28bb26de9d69e50f4ed927a66c542a18_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

28bb26de9d69e50f4ed927a66c542a18_JaffaCakes118
Size

331KB
MD5

28bb26de9d69e50f4ed927a66c542a18
SHA1

1ecec2971f5a017fd9f55c2aa7b40a590f99d447
SHA256

5108d339f90dc06dd9745675a198355fe9fb678f7ba99424e6723aa335724192
SHA512

e8795185577f7ab993b1141b4dc27c4fad80bed1f67641683ea24dff5e51ace50b5ea1efcf12b7cd56eeb477c80e20761714cf43a878bd67b96e051ad670dd91
SSDEEP

6144:O5BiEYtlTO7plr03nmP4DhVZmLGFQR3tldwwUoboEk9/16RkIFMMvsSPoF:OXiE+O7plIXmwDhA2e+lobov/wFk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/1000.exe

Files

28bb26de9d69e50f4ed927a66c542a18_JaffaCakes118
.zip

Password: infected
a.cab
.cab
1000.exe
.exe windows:5 windows x86 arch:x86

59da9160a1062d2b1ef0cb6f45ba613a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DefWindowProcW
KillTimer
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
SetCursor
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW
GetKeyboardType
GetWindowLongW
GetTitleBarInfo
GetClassLongW
EndDeferWindowPos
GetDialogBaseUnits
IsCharAlphaNumericA

gdi32

DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
CreateHalftonePalette
GetEnhMetaFilePixelFormat
GetTextCharsetInfo
SetTextColor
Arc
ExtFloodFill
GetGlyphOutlineW
SetBkColor
SetViewportExtEx
GetDeviceCaps

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

HeapCreate
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
GetEnvironmentStringsW
WideCharToMultiByte
QueryPerformanceCounter
GetModuleFileNameA
GetModuleFileNameW
GetStdHandle
ExitProcess
HeapAlloc
GetLastError
GetCurrentThreadId
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
HeapFree
LCMapStringW
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
RtlUnwind
IsProcessorFeaturePresent
HeapReAlloc
HeapSize
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CloseHandle
WriteConsoleW
CreateFileW
FreeEnvironmentStringsW
SetLastError
GetModuleHandleW
TlsFree
TlsSetValue
SetHandleCount
GetProcAddress
lstrcpynA
DeleteFileW
FindFirstFileW
FindNextFileW
FindClose
SetFilePointer
MultiByteToWideChar
ReadFile
WriteFile
MulDiv
lstrlenA
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 375KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

59da9160a1062d2b1ef0cb6f45ba613a

Headers

DLL Characteristics

File Characteristics

Imports

user32

gdi32

version

kernel32

Sections

.text Size: 88KB - Virtual size: 87KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 5KB - Virtual size: 172KB

.gfids Size: 375KB - Virtual size: 375KB

.rsrc Size: 18KB - Virtual size: 18KB

.text
Size: 88KB - Virtual size: 87KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 5KB - Virtual size: 172KB

.gfids
Size: 375KB - Virtual size: 375KB

.rsrc
Size: 18KB - Virtual size: 18KB