6b58cbe90c1a60899a08b00c69337fe5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6b58cbe90c1a60899a08b00c69337fe5_JaffaCakes118
Size

103KB
MD5

6b58cbe90c1a60899a08b00c69337fe5
SHA1

416f9a86898e3ecfe3300c12cd7b84305a0435e7
SHA256

98bbad7663845a700108f0f0bf804cb8b52d547cba7b0455fb758027f89d19dc
SHA512

dfc641a57106d6fcbb6477d936caa23328326909619f9a368c39f1156ee64e5cef88ff56fd037e6967c97c6d8b987ff485def13d0f5d2c0d3c5f54a5ad140119
SSDEEP

1536:U+aorK2hyEtJzH3HZiX+e1n4tVDsfsaHvDLY6M1ieGzH:U+aEDvbDHZiZ1qVDsFLY1ieG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6b58cbe90c1a60899a08b00c69337fe5_JaffaCakes118

Files

6b58cbe90c1a60899a08b00c69337fe5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0b3cbd80c4182a82ac6fc91b0eb93c73

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wcscpy
wcsstr
memmove
_wcsicmp
??2@YAPAXI@Z
_except_handler3
??1type_info@@UAE@XZ
wcsrchr
vswprintf
_adjust_fdiv
free
wcscmp
??3@YAXPAX@Z
_onexit
_purecall
malloc
__RTDynamicCast
?terminate@@YAXXZ
__dllonexit
wcslen
_wcsupr
mbstowcs
wcstoul
wcscat
_initterm
wcschr

kernel32

lstrlenW
RemoveDirectoryA
GetLastError
InterlockedDecrement
OutputDebugStringW
CreateFileW
GetCurrentProcess
FormatMessageW
GetDateFormatW
GlobalLock
QueryPerformanceCounter
FileTimeToSystemTime
LocalReAlloc
InterlockedIncrement
LoadLibraryW
lstrcpyW
GetModuleFileNameW
GetSystemTimeAsFileTime
InitializeCriticalSection
GetModuleHandleA
GlobalUnlock
GetStartupInfoA
GetACP
lstrcmpiW
GetSystemWindowsDirectoryW
GlobalAlloc
WideCharToMultiByte
IsBadReadPtr
GetComputerNameW
GetTickCount
GetEnvironmentStringsW
GlobalFree
DeleteCriticalSection
SetLastError
SetUnhandledExceptionFilter
FileTimeToLocalFileTime
OutputDebugStringA
CloseHandle
GetSystemDefaultLangID
LocalFree

user32

RegisterClipboardFormatW
WinHelpW
SetCursor
InsertMenuItemW
EnableWindow
SetFocus
SetDlgItemTextW
SystemParametersInfoW
ReleaseDC
LoadImageW
GetParent
SendMessageW
GetDC
GetDlgItem
LoadIconW
DialogBoxParamW
GetDlgItemTextA
MessageBoxW
LoadBitmapW
GetWindowLongW
SetWindowTextW
wsprintfW
SendDlgItemMessageW
PostMessageW
LoadStringW
EndDialog
SetWindowLongW
LoadCursorW

certcli

CASetCertTypeKeySpec
CAFreeCertTypeProperty
CASetCertTypeExtension
CAGetCAProperty
CAGetCertTypePropertyEx
CAFindByName
CAGetCertTypeExtensions
CAUpdateCertType
CARemoveCACertificateType
CAFreeCertTypeExtensions
CACloseCA
CACloseCertType
CAGetCertTypeProperty
CACertTypeSetSecurity
CAUpdateCA
CAEnumCertTypesForCA
CACreateCertType
CACertTypeGetSecurity
CAGetCertTypeFlags
CASetCertTypeProperty
CAAddCACertificateType
CAEnumCertTypes
CASetCertTypeFlags
CAFreeCAProperty
CAGetCertTypeKeySpec
CAEnumNextCertType
CAFindCertTypeByName

advapi32

RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW

comctl32

CreatePropertySheetPageW
PropertySheetW

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b3cbd80c4182a82ac6fc91b0eb93c73

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

certcli

advapi32

comctl32

Sections

.text Size: 47KB - Virtual size: 47KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 16KB - Virtual size: 82KB

.rsrc Size: 24KB - Virtual size: 24KB

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 16KB - Virtual size: 82KB

.rsrc
Size: 24KB - Virtual size: 24KB