89c607f308782da06a38bb231f6a9837_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

89c607f308782da06a38bb231f6a9837_JaffaCakes118
Size

102KB
MD5

89c607f308782da06a38bb231f6a9837
SHA1

a95049d6f63698d540a48bd163e9bec3c67d1e91
SHA256

93a4bdfe94213076878b61bbdd6a59cf739eaf1262510352294838409327a0b7
SHA512

93acb95e826a7762268558afb47f3e0d4bf06fa0ee1174f4e62a7d6bea6d372a16f061305e5cec24f820edbdc834578056df56124ca6717d80ca79020b2a98a0
SSDEEP

3072:HgQUtogsl62yO6XZsETdkaf2sEzwwClI/2REfcoYEr+l:Avtohl62YOEN5EpClI/2REfcdc+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
89c607f308782da06a38bb231f6a9837_JaffaCakes118

Files

89c607f308782da06a38bb231f6a9837_JaffaCakes118
.exe windows:5 windows x86 arch:x86

723aca47e3961588f54c7038a8a70bad

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemTimeAsFileTime
GlobalFree
GetStartupInfoA
OutputDebugStringA
QueryPerformanceCounter
GetModuleHandleA
SetLastError
InterlockedDecrement
CloseHandle
GetCPInfo
GetComputerNameW
GetEnvironmentStringsW
GetModuleFileNameW
LocalReAlloc
GetLastError
IsBadReadPtr
SetUnhandledExceptionFilter
FileTimeToLocalFileTime
GetCurrentThread
OutputDebugStringW
lstrcmpiW
GlobalAlloc
GlobalLock
FileTimeToSystemTime
GlobalUnlock
InterlockedIncrement
LocalFree
InitializeCriticalSection
GetTickCount
GetSystemDefaultLangID
GetProcAddress
WideCharToMultiByte
GetCurrentProcess
LoadLibraryW
FormatMessageW
GetSystemWindowsDirectoryW
CreateFileW
lstrlenW
GetDateFormatW
lstrcpyW
DeleteCriticalSection

user32

LoadIconW
GetParent
SendDlgItemMessageW
wsprintfW
SetWindowLongW
GetDlgItem
SetDlgItemTextW
InsertMenuItemW
GetDlgItemTextA
SetWindowTextW
WinHelpW
MessageBoxW
LoadBitmapW
LoadImageW
SystemParametersInfoW
LoadStringW
EnableWindow
SetCursor
DialogBoxParamW
EndDialog
RegisterClipboardFormatW
ReleaseDC
PostMessageW
SendMessageW
GetDC
GetWindowLongW
LoadCursorW
SetFocus

msvcrt

_adjust_fdiv
free
wcsstr
wcstoul
memmove
mbstowcs
?terminate@@YAXXZ
__dllonexit
_initterm
??2@YAPAXI@Z
??1type_info@@UAE@XZ
wcscpy
_onexit
_wcsicmp
wcsrchr
wcscmp
wcslen
__RTDynamicCast
wcscat
vswprintf
??3@YAXPAX@Z
wcschr
malloc
_except_handler3
_wcsupr

advapi32

RegSetValueExW
RegDeleteKeyW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW

certcli

CACloseCA
CAFindByName
CAEnumCertTypes
CARemoveCACertificateType
CAGetCertTypeKeySpec
CAAddCACertificateType
CAFreeCAProperty
CAGetCAProperty
CASetCertTypeExtension
CAFindCertTypeByName
CASetCertTypeKeySpec
CAFreeCertTypeProperty
CAGetCertTypePropertyEx
CAGetCertTypeProperty
CASetCertTypeFlags
CAEnumCertTypesForCA
CACertTypeSetSecurity
CASetCertTypeProperty
CACreateCertType
CACloseCertType
CAGetCertTypeExtensions
CAUpdateCertType
CAGetCertTypeFlags
CACertTypeGetSecurity
CAEnumNextCertType
CAFreeCertTypeExtensions
CAUpdateCA

comctl32

PropertySheetW
CreatePropertySheetPageW

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

723aca47e3961588f54c7038a8a70bad

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

advapi32

certcli

comctl32

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 16KB - Virtual size: 85KB

.rsrc Size: 23KB - Virtual size: 22KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 16KB - Virtual size: 85KB

.rsrc
Size: 23KB - Virtual size: 22KB