de886e77cd9f0e4062ac6878a20dd562_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

de886e77cd9f0e4062ac6878a20dd562_JaffaCakes118
Size

102KB
MD5

de886e77cd9f0e4062ac6878a20dd562
SHA1

2eab6075c57782c8a1922ffe8f2838330d647b81
SHA256

05179b54d30c4c095b00fad6457a4820ecd575a38144cc5b2bef6d8e6ee85a52
SHA512

1a3dab27fefbb15387c2892e2466cf9dbb77440893176b172da5eaf75c85c87fa622b41e29ad0f237bcd70628861703e7959cbb6326bf957559925068459a2f1
SSDEEP

3072:r/M2yW0Sh70jdBXOz/rtkM6Sh0NQ4UMPehgk2+:zxhedQdDj4vPeh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de886e77cd9f0e4062ac6878a20dd562_JaffaCakes118

Files

de886e77cd9f0e4062ac6878a20dd562_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e0631951081819c0d7c3e0653acd3212

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

certcli

CACloseCertType
CAAddCACertificateType
CASetCertTypeFlags
CAEnumCertTypes
CASetCertTypeExtension
CAFindCertTypeByName
CAFreeCAProperty
CAEnumCertTypesForCA
CAFreeCertTypeProperty
CARemoveCACertificateType
CAGetCAProperty
CAGetCertTypeProperty
CAFindByName
CAUpdateCA
CACertTypeSetSecurity
CACertTypeGetSecurity
CAGetCertTypeFlags
CACloseCA
CAGetCertTypePropertyEx
CAUpdateCertType
CAGetCertTypeKeySpec
CAFreeCertTypeExtensions
CAEnumNextCertType
CACreateCertType
CASetCertTypeKeySpec
CAGetCertTypeExtensions
CASetCertTypeProperty

advapi32

RegCloseKey
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegDeleteKeyW
RegOpenKeyExW

msvcrt

_wcsupr
_initterm
vswprintf
wcstoul
wcschr
malloc
_wcsicmp
wcscpy
??2@YAPAXI@Z
_except_handler3
__dllonexit
memmove
wcsrchr
wcslen
wcsstr
free
??1type_info@@UAE@XZ
_onexit
?terminate@@YAXXZ
mbstowcs
wcscmp
wcscat
_adjust_fdiv
__RTDynamicCast
??3@YAXPAX@Z

kernel32

lstrcpyW
SetLastError
QueryPerformanceCounter
OutputDebugStringW
GlobalLock
GetLastError
GetModuleFileNameW
GetComputerNameW
GetModuleHandleA
InterlockedIncrement
InitializeCriticalSection
DeleteCriticalSection
FileTimeToSystemTime
lstrcmpiW
GetSystemTimeAsFileTime
RemoveDirectoryA
InterlockedDecrement
GetProcAddress
GetSystemWindowsDirectoryW
GetCPInfo
GlobalFree
LocalReAlloc
CreateFileW
WideCharToMultiByte
GetStartupInfoA
OutputDebugStringA
CloseHandle
FileTimeToLocalFileTime
lstrlenW
GlobalUnlock
SetUnhandledExceptionFilter
LoadLibraryW
GetTickCount
GlobalAlloc
LocalFree
IsBadReadPtr
GetSystemDefaultLangID
GetEnvironmentStringsW
GetDateFormatW
FormatMessageW
GetCurrentProcess

user32

SendMessageW
SetDlgItemTextW
EnableWindow
SetWindowLongW
PostMessageW
GetWindowLongW
WinHelpW
LoadIconW
wsprintfW
LoadImageW
SetFocus
SetWindowTextW
MessageBoxW
DialogBoxParamW
GetParent
EndDialog
LoadCursorW
GetDC
LoadBitmapW
SystemParametersInfoW
RegisterClipboardFormatW
GetDlgItemTextA
SendDlgItemMessageW
ReleaseDC
InsertMenuItemW
LoadStringW
SetCursor
GetDlgItem

comctl32

CreatePropertySheetPageW
PropertySheetW

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0631951081819c0d7c3e0653acd3212

Headers

File Characteristics

Imports

certcli

advapi32

msvcrt

kernel32

user32

comctl32

Sections

.text Size: 47KB - Virtual size: 47KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 16KB - Virtual size: 93KB

.rsrc Size: 23KB - Virtual size: 23KB

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 16KB - Virtual size: 93KB

.rsrc
Size: 23KB - Virtual size: 23KB