028d268a44d887f507ebd868a74f31a9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

028d268a44d887f507ebd868a74f31a9_JaffaCakes118
Size

432KB
MD5

028d268a44d887f507ebd868a74f31a9
SHA1

919db32e486ce16a09f3a22e5b01f694556184c8
SHA256

1e59f3f2ff3ea4316705ff978dfaa0bc2cf259048532b6bcd7fa4a5c8158226b
SHA512

043dae919937275af25f602632a66bfdd01a206df0a2a28c441b7431eb1068df9477ef0996bec071e5647c07a2ad789988ba924f92391c7429e699a408cb389a
SSDEEP

6144:kPlcYTnb0pheALrDEMjTtfjeD2jMYlCkvak5lEoAuX7oumVCztB6:kP2moptLrpBiD2jXvwoAur2CpB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
028d268a44d887f507ebd868a74f31a9_JaffaCakes118

Files

028d268a44d887f507ebd868a74f31a9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b048b46c17899b62ceab132bad25584d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileType
IsValidCodePage
DeleteCriticalSection
EnumSystemLocalesA
HeapDestroy
GetCPInfo
HeapAlloc
LoadLibraryA
GetEnvironmentStrings
TlsSetValue
FreeEnvironmentStringsA
CompareStringA
GetACP
GetLocaleInfoW
InterlockedExchange
TlsAlloc
GetLastError
InterlockedDecrement
InterlockedIncrement
FreeEnvironmentStringsW
WriteFile
GetStdHandle
IsDebuggerPresent
GetStringTypeA
SetLocalTime
LCMapStringW
GetVersionExA
InitializeCriticalSection
GetProcAddress
GetCurrentThread
HeapSize
HeapFree
EnterCriticalSection
GetStartupInfoA
MultiByteToWideChar
LeaveCriticalSection
VirtualQuery
TlsGetValue
SetConsoleCtrlHandler
VirtualFree
GetLocaleInfoA
SetEnvironmentVariableA
GetDateFormatA
HeapCreate
HeapReAlloc
TlsFree
ExitProcess
GetCommandLineA
FreeLibrary
VirtualAlloc
TerminateProcess
QueryPerformanceCounter
GetCurrentProcess
SetUnhandledExceptionFilter
GetModuleHandleA
GetTimeZoneInformation
SetHandleCount
SetLastError
GetCurrentThreadId
WideCharToMultiByte
IsValidLocale
GetProcessHeap
GetUserDefaultLCID
GetCurrentProcessId
GetModuleFileNameA
Sleep
GetOEMCP
CompareStringW
GetTickCount
LCMapStringA
GetEnvironmentStringsW
GetTimeFormatA
GetSystemTimeAsFileTime
UnhandledExceptionFilter
RtlUnwind
GetStringTypeW

wininet

HttpQueryInfoW
UnlockUrlCacheEntryFileW
SetUrlCacheEntryGroupA
GetUrlCacheGroupAttributeA
HttpEndRequestW
IsUrlCacheEntryExpiredA
ReadUrlCacheEntryStream
InternetCanonicalizeUrlA
FtpDeleteFileA
RetrieveUrlCacheEntryStreamA
InternetSetDialStateA
InternetQueryFortezzaStatus
GopherCreateLocatorA
InternetFortezzaCommand
SetUrlCacheGroupAttributeW
FindNextUrlCacheGroup
InternetConnectW
InternetCrackUrlW
InternetDialA
HttpEndRequestA
SetUrlCacheConfigInfoW
HttpSendRequestW
InternetOpenW
InternetAlgIdToStringA
SetUrlCacheEntryInfoA

comdlg32

ChooseFontW
ChooseFontA
FindTextW
GetOpenFileNameA
GetFileTitleW
PrintDlgW
ReplaceTextW
PageSetupDlgA
LoadAlterBitmap
GetOpenFileNameW
PageSetupDlgW
PrintDlgA

gdi32

SwapBuffers
SetLayout
SetWorldTransform
SetPixelV
RealizePalette
FrameRgn
CreateFontIndirectA
CreateDCW
GetCharABCWidthsFloatW
GetTextCharsetInfo
FloodFill
InvertRgn
GetTextExtentExPointW
GetEnhMetaFileHeader
GetObjectA
GetTextExtentPoint32W
PolyDraw
SetDIBColorTable
FlattenPath
CreateEnhMetaFileW

Sections

.text
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 280KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b048b46c17899b62ceab132bad25584d

Headers

File Characteristics

Imports

kernel32

wininet

comdlg32

gdi32

Sections

.text Size: 146KB - Virtual size: 145KB

.data Size: 280KB - Virtual size: 298KB

.rsrc Size: 5KB - Virtual size: 5KB

.text
Size: 146KB - Virtual size: 145KB

.data
Size: 280KB - Virtual size: 298KB

.rsrc
Size: 5KB - Virtual size: 5KB