28006a2a36f97b98ded6c75e0f08db9a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

28006a2a36f97b98ded6c75e0f08db9a_JaffaCakes118
Size

825KB
MD5

28006a2a36f97b98ded6c75e0f08db9a
SHA1

a390c8723b866eb63120009653e463467db195ce
SHA256

1832e510005d5d18627ffbeb6897caa1a7455faa2d51d7955c8c57000bb9c72e
SHA512

87a026c3a70549809805bb27548a1a8e786cc341775c4c5db8dcd57a6b828ac12397425a2247d065bb115f8599d38c3e6dbe47f0d9b9d30e08c0701fbc5b4b04
SSDEEP

24576:HkP1AmIR7dgAnJeA4bSk01sINWxHaxiT5gTRSK1G9GB/:Hk9AmygYJeA4bhCW5Q5V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28006a2a36f97b98ded6c75e0f08db9a_JaffaCakes118

Files

28006a2a36f97b98ded6c75e0f08db9a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1f5faa5033010b8c814a1a1c7e55d477

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\bpphfm.pdb

Imports

gdi32

WidenPath
DeleteDC
CreateDCA
GetDeviceCaps

kernel32

CompareStringW
LeaveCriticalSection
CloseHandle
EnterCriticalSection
SetHandleCount
UnhandledExceptionFilter
OpenMutexA
GetModuleFileNameA
TlsSetValue
GetCommandLineA
GetDiskFreeSpaceA
GetStringTypeA
GetStartupInfoA
SetFilePointer
GetCPInfo
ExitProcess
HeapCreate
TlsAlloc
InterlockedDecrement
TlsFree
GetNamedPipeInfo
GetTimeZoneInformation
FlushFileBuffers
SetLastError
GetSystemTimeAsFileTime
GetLocalTime
MultiByteToWideChar
GetVersion
GetTickCount
GetCurrentProcessId
FreeEnvironmentStringsA
GetProcAddress
SetStdHandle
GetCurrentThreadId
LCMapStringW
DeleteCriticalSection
HeapReAlloc
GetStdHandle
GetCurrentThread
WriteFile
GetFileType
SetUnhandledExceptionFilter
LoadLibraryA
ReadFile
GetStringTypeW
FillConsoleOutputAttribute
GetCurrentProcess
GetStartupInfoW
WritePrivateProfileSectionW
CreateMutexA
InitializeCriticalSection
WideCharToMultiByte
IsBadWritePtr
LCMapStringA
CompareStringA
VirtualAlloc
GetEnvironmentStringsW
TerminateProcess
FillConsoleOutputCharacterW
GetSystemTime
InterlockedExchange
VirtualFree
SetEnvironmentVariableA
QueryPerformanceCounter
WritePrivateProfileStringW
HeapFree
HeapDestroy
TlsGetValue
GetModuleFileNameW
GetSystemDefaultLangID
RtlUnwind
FreeEnvironmentStringsW
InterlockedIncrement
GetCommandLineW
GetModuleHandleA
GetLastError
VirtualQuery
HeapAlloc
GetEnvironmentStrings

comdlg32

FindTextA
GetSaveFileNameW
PrintDlgA

wininet

InternetCrackUrlW
InternetWriteFileExW
FtpRemoveDirectoryA
FindFirstUrlCacheEntryW
InternetCheckConnectionA

comctl32

InitCommonControlsEx
CreateStatusWindowA
DrawInsert

user32

ShowWindow
MapVirtualKeyA
DestroyMenu
GetWindowTextA
RegisterClassA
CheckMenuRadioItem
CopyAcceleratorTableA
SetMenu
ClipCursor
DdeQueryNextServer
GetSysColorBrush
GetWindowInfo
CheckMenuItem
CloseWindowStation
GetProcessDefaultLayout
ScrollDC
LoadAcceleratorsW
MessageBoxW
GetCursorPos
AppendMenuA
DlgDirSelectExA
CreateWindowExW
CharUpperBuffA
RegisterClassExA
VkKeyScanA
OpenClipboard
MonitorFromPoint

shell32

ShellExecuteEx

Sections

.text
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 465KB - Virtual size: 454KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f5faa5033010b8c814a1a1c7e55d477

Headers

File Characteristics

PDB Paths

Imports

gdi32

kernel32

comdlg32

wininet

comctl32

user32

shell32

Sections

.text Size: 280KB - Virtual size: 280KB

.rdata Size: 69KB - Virtual size: 85KB

.data Size: 465KB - Virtual size: 454KB

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 280KB - Virtual size: 280KB

.rdata
Size: 69KB - Virtual size: 85KB

.data
Size: 465KB - Virtual size: 454KB

.rsrc
Size: 9KB - Virtual size: 8KB