8482f159eada13e10e4824a18c7c69b5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8482f159eada13e10e4824a18c7c69b5_JaffaCakes118
Size

100KB
MD5

8482f159eada13e10e4824a18c7c69b5
SHA1

ee8e812719cebcefed9d9ff69d23bbe90c26b859
SHA256

47028ccdd2eb43c9eec866ada63983ec169e31249e040e197dd8b89db83922fc
SHA512

6bcc33093424f3a58b7e9d1e951e4c9d4bcbd3547fd849e8cc50ed7d4cd96f62da10f0ad56d144d88008ab9abf09c9be4f1000578dbe1d3e4a698c76549f0d3d
SSDEEP

3072:4YV7oSK53ikUMx2HBoyHHiQqpKB/VJnhQMboKL:j7oBik526OHJzB/fnh7s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8482f159eada13e10e4824a18c7c69b5_JaffaCakes118

Files

8482f159eada13e10e4824a18c7c69b5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5c5b6f2918d13c4dec4de1964781b0bb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
OutputDebugStringW
DeleteCriticalSection
GetEnvironmentStringsW
InterlockedIncrement
GlobalFree
lstrcmpiW
CreateFileW
SetUnhandledExceptionFilter
CloseHandle
GetCurrentProcess
lstrcpyW
FileTimeToLocalFileTime
GetDateFormatW
GetModuleFileNameW
GlobalLock
InterlockedDecrement
GetStartupInfoA
GlobalAlloc
QueryPerformanceCounter
lstrlenW
GetModuleHandleA
RemoveDirectoryA
GetLastError
GetSystemDefaultLangID
LoadLibraryW
WideCharToMultiByte
GetCPInfo
GlobalUnlock
GetTickCount
GetSystemWindowsDirectoryW
IsBadReadPtr
InitializeCriticalSection
LocalReAlloc
FormatMessageW
SetLastError
GetSystemTimeAsFileTime
GetProcAddress
GetComputerNameW
FileTimeToSystemTime
OutputDebugStringA

user32

InsertMenuItemW
GetDlgItemTextA
LoadStringW
MessageBoxW
PostMessageW
SetFocus
ReleaseDC
SendMessageW
DialogBoxParamW
SetCursor
LoadIconW
SendDlgItemMessageW
wsprintfW
RegisterClipboardFormatW
GetDC
SetWindowLongW
GetWindowLongW
SystemParametersInfoW
GetParent
GetDlgItem
SetWindowTextW
LoadBitmapW
EnableWindow
SetDlgItemTextW
WinHelpW
LoadCursorW
EndDialog
LoadImageW

msvcrt

_except_handler3
memmove
_adjust_fdiv
vswprintf
wcscmp
_onexit
__RTDynamicCast
wcschr
wcsstr
??3@YAXPAX@Z
?terminate@@YAXXZ
wcscat
mbstowcs
wcslen
free
_wcsicmp
_wcsupr
??2@YAPAXI@Z
_initterm
wcstoul
malloc
__dllonexit
wcsrchr
??1type_info@@UAE@XZ
wcscpy

certcli

CAUpdateCA
CAEnumCertTypes
CAAddCACertificateType
CASetCertTypeExtension
CAGetCAProperty
CARemoveCACertificateType
CASetCertTypeKeySpec
CASetCertTypeProperty
CACloseCertType
CASetCertTypeFlags
CAEnumNextCertType
CAGetCertTypePropertyEx
CAGetCertTypeKeySpec
CACloseCA
CAUpdateCertType
CAFreeCertTypeExtensions
CAFindByName
CAEnumCertTypesForCA
CAGetCertTypeExtensions
CACreateCertType
CAGetCertTypeProperty
CACertTypeGetSecurity
CAFreeCertTypeProperty
CAFreeCAProperty
CAFindCertTypeByName
CACertTypeSetSecurity
CAGetCertTypeFlags

advapi32

RegDeleteKeyW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW

comctl32

CreatePropertySheetPageW
PropertySheetW

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c5b6f2918d13c4dec4de1964781b0bb

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

certcli

advapi32

comctl32

Sections

.text Size: 45KB - Virtual size: 44KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 16KB - Virtual size: 74KB

.rsrc Size: 24KB - Virtual size: 24KB

.text
Size: 45KB - Virtual size: 44KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 16KB - Virtual size: 74KB

.rsrc
Size: 24KB - Virtual size: 24KB