a548aa47c430bceaf2db668fbb2872f4_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a548aa47c430bceaf2db668fbb2872f4_JaffaCakes118
Size

100KB
MD5

a548aa47c430bceaf2db668fbb2872f4
SHA1

146388013ecc59ab2573d5c68ea8c139a84123d3
SHA256

41b60e4d42443974ad5d3541b75eb30fd96b7f4d33a01b914d67c1b99cdd1d5e
SHA512

72a2ece01096af06539b9eff34f70fdd27b3c23e056cbef2622667b96c68be3675b698c61c72fc0e21f42168680c928ac4850416ad10472c54163c1f2b9addd6
SSDEEP

1536:V9fx6XjnH47chvSmjMPneOTk++Gd1aqO1Q/2tltbf6joJwYk:bxez0chfwGIk4d1aqYHltb0oJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a548aa47c430bceaf2db668fbb2872f4_JaffaCakes118

Files

a548aa47c430bceaf2db668fbb2872f4_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6bec0e3f05e0b46682e8c0f849e7fa65

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
GlobalFree
GlobalAlloc
OutputDebugStringW
GetComputerNameW
FormatMessageW
LocalReAlloc
GetSystemWindowsDirectoryW
DeleteCriticalSection
GetSystemDefaultLangID
InterlockedDecrement
WideCharToMultiByte
GetCurrentProcess
GlobalUnlock
FileTimeToLocalFileTime
GlobalLock
GetTickCount
InterlockedIncrement
SetLastError
GetModuleFileNameW
GetSystemTimeAsFileTime
GetCPInfo
SetUnhandledExceptionFilter
GetCurrentThread
lstrcmpiW
OutputDebugStringA
QueryPerformanceCounter
GetEnvironmentStringsW
IsBadReadPtr
lstrcpyW
CreateFileW
GetDateFormatW
LoadLibraryW
FileTimeToSystemTime
InitializeCriticalSection
GetLastError
CloseHandle
LocalFree
GetModuleHandleA
lstrlenW
GetProcAddress

user32

SetFocus
SetWindowLongW
DialogBoxParamW
PostMessageW
GetWindowLongW
LoadCursorW
GetDC
GetDlgItem
LoadImageW
wsprintfW
LoadIconW
SendDlgItemMessageW
WinHelpW
SystemParametersInfoW
EndDialog
MessageBoxW
LoadBitmapW
InsertMenuItemW
EnableWindow
GetParent
SetDlgItemTextW
ReleaseDC
GetDlgItemTextA
LoadStringW
SetWindowTextW
RegisterClipboardFormatW
SetCursor
SendMessageW

msvcrt

wcscpy
memmove
wcscmp
__RTDynamicCast
??3@YAXPAX@Z
malloc
mbstowcs
_wcsupr
_initterm
??1type_info@@UAE@XZ
wcscat
_onexit
_except_handler3
wcslen
??2@YAPAXI@Z
vswprintf
free
_adjust_fdiv
_wcsicmp
__dllonexit
wcsrchr
wcsstr
wcstoul
?terminate@@YAXXZ
wcschr

certcli

CAGetCertTypeExtensions
CASetCertTypeKeySpec
CAFindByName
CAEnumCertTypes
CAFreeCertTypeExtensions
CARemoveCACertificateType
CASetCertTypeFlags
CACertTypeGetSecurity
CACloseCA
CAFreeCAProperty
CAEnumCertTypesForCA
CAGetCertTypePropertyEx
CAUpdateCertType
CAFreeCertTypeProperty
CAGetCAProperty
CAAddCACertificateType
CAFindCertTypeByName
CASetCertTypeProperty
CASetCertTypeExtension
CAEnumNextCertType
CAUpdateCA
CACloseCertType
CAGetCertTypeProperty
CACreateCertType
CAGetCertTypeKeySpec
CAGetCertTypeFlags
CACertTypeSetSecurity

comctl32

PropertySheetW
CreatePropertySheetPageW

advapi32

RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
RegQueryValueExW
RegDeleteValueW
RegEnumKeyExW

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6bec0e3f05e0b46682e8c0f849e7fa65

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

certcli

comctl32

advapi32

Sections

.text Size: 45KB - Virtual size: 44KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 16KB - Virtual size: 126KB

.rsrc Size: 24KB - Virtual size: 24KB

.text
Size: 45KB - Virtual size: 44KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 16KB - Virtual size: 126KB

.rsrc
Size: 24KB - Virtual size: 24KB