8ae16822418b83d1b875fdf73444b84e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8ae16822418b83d1b875fdf73444b84e_JaffaCakes118
Size

103KB
MD5

8ae16822418b83d1b875fdf73444b84e
SHA1

278dee9f50adf48252083a1a1ca3f269a32fa79d
SHA256

160cd4b8addd73269b0e3368e0081ce7018cd2f7857341c0ec98c8460d6677d8
SHA512

6f42d71335e3accebc47f72929e443a4f2608d1654fdf098c83a6576747c526d3136ce203ff71d0a45de40603a26d55cb9fa294253bc770ba5b761792f095fc3
SSDEEP

3072:kadgSvUZmCH7B+sIkkDJ37UeBCNMDEB1jJK6Wg4VGr:vgScE09+sFkF7UeBCNMoBRJYT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
8ae16822418b83d1b875fdf73444b84e_JaffaCakes118

Files

8ae16822418b83d1b875fdf73444b84e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0e47c4b5264ffd442c6d9ba6b25ee94f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RemoveDirectoryA
FileTimeToSystemTime
LocalFree
InterlockedDecrement
DeleteCriticalSection
GetCurrentProcess
IsBadReadPtr
OutputDebugStringW
GetEnvironmentStringsW
GetModuleFileNameW
SetLastError
GetLastError
OutputDebugStringA
GetDateFormatW
GetStartupInfoA
LoadLibraryW
GlobalUnlock
CreateFileW
GetACP
lstrlenW
InitializeCriticalSection
GlobalFree
GetTickCount
InterlockedIncrement
GetModuleHandleA
FileTimeToLocalFileTime
GlobalAlloc
QueryPerformanceCounter
CloseHandle
WideCharToMultiByte
GetSystemDefaultLangID
GetSystemWindowsDirectoryW
FormatMessageW
lstrcpyW
GetComputerNameW
LocalReAlloc
lstrcmpiW
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GlobalLock

msvcrt

??1type_info@@UAE@XZ
vswprintf
wcslen
wcscmp
wcsstr
_adjust_fdiv
_onexit
wcschr
wcsrchr
wcscat
??2@YAPAXI@Z
_purecall
wcstoul
wcscpy
__dllonexit
__RTDynamicCast
memmove
_wcsicmp
free
_initterm
_wcsupr
?terminate@@YAXXZ
??3@YAXPAX@Z
malloc
_except_handler3
mbstowcs

certcli

CAFindByName
CASetCertTypeExtension
CACertTypeSetSecurity
CACertTypeGetSecurity
CACloseCA
CAFreeCAProperty
CAEnumCertTypesForCA
CAGetCertTypePropertyEx
CAGetCertTypeExtensions
CASetCertTypeProperty
CAFreeCertTypeProperty
CACloseCertType
CAFindCertTypeByName
CAEnumNextCertType
CASetCertTypeFlags
CAFreeCertTypeExtensions
CAAddCACertificateType
CAGetCertTypeProperty
CAGetCertTypeFlags
CAGetCertTypeKeySpec
CAEnumCertTypes
CAGetCAProperty
CAUpdateCA
CAUpdateCertType
CASetCertTypeKeySpec
CARemoveCACertificateType
CACreateCertType

user32

PostMessageW
LoadIconW
GetDlgItemTextA
GetParent
SystemParametersInfoW
MessageBoxW
ReleaseDC
LoadBitmapW
LoadCursorW
WinHelpW
GetDlgItem
EnableWindow
GetDC
SetWindowTextW
wsprintfW
SendMessageW
LoadImageW
DialogBoxParamW
SetFocus
SetDlgItemTextW
SetCursor
SetWindowLongW
LoadStringW
GetWindowLongW
InsertMenuItemW
RegisterClipboardFormatW
EndDialog
SendDlgItemMessageW

advapi32

RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW

comctl32

PropertySheetW
CreatePropertySheetPageW

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e47c4b5264ffd442c6d9ba6b25ee94f

Headers

File Characteristics

Imports

kernel32

msvcrt

certcli

user32

advapi32

comctl32

Sections

.text Size: 47KB - Virtual size: 47KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 16KB - Virtual size: 103KB

.rsrc Size: 24KB - Virtual size: 24KB

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 16KB - Virtual size: 103KB

.rsrc
Size: 24KB - Virtual size: 24KB