3f08f990947bdaf5b2b08a6cb0252437_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3f08f990947bdaf5b2b08a6cb0252437_JaffaCakes118
Size

278KB
MD5

3f08f990947bdaf5b2b08a6cb0252437
SHA1

762ec5c87173f9e304b3eb0f0b42f1d021a8f87d
SHA256

d542e458107fac6b49d0a29c6a443004b1adc80d6e3e6bbe4a787f0149d33a1c
SHA512

0b2c3c642adf4c37cbb21ee8f687ef395bd86715542f4baced258e4f3d473d3ec8c381d52a00ba376afd0a34f4d5585100b184a6f8d52973c54c055b862a7e7e
SSDEEP

6144:SzNuqcaVfZ8cw4FPHDIiD5Po9cckp/4J4WxS9ycm2EoKdf:nqcaVh3dFPHUiNo9w4J4WxSwDIKdf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f08f990947bdaf5b2b08a6cb0252437_JaffaCakes118

Files

3f08f990947bdaf5b2b08a6cb0252437_JaffaCakes118
.exe windows:5 windows x86 arch:x86

cef6cabf68cf9fc41f6f3c5a33c77bf5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DdeCreateStringHandleW
DdeDisconnect
DdeGetLastError
DdeClientTransaction
DdeFreeStringHandle
DdeInitializeW
WaitForInputIdle
DdeConnect
DdeUninitialize

shell32

ShellExecuteExW

psapi

GetModuleFileNameExW

advapi32

RegCreateKeyExW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegEnumKeyExW

shlwapi

StrStrIW

ole32

CoInitialize
CoCreateInstance

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData

version

VerQueryValueA
GetFileVersionInfoSizeA

kernel32

WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
CloseHandle
GetLongPathNameW
WideCharToMultiByte
GetProcAddress
OpenProcess
GetModuleFileNameW
GetCurrentProcess
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
Sleep
ExpandEnvironmentStringsW
GetVersionExA
CreateProcessW
GetFileAttributesW
FindClose
GetLastError
FindFirstFileW
GetWindowsDirectoryW
FreeLibrary
LoadLibraryA
GetWindowsDirectoryA
CreateFileA
MultiByteToWideChar
lstrlenA
GetFileType
SetLastError
LoadLibraryW
lstrlenW
lstrcmpA
LocalFree
GetSystemTime
FormatMessageW
OutputDebugStringA
GetCurrentThreadId
GetACP
ReadFile
SetFilePointer
CreateFileW
WriteFile
GetFileSize
CreateMutexA
WaitForSingleObject
ReleaseMutex
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
TlsFree
SetEnvironmentVariableA
TlsAlloc
HeapAlloc
GetProcessHeap
GetEnvironmentVariableA
GetCurrentProcessId
TlsSetValue
OpenThread
TlsGetValue
GetFileSizeEx
SetFilePointerEx
LocalFileTimeToFileTime
SystemTimeToFileTime
DeviceIoControl
GetSystemTimeAsFileTime
RtlUnwind
GetCommandLineA
GetStartupInfoA
RaiseException
HeapReAlloc
GetModuleHandleW
InterlockedIncrement
InterlockedDecrement
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetOEMCP
IsValidCodePage
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
HeapSize
VirtualAlloc
GetModuleHandleA
LCMapStringA
LCMapStringW
VirtualQuery
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode

crypt32

CertGetCertificateContextProperty
CertGetNameStringW
CertGetNameStringA
CryptMsgClose
CertCloseStore
CryptMsgUpdate
CryptMsgOpenToDecode
CertOpenStore

Sections

.text
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 13KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 83KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cef6cabf68cf9fc41f6f3c5a33c77bf5

Headers

DLL Characteristics

File Characteristics

Imports

user32

shell32

psapi

advapi32

shlwapi

ole32

wintrust

version

kernel32

crypt32

Sections

.text Size: 153KB - Virtual size: 152KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 13KB - Virtual size: 22KB

.rsrc Size: 83KB - Virtual size: 84KB

.text
Size: 153KB - Virtual size: 152KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 13KB - Virtual size: 22KB

.rsrc
Size: 83KB - Virtual size: 84KB