28134e9ca878988c5d33d3b8b45656e5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

28134e9ca878988c5d33d3b8b45656e5_JaffaCakes118
Size

3.1MB
MD5

28134e9ca878988c5d33d3b8b45656e5
SHA1

f582faa5c091526a0f70556f839dbbe88b8f72bc
SHA256

4daa816153bf494c147f856558649fd1a2338d6e6bcba87a947b43d3e0936177
SHA512

331a4884b1b624039ff275907109aba51926dfa9e7bd0549918a9b44fcc560569ed76472874e45d9e252f84d4020669372403dbaa773cade5ef1c7661a77cfea
SSDEEP

24576:I5UgziXCoPvIQnl7tHnkIyzTeLc8Vrn1ITGN4gle73:uUG6HnzQ8peKFeT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28134e9ca878988c5d33d3b8b45656e5_JaffaCakes118

Files

28134e9ca878988c5d33d3b8b45656e5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fb4b54f49e13471450568ef9389ab436

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSetValueExW

shlwapi

SHDeleteEmptyKeyW
PathCreateFromUrlW
UrlCanonicalizeW
PathStripToRootW
PathSkipRootW
PathRemoveFileSpecW
PathRemoveExtensionW
PathIsURLW
PathIsUNCServerW
PathIsNetworkPathW
PathIsUNCW
PathIsDirectoryW
PathFindFileNameW
PathFindExtensionW
PathFileExistsW
PathCombineW
PathCanonicalizeW
StrRetToStrW
StrCmpIW
StrTrimW
StrStrIW
StrStrW
StrRChrW
StrPBrkW
StrChrIW
StrChrW

comdlg32

ChooseColorW

crypt32

CertGetNameStringW
CryptExportPKCS8
CryptExportPublicKeyInfo
CertGetEnhancedKeyUsage
CertControlStore
CertFreeCTLContext
CertFreeCertificateChain
CertGetCertificateContextProperty
CertCreateCertificateContext
CertOpenStore
CryptMsgGetParam
CryptEnumOIDInfo
CryptFindOIDInfo
CryptDecodeObjectEx
CryptEncodeObjectEx
CertVerifyCertificateChainPolicy
CertAddEncodedCertificateToStore

kernel32

HeapReAlloc
HeapAlloc
GetACP
GetCPInfo
EnterCriticalSection
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement
GetOEMCP
GetVersion
GlobalLock
LocalFree
VirtualAlloc
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentThreadId
GetLastError
LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
GetLocalTime
LoadLibraryExW
GetLocaleInfoW
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
WideCharToMultiByte
GetEnvironmentStrings
SetHandleCount
GetStdHandle
GetFileType
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
InitializeCriticalSection

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 64.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.8sh9
Size: 305KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ao331
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb4b54f49e13471450568ef9389ab436

Headers

File Characteristics

Imports

advapi32

shlwapi

comdlg32

crypt32

kernel32

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 11KB - Virtual size: 64.2MB

.8sh9 Size: 305KB - Virtual size: 305KB

.ao331 Size: 264KB - Virtual size: 264KB

.rsrc Size: 108KB - Virtual size: 107KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 11KB - Virtual size: 64.2MB

.8sh9
Size: 305KB - Virtual size: 305KB

.ao331
Size: 264KB - Virtual size: 264KB

.rsrc
Size: 108KB - Virtual size: 107KB