4504653e228bfa7dc94fcd8f325df409_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4504653e228bfa7dc94fcd8f325df409_JaffaCakes118
Size

342KB
MD5

4504653e228bfa7dc94fcd8f325df409
SHA1

2cad63cf963809e9d95712478cb5a816e5694644
SHA256

7e17041affa27304bf32618f5f3e20020e7be866c594c54a134a4219beab52fd
SHA512

4bab5ad14d695d50c21ee8757a2379f3b8c713d1199c18a9b0659c60d9be6684cf455105bd46e43254e89db047a2083d05982b5430664047c526fd51415358ed
SSDEEP

6144:QBGshTu4YgqCbNbnSFVT8BzuLEdpFBwg2D5OHLBA9lfRRvWSl4xRa:TNQbBnSbg9W09MOrBGRt4xRa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4504653e228bfa7dc94fcd8f325df409_JaffaCakes118

Files

4504653e228bfa7dc94fcd8f325df409_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e9f6c196a8b01afb1c0bba1a347d4172

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msi

MsiDatabaseExportW

shell32

ShellExecuteA

shlwapi

StrCatBuffW

kernel32

ExitProcess
GetCurrentProcess
GetCurrentProcessId
InitializeCriticalSection
GetDateFormatA
GetLastError
VirtualAlloc
SetUnhandledExceptionFilter
HeapReAlloc
GetTickCount
TerminateProcess
InterlockedCompareExchange
CompareFileTime
GetCurrentThreadId
lstrcmpiA
LeaveCriticalSection
HeapFree
lstrlenW
GetProcAddress
FileTimeToSystemTime
EnterCriticalSection
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetProcessWorkingSetSize
DeleteCriticalSection
QueryPerformanceCounter
lstrlenA
HeapAlloc

wintrust

WTHelperCertIsSelfSigned
WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WintrustRemoveActionID
WintrustAddActionID

gdi32

GetTextExtentPointA
GetTextMetricsW
GetTextMetricsA
GetTextExtentPointW
SelectObject
DeleteObject

user32

GetWindowLongA
CreateWindowExW
ReleaseDC
SetFocus
SetCursor
SetDlgItemTextA
LoadImageA
SendMessageA
GetSysColor
SendMessageW
CallMsgFilterA
DialogBoxParamA
GetDlgItemTextA
MessageBeep
LoadBitmapA
SetWindowLongA
EndDialog
LoadCursorA
GetDC
GetWindowRect
SendDlgItemMessageA
WinHelpA
DialogBoxIndirectParamA
DialogBoxParamW
GetDlgItem
ShowWindow
DialogBoxIndirectParamW
GetParent
EnableWindow

cfgmgr32

CM_Get_Child

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 221KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e9f6c196a8b01afb1c0bba1a347d4172

Headers

DLL Characteristics

File Characteristics

Imports

msi

shell32

shlwapi

kernel32

wintrust

gdi32

user32

cfgmgr32

Sections

.text Size: 5KB - Virtual size: 5KB

.data Size: 221KB - Virtual size: 1.8MB

.rdata Size: 43KB - Virtual size: 42KB

.idata Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 28B

.rsrc Size: 181KB - Virtual size: 180KB

.text
Size: 5KB - Virtual size: 5KB

.data
Size: 221KB - Virtual size: 1.8MB

.rdata
Size: 43KB - Virtual size: 42KB

.idata
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 28B

.rsrc
Size: 181KB - Virtual size: 180KB