44e9b7fb953596da53d1840f9c7f49ee_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

44e9b7fb953596da53d1840f9c7f49ee_JaffaCakes118
Size

824KB
MD5

44e9b7fb953596da53d1840f9c7f49ee
SHA1

a1ec73102a441674225bb2ffe72c300a74945283
SHA256

0d0508af02d31e92053639e56c7a0f4812082ba36cb516d7ef81113de37913e1
SHA512

b48a2b199d9233b10875834dcbcf7a36114968f26160cd32f576b9fbee010ec99532ffacc1c15621947065491edcd21aa143b82f2b0bfd9ae975a2c1582b9374
SSDEEP

24576:/kmAri9lvVEL6WB71rrH7WyCGxhFPbzmR4uFA:/kmAClqR71rrPCG3NbiRlF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44e9b7fb953596da53d1840f9c7f49ee_JaffaCakes118

Files

44e9b7fb953596da53d1840f9c7f49ee_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4a7921f28b7415aa2c121ba768dd555f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetUserDefaultLCID
CreateTapePartition
IsValidLocale
SetCommState
SetCalendarInfoA
GetPrivateProfileStructW
SearchPathW
SetThreadUILanguage
IsProcessInJob
EnumSystemCodePagesW
SetLastError
GetMailslotInfo
InterlockedPushEntrySList
WaitNamedPipeW
GetVolumePathNameW
GetTickCount
CreateIoCompletionPort
SetConsoleInputExeNameA
ReadFileScatter
VerifyConsoleIoHandle
ReadConsoleInputExA
SetConsoleOutputCP
LoadLibraryW
UpdateResourceW
GetFileAttributesExW
GlobalHandle

usp10

UspAllocCache
ScriptString_pcOutChars
ScriptItemize
ScriptJustify
UspAllocTemp
ScriptLayout
ScriptBreak
ScriptApplyLogicalWidth
LpkPresent
ScriptStringValidate
ScriptFreeCache
ScriptStringCPtoX
ScriptStringGetLogicalWidths
ScriptGetLogicalWidths
ScriptStringGetOrder
ScriptStringFree
ScriptShape
ScriptGetGlyphABCWidth
ScriptStringXtoCP
ScriptCPtoX
ScriptGetProperties
ScriptString_pSize
ScriptRecordDigitSubstitution
ScriptTextOut
ScriptString_pLogAttr
ScriptGetFontProperties

msoert2

ReplaceChars
PszToANSI
PszScanToCharA
HrGetCertKeyUsage
WriteStreamToFileW
HrFillRasCombo
HrCreatePhonebookEntry
FIsEmptyA
HrStreamSeekEnd
HrCreateTridentMenu
HrCopyStreamCB

certcli

CAOIDFreeProperty
CAInstallDefaultCertType
CAFreeCAProperty
CAFreeCertTypeProperty
CACreateCertType
CACertTypeAccessCheck
DllUnregisterServer
CAFindByCertType
CAAccessCheck

advapi32

GetNamedSecurityInfoA
CryptEnumProvidersW
CryptSignHashA
RegQueryValueA
CryptExportKey
LsaQueryInformationPolicy
ConvertStringSDToSDRootDomainW
SystemFunction029
LookupAccountSidW
RegConnectRegistryA
LsaRetrievePrivateData
AccessCheckByTypeResultListAndAuditAlarmA
TraceMessageVa
AddAuditAccessObjectAce
WmiFileHandleToInstanceNameW
MakeAbsoluteSD

Sections

.text
Size: 395KB - Virtual size: 395KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 173KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a7921f28b7415aa2c121ba768dd555f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

usp10

msoert2

certcli

advapi32

Sections

.text Size: 395KB - Virtual size: 395KB

.rdata Size: 124KB - Virtual size: 124KB

.data Size: 173KB - Virtual size: 1.6MB

.rsrc Size: 129KB - Virtual size: 128KB

.reloc Size: 1024B - Virtual size: 888B

.text
Size: 395KB - Virtual size: 395KB

.rdata
Size: 124KB - Virtual size: 124KB

.data
Size: 173KB - Virtual size: 1.6MB

.rsrc
Size: 129KB - Virtual size: 128KB

.reloc
Size: 1024B - Virtual size: 888B