b4f1bfc14736c3575c4d9ff5e4010086_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b4f1bfc14736c3575c4d9ff5e4010086_JaffaCakes118
Size

102KB
MD5

b4f1bfc14736c3575c4d9ff5e4010086
SHA1

856a0603c8c8f4006c64dae54186408ecee169cd
SHA256

a6bf369e6cbab2bf73abdd9157cab3b352bac9ec114a3cb1adcbae3e7e1df525
SHA512

a6ca727a2f87810a1d75b0f5f701df2f60c452bb8c0ad24f4d7d6715239b28230a687f9015f3a6f8c383170bc885377bf466c1853f50c70a67192b0c6e1bc2c7
SSDEEP

3072:L3+ktUyiQkBWoFL3EXZ1X9ltaE8Dp460:i62VFEbltEDe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4f1bfc14736c3575c4d9ff5e4010086_JaffaCakes118

Files

b4f1bfc14736c3575c4d9ff5e4010086_JaffaCakes118
.exe windows:5 windows x86 arch:x86

cb43f87022c085876010d8918b5a69dd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
GetSystemWindowsDirectoryW
GetDateFormatW
GetModuleHandleA
GetEnvironmentStringsW
lstrcpyW
GetComputerNameW
SetLastError
LocalReAlloc
CloseHandle
InitializeCriticalSection
OutputDebugStringW
FormatMessageW
GlobalLock
GetTickCount
FileTimeToLocalFileTime
RemoveDirectoryA
lstrcmpiW
QueryPerformanceCounter
GetLastError
FileTimeToSystemTime
CreateFileW
GetCPInfo
GetCurrentProcess
lstrlenW
IsBadReadPtr
GetSystemDefaultLangID
GetModuleFileNameW
GetStartupInfoA
LocalFree
WideCharToMultiByte
SetUnhandledExceptionFilter
InterlockedIncrement
InterlockedDecrement
GlobalAlloc
GlobalUnlock
LoadLibraryW
GlobalFree
OutputDebugStringA
GetSystemTimeAsFileTime
GetProcAddress

user32

RegisterClipboardFormatW
SendMessageW
SetFocus
ReleaseDC
GetDlgItemTextA
LoadStringW
LoadBitmapW
PostMessageW
SystemParametersInfoW
GetParent
GetWindowLongW
DialogBoxParamW
EnableWindow
SetCursor
GetDC
GetDlgItem
wsprintfW
LoadIconW
MessageBoxW
InsertMenuItemW
EndDialog
LoadCursorW
SetDlgItemTextW
LoadImageW
SetWindowLongW
SetWindowTextW
WinHelpW
SendDlgItemMessageW

advapi32

RegDeleteKeyW
RegQueryValueExW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW

msvcrt

_adjust_fdiv
?terminate@@YAXXZ
malloc
_initterm
wcscat
free
wcslen
__RTDynamicCast
wcscmp
wcschr
_wcsupr
vswprintf
??2@YAPAXI@Z
wcsstr
__dllonexit
mbstowcs
??3@YAXPAX@Z
_wcsicmp
_except_handler3
??1type_info@@UAE@XZ
wcscpy
wcstoul
_onexit
memmove
wcsrchr

certcli

CAFreeCAProperty
CAEnumCertTypes
CACloseCertType
CAGetCertTypeProperty
CAEnumNextCertType
CASetCertTypeKeySpec
CAGetCertTypeKeySpec
CAGetCAProperty
CAAddCACertificateType
CACertTypeGetSecurity
CAFindByName
CAFindCertTypeByName
CASetCertTypeExtension
CAFreeCertTypeExtensions
CACloseCA
CAEnumCertTypesForCA
CAFreeCertTypeProperty
CAUpdateCertType
CASetCertTypeProperty
CARemoveCACertificateType
CAGetCertTypeExtensions
CACreateCertType
CAGetCertTypePropertyEx
CAUpdateCA
CASetCertTypeFlags
CACertTypeSetSecurity
CAGetCertTypeFlags

comctl32

CreatePropertySheetPageW
PropertySheetW

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb43f87022c085876010d8918b5a69dd

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

certcli

comctl32

Sections

.text Size: 46KB - Virtual size: 45KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 16KB - Virtual size: 91KB

.rsrc Size: 25KB - Virtual size: 24KB

.text
Size: 46KB - Virtual size: 45KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 16KB - Virtual size: 91KB

.rsrc
Size: 25KB - Virtual size: 24KB