
RemoveDirectoryA
EnumUILanguagesW
DebugBreakProcess
SetProcessWorkingSetSize
VirtualQueryEx
GlobalAddAtomA
ScrollConsoleScreenBufferW
TermsrvAppInstallMode
IsBadHugeWritePtr
SetConsoleCursorPosition
MoveFileWithProgressW
GetModuleHandleW
GetConsoleCommandHistoryLengthA
GetNumberOfConsoleFonts
DosPathToSessionPathA
WriteProcessMemory
ChangeTimerQueueTimer
GlobalUnlock
SetCriticalSectionSpinCount
InitializeCriticalSection
WriteConsoleInputW
InitAtomTable
VerifyVersionInfoA
GetVersionExW
EnumCalendarInfoA
GetSystemTime
GetModuleFileNameA
lstrlenW
SetThreadContext
EnumDateFormatsW
GetGeoInfoW
IsDBCSLeadByteEx
LoadLibraryA
GetWindowsDirectoryA
SetConsoleLocalEUDC
QueryPerformanceCounter
GetCalendarInfoA
GetProfileIntW
SetLocalPrimaryComputerNameW
IsBadReadPtr
GetConsoleAliasExesA
SetFileShortNameA
CreateProcessInternalA
OutputDebugStringA
VirtualAlloc
GetConsoleProcessList

msi

MsiReinstallFeatureW
MsiGetDatabaseState
MsiProvideAssemblyW
MsiDatabaseImportA
MsiGetFileVersionW
MsiSetExternalUIA
MsiOpenDatabaseA
MsiNotifySidChangeA
MsiEnumPatchesW
MsiReinstallProductA
MsiAdvertiseProductW
MsiCreateTransformSummaryInfoA
MsiGetActiveDatabase
MsiApplyPatchA
MsiIsProductElevatedW
MsiQueryFeatureStateA
MsiGetShortcutTargetW
MsiGetFeatureUsageW
MsiGetProductPropertyW
MsiDeleteUserDataA
MsiOpenPackageExA
MsiSourceListForceResolutionW
MsiInstallMissingFileW
MsiProvideComponentFromDescriptorA
MsiRecordSetInteger
MsiAdvertiseProductA

msdart

?TryReadLock@CCritSec@@QAE_NXZ
mpCalloc
?ConvertExclusiveToShared@CReaderWriterLock@@QAEXXZ
?WriteUnlock@CReaderWriterLock2@@QAEXXZ
?GetDefaultSpinCount@CCritSec@@SGGXZ
?IsWriteUnlocked@CFakeLock@@QBE_NXZ
?WriteUnlock@CCritSec@@QAEXXZ
??4CLockedDoubleList@@QAEAAV0@ABV0@@Z
?TryWriteLock@CSpinLock@@QAE_NXZ
?_DeleteIf@CLKRLinearHashTable@@AAEKP6G?AW4LK_PREDICATE@@PBXPAX@Z1AAW42@@Z
?WriteLock@CFakeLock@@QAEXXZ
?GetDefaultSpinAdjustmentFactor@CCritSec@@SGNXZ
?GetSpinCount@CReaderWriterLock2@@QBEGXZ
?CreateHolder@@YGJPAUIGPDispenser@@HIPAPAUIGPHolder@@@Z
?WriteUnlock@CFakeLock@@QAEXXZ
?_WriteLockSpin@CReaderWriterLock3@@AAEXXZ
??0CReaderWriterLock2@@QAE@XZ
?_LockSpin@CReaderWriterLock2@@AAEX_N@Z
?SetDefaultSpinAdjustmentFactor@CSpinLock@@SGXN@Z
?_SegIndex@CLKRLinearHashTable@@ABEKK@Z
?IsLocked@CLockedSingleList@@QBE_NXZ
?GetDefaultSpinAdjustmentFactor@CReaderWriterLock@@SGNXZ
?Lock@CLockedSingleList@@QAEXXZ
?SetDefaultSpinAdjustmentFactor@CReaderWriterLock@@SGXN@Z
?TryWriteLock@CReaderWriterLock3@@QAE_NXZ
?_H0@CLKRLinearHashTable@@CGKKK@Z
?FindKey@CLKRLinearHashTable@@QBE?AW4LK_RETCODE@@KPAPBX@Z
??4CFakeLock@@QAEAAV0@ABV0@@Z
?IsWriteLocked@CLKRHashTable@@QBE_NXZ
?sm_wDefaultSpinCount@CSmallSpinLock@@1GA
??4CLKRHashTableStats@@QAEAAV0@ABV0@@Z
?Pop@CLockedSingleList@@QAEQAVCSingleListEntry@@XZ

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

23beb651722004388118416b9caefbb2

Headers

DLL Characteristics

File Characteristics

Imports

dssenh

crypt32

ole32

kernel32

msi

msdart

Sections

.text Size: 63KB - Virtual size: 63KB

.rdata Size: 43KB - Virtual size: 43KB

.data Size: 46KB - Virtual size: 160KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 63KB - Virtual size: 63KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 46KB - Virtual size: 160KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B