53388954a508d04e5b68e6453cb0ea8a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

53388954a508d04e5b68e6453cb0ea8a_JaffaCakes118
Size

452KB
MD5

53388954a508d04e5b68e6453cb0ea8a
SHA1

573debcd6e126e666b2e43beac0d07e5163531a7
SHA256

f486ae16e4046fb0479c6a333d74ecae6d45aa942ece4aa0f044625cfca8644a
SHA512

91f50e0ee5c0fa9009fda29b745407d17e568c1878c96881fcfd1f19ffdf5637329973a1c4ed414c813ed90560372ae2b42fe9539cff19120c1932fd3d540fd2
SSDEEP

12288:2r35IRMiaUivWzspBZ/+DDFHu1jboqjhMMnMMMMM:2r35QMNNuzwTzMMnMMMMM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
53388954a508d04e5b68e6453cb0ea8a_JaffaCakes118

Files

53388954a508d04e5b68e6453cb0ea8a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6c3c58919672237db0193250a846318c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

samlib

SamRemoveMultipleMembersFromAlias
SamiEncryptPasswords
SamOpenAlias

ntdll

RtlUnwind

wintrust

WTHelperCertIsSelfSigned
WintrustRemoveActionID
WTHelperGetProvCertFromChain
WintrustAddActionID
WTHelperGetProvSignerFromChain
WinVerifyTrust

shlwapi

wnsprintfA
StrCpyNW
StrCatBuffA
StrCatBuffW

shell32

ShellExecuteA

kernel32

HeapReAlloc
HeapAlloc
GetDateFormatA
GetCurrentThreadId
GetCommandLineA
VirtualAlloc
GetProcAddress
lstrlenA
GetLastError
InterlockedCompareExchange
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
EnterCriticalSection
WinExec
SetProcessWorkingSetSize
DeleteCriticalSection
GetCurrentProcess
GetTickCount
LeaveCriticalSection
GetCurrentProcessId
lstrcmpiA
lstrlenW
HeapFree
InitializeCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CompareFileTime

advapi32

RegOpenKeyExA
CryptAcquireContextA
RegCloseKey
RegQueryValueExA

user32

SetWindowLongA
LoadImageA
GetDlgItemTextA
MessageBeep
SendMessageA
SendMessageW
SendDlgItemMessageA
EnableWindow
GetWindowRect
GetWindowLongA
LoadCursorA
DialogBoxIndirectParamA
EndDialog
ReleaseDC
SetCursor
WinHelpA
GetParent
DialogBoxIndirectParamW
GetDlgItem
CreateWindowExW
CallMsgFilterA
SetDlgItemTextA
SetFocus
GetSysColor
ShowWindow
LoadBitmapA
GetDC
DialogBoxParamW
DialogBoxParamA

gdi32

GetTextExtentPointW
GetTextMetricsA
DeleteObject
GetTextExtentPointA
GetTextMetricsW
SelectObject

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 410KB - Virtual size: 928KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c3c58919672237db0193250a846318c

Headers

DLL Characteristics

File Characteristics

Imports

samlib

ntdll

wintrust

shlwapi

shell32

kernel32

advapi32

user32

gdi32

Sections

.text Size: 1KB - Virtual size: 1KB

.data Size: 410KB - Virtual size: 928KB

.reloc Size: 512B - Virtual size: 48B

.rsrc Size: 32KB - Virtual size: 31KB

.idata Size: 2KB - Virtual size: 2KB

.rdata Size: 4KB - Virtual size: 4KB

.text
Size: 1KB - Virtual size: 1KB

.data
Size: 410KB - Virtual size: 928KB

.reloc
Size: 512B - Virtual size: 48B

.rsrc
Size: 32KB - Virtual size: 31KB

.idata
Size: 2KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 4KB