54a51e53b3b9b3ed1d260c0e53e86622_JaffaCakes118

General

Target

54a51e53b3b9b3ed1d260c0e53e86622_JaffaCakes118
Size

551KB
MD5

54a51e53b3b9b3ed1d260c0e53e86622
SHA1

88c9978a25a22fd1ba208d29bbe711249304551d
SHA256

4cec89fda7f5976751db6c7a1ee57ed96f92f72d7eae0471d226028635e68b6b
SHA512

45a69e341f4268dbf0706a5bac4cc34854b5c27dd43801625a98cf12fc4c17496a2a5ae8b0d7fc65d59bf3fdf1381f8b4aebc1683acec08209e863827b15c0b5
SSDEEP

12288:R3uQG9AdRZWiQIbpGJ2TSQGx9WRAgWyEyjrwez:sQr3DC2TS19Wexk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
54a51e53b3b9b3ed1d260c0e53e86622_JaffaCakes118

Files

54a51e53b3b9b3ed1d260c0e53e86622_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2e3a7c32172188815c9887e98120f067

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

clbcatq

CheckMemoryGates
SetSetupSave

dsprop

ErrMsg
MsgBox
ReportError
CheckADsError
FindSheet

ntshrui

IsPathSharedA
IsFolderPrivateForUser
GetLocalPathFromNetResourceA
GetNetResourceFromLocalPathA
IsPathSharedW

wtsapi32

WTSWaitSystemEvent
WTSSendMessageA
WTSRegisterSessionNotification
WTSVirtualChannelRead
WTSVirtualChannelClose
WTSQueryUserConfigA
WTSUnRegisterSessionNotification
WTSEnumerateProcessesA
WTSSetUserConfigA
WTSLogoffSession
WTSFreeMemory
WTSCloseServer

crypt32

CertSaveStore
CertCompareCertificate
CertFindAttribute
CertControlStore
CertAlgIdToOID
CryptEnumOIDInfo
CertFindChainInStore
CertFindExtension
CertFreeCRLContext
CertGetNameStringA
CertFindCRLInStore
CertDuplicateCRLContext
CertCreateCRLContext

kernel32

DeviceIoControl
CreateEventA
FileTimeToSystemTime
CreateSemaphoreA
GetBinaryTypeA
IsBadStringPtrA
VirtualQueryEx
ConnectNamedPipe
GetProcessHeap
GetProcAddress
GetMailslotInfo
GetModuleHandleA
GetModuleFileNameA
CloseHandle
CreatePipe
GetAtomNameA
CreateNamedPipeA
OpenMutexA
GetLocalTime
GetFileSize
GetEnvironmentVariableA
FormatMessageA
PurgeComm
lstrcpynA
GetLogicalDrives
InterlockedExchange
FileTimeToLocalFileTime

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.qdata
Size: 504KB - Virtual size: 700KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e3a7c32172188815c9887e98120f067

Headers

File Characteristics

Imports

clbcatq

dsprop

ntshrui

wtsapi32

crypt32

kernel32

Sections

.text Size: 46KB - Virtual size: 45KB

.qdata Size: 504KB - Virtual size: 700KB

.text
Size: 46KB - Virtual size: 45KB

.qdata
Size: 504KB - Virtual size: 700KB