5344b2856c796a12f041747102e07226_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5344b2856c796a12f041747102e07226_JaffaCakes118
Size

103KB
MD5

5344b2856c796a12f041747102e07226
SHA1

9a3ebd957a120b6a332ee36c3322c6935f61411e
SHA256

fe3705d4ca553aa85e61616e39df17c6d264d77c289496698a838d6302687670
SHA512

0ab86e7649b6e0cb371af6a024dd2108ca564542a2f41731e85dd360d00becfa248f1901d4989b8514dacc171fb7723dbea847770317006f185bc81fc0954559
SSDEEP

3072:64TrqYjqk1nMSAH664+Eyhzy9rm96anR244+X3:6QjVMSAa6qoy9r26anR2gX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5344b2856c796a12f041747102e07226_JaffaCakes118

Files

5344b2856c796a12f041747102e07226_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2ec7c1853f582f82c50e602cbd93ad20

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExW
RegCreateKeyExW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegDeleteKeyW
RegDeleteValueW

kernel32

GetEnvironmentStringsW
CreateFileW
FormatMessageW
GlobalUnlock
SetUnhandledExceptionFilter
GetProcAddress
WideCharToMultiByte
FileTimeToLocalFileTime
GetTickCount
LocalFree
LocalReAlloc
GetModuleFileNameW
GetCurrentProcess
GetModuleHandleA
GetStartupInfoA
CloseHandle
OutputDebugStringA
lstrcpyW
InterlockedIncrement
InterlockedDecrement
GlobalLock
InitializeCriticalSection
GetCPInfo
DeleteCriticalSection
GetSystemDefaultLangID
SetLastError
FileTimeToSystemTime
IsBadReadPtr
GetDateFormatW
GetComputerNameW
lstrcmpiW
GlobalFree
GetSystemWindowsDirectoryW
OutputDebugStringW
lstrlenW
LoadLibraryW
QueryPerformanceCounter
GlobalAlloc
GetCurrentThread
GetLastError
GetSystemTimeAsFileTime

msvcrt

memmove
wcscpy
wcschr
wcslen
_initterm
??3@YAXPAX@Z
malloc
_except_handler3
free
wcsstr
_wcsicmp
wcstoul
wcscat
__RTDynamicCast
__dllonexit
vswprintf
wcscmp
_adjust_fdiv
?terminate@@YAXXZ
_onexit
??1type_info@@UAE@XZ
??2@YAPAXI@Z
mbstowcs
_wcsupr
wcsrchr

certcli

CASetCertTypeProperty
CASetCertTypeFlags
CAEnumNextCertType
CAUpdateCertType
CAGetCertTypeKeySpec
CAGetCertTypeExtensions
CASetCertTypeKeySpec
CACertTypeGetSecurity
CAGetCertTypeFlags
CAAddCACertificateType
CAEnumCertTypes
CAFreeCertTypeExtensions
CACloseCA
CAEnumCertTypesForCA
CAFreeCAProperty
CARemoveCACertificateType
CASetCertTypeExtension
CAGetCAProperty
CAGetCertTypeProperty
CAGetCertTypePropertyEx
CAUpdateCA
CAFreeCertTypeProperty
CACertTypeSetSecurity
CAFindByName
CACloseCertType
CACreateCertType
CAFindCertTypeByName

user32

LoadBitmapW
SystemParametersInfoW
InsertMenuItemW
ReleaseDC
LoadStringW
GetParent
SetWindowTextW
WinHelpW
LoadCursorW
EnableWindow
SetDlgItemTextW
GetWindowLongW
SetFocus
PostMessageW
SetCursor
SendDlgItemMessageW
DialogBoxParamW
SendMessageW
GetDC
GetDlgItem
LoadIconW
LoadImageW
GetDlgItemTextA
wsprintfW
EndDialog
SetWindowLongW
MessageBoxW
RegisterClipboardFormatW

comctl32

PropertySheetW
CreatePropertySheetPageW

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ec7c1853f582f82c50e602cbd93ad20

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

certcli

user32

comctl32

Sections

.text Size: 47KB - Virtual size: 47KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 16KB - Virtual size: 89KB

.rsrc Size: 24KB - Virtual size: 24KB

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 16KB - Virtual size: 89KB

.rsrc
Size: 24KB - Virtual size: 24KB