28432a9d5f0e57ace44454159464b5c1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

28432a9d5f0e57ace44454159464b5c1_JaffaCakes118
Size

434KB
MD5

28432a9d5f0e57ace44454159464b5c1
SHA1

77fbc22730547d613128f9904a5b6e7ec9502d2b
SHA256

c2abce9c804f8b15a6ecd0d6b9a2e11fdcbbac778bedf747074b3a06c6fbe1d2
SHA512

27bf99338347f29c7c4b5b360fe9ca816bca9cb1ba1cd5b55470b736d7679aa388390ebf2204e7ea892a2853a842d47f105d767c6e286f193258c525e738a9e7
SSDEEP

12288:XcqpATl+CIkbm9DXznrcNqTgeAJH2nkkLelJNW:Xc0ATl+CVbqDXbrqGgeA52nQQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28432a9d5f0e57ace44454159464b5c1_JaffaCakes118

Files

28432a9d5f0e57ace44454159464b5c1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

10aab3b10dea047fc51281591b923d73

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
HeapReAlloc
HeapAlloc
HeapFree
VirtualAlloc
ResetEvent
GetQueuedCompletionStatus
GetProfileSectionA
WaitForMultipleObjects
InterlockedExchangeAdd
GetStdHandle
EnumResourceNamesW
CreatePipe
CreateMutexA
DisconnectNamedPipe
OpenEventA
CommConfigDialogA
GetCommandLineA
GetLargestConsoleWindowSize
GetConsoleMode
WriteConsoleInputA
GetCalendarInfoW
GlobalFlags
GetPrivateProfileStructA
GetPrivateProfileStringW
FindFirstFileExW
GetProcessShutdownParameters
SetConsoleCtrlHandler
SetCurrentDirectoryA
lstrcpynW
MoveFileExW
GetProcessPriorityBoost
RemoveDirectoryW
DosDateTimeToFileTime
GetCurrentDirectoryA
SetFileAttributesW
DeleteAtom
TryEnterCriticalSection
lstrcmp
GetSystemDefaultLCID
DeleteFileW
OpenWaitableTimerW
UnmapViewOfFile
EnumResourceNamesA
GetConsoleCursorInfo
GetFileType
EnumCalendarInfoExW
GetDiskFreeSpaceA
SetThreadPriorityBoost
EnumSystemLocalesW
GetThreadContext
WaitForSingleObject
GetFileAttributesW
GetCurrencyFormatA
LoadLibraryW
VirtualAllocEx
SetEnvironmentVariableW
GetLogicalDriveStringsW
GlobalAddAtomW
Heap32Next
GetNumberFormatA
GetCompressedFileSizeW
SetComputerNameW
FlushViewOfFile
HeapDestroy
lstrcmpW
GetThreadLocale
SetVolumeLabelA
SetHandleCount
GlobalFree
EnumCalendarInfoExA
GlobalFindAtomW
GetEnvironmentStringsW
GetTimeZoneInformation
GetProfileSectionW
GlobalReAlloc
TransmitCommChar
EnumResourceLanguagesW
ReleaseMutex
CreateFileMappingW
GetConsoleCP
FindAtomW
OpenFileMappingW
OutputDebugStringA
GetLastError
FillConsoleOutputCharacterA
ReleaseSemaphore
GlobalLock
WriteProfileStringW
CreateMutexW
LoadModule
CreateDirectoryA
SetConsoleOutputCP
SetLocalTime
FileTimeToSystemTime
LocalLock
GetProfileStringA
GetTimeFormatA
WriteConsoleOutputA
GetSystemInfo
GetSystemDirectoryW
LocalFree
FindFirstFileW
FileTimeToDosDateTime
GlobalUnlock
EnumResourceLanguagesA
TlsSetValue
GetPrivateProfileIntA
GetVersion
ReadConsoleOutputCharacterW
CreateEventW
RtlMoveMemory
GetPrivateProfileSectionNamesW
FreeConsole
GetPrivateProfileSectionW
GetTempPathA
UnlockFileEx
GetPrivateProfileSectionNamesA
OpenEventW
GetStartupInfoW
CreateDirectoryExA
UnlockFile
GetEnvironmentVariableW
UpdateResourceA
CreateSemaphoreA
DebugBreak
WriteProcessMemory
LocalReAlloc
FindNextFileW
VirtualProtect
GetProfileIntW
WaitForDebugEvent
EnumResourceTypesA
GetProcessAffinityMask
WritePrivateProfileStringW
GetComputerNameW
WriteConsoleOutputCharacterW
GetLongPathNameW
GetLocalTime
FindFirstChangeNotificationA
TerminateThread
FlushConsoleInputBuffer
GetComputerNameA
GetThreadSelectorEntry
ReadFileEx
CreateTapePartition
SetPriorityClass
IsValidCodePage
SetThreadAffinityMask
MoveFileW
FindClose
GetStringTypeW
GetUserDefaultLCID
LocalFileTimeToFileTime
UnhandledExceptionFilter
Sleep
CreateConsoleScreenBuffer
GlobalWire
FindCloseChangeNotification
SetTimeZoneInformation
CreateSemaphoreW
GetProcessVersion
GetConsoleTitleA
GetACP
EnumTimeFormatsA
CreateToolhelp32Snapshot
MulDiv
GetNamedPipeInfo
AddAtomW

gdi32

AddFontResourceA
AbortDoc
TranslateCharsetInfo
CreateEnhMetaFileA
GetCharacterPlacementA
GetTextMetricsW
GetTextExtentPoint32A
AnimatePalette
GetBitmapDimensionEx
PolyTextOutA
CreateColorSpaceA
GetBkMode
CreateEllipticRgnIndirect
SetMetaFileBitsEx
EnumFontsA
SetDIBits
CreateMetaFileW
CreateScalableFontResourceW
GdiGetBatchLimit
PolyPolyline
SelectPalette
GetMiterLimit
CreateDIBSection
SetBitmapDimensionEx
GetCharWidthFloatW
GetEnhMetaFileBits
OffsetClipRgn
EnumFontFamiliesExA
SetDeviceGammaRamp
ResizePalette
SetPaletteEntries
EqualRgn
GetCharWidthW
CreateRoundRectRgn
PlayEnhMetaFile
GetTextExtentPoint32W
SelectObject
UnrealizeObject
LineTo
EnumMetaFile
PlayMetaFile
EnumEnhMetaFile
PolylineTo
StrokeAndFillPath
SetDIBitsToDevice
GetCharABCWidthsFloatA
GetNearestPaletteIndex
GetPaletteEntries
SetDIBColorTable
Escape
SetBitmapBits
EndPath
FillPath
SetICMMode
CreateSolidBrush
GetColorAdjustment
PlayEnhMetaFileRecord
RestoreDC
SetFontEnumeration
SetTextColor
CreateRectRgnIndirect
GetRandomRgn
GetGlyphOutlineA
ResetDCW
GetOutlineTextMetricsW
OffsetRgn
GdiPlayDCScript
CombineRgn
GetDeviceCaps
GetGraphicsMode
GetColorSpace
ResetDCA
CreatePolyPolygonRgn
ExtSelectClipRgn
RectVisible
SetICMProfileW
GetLayout
EnumICMProfilesA
CreateMetaFileA
GetMetaFileW
StartDocA
ExtTextOutA
AngleArc
CreateDIBPatternBrushPt
GetCharWidthA
SetBoundsRect
TextOutW
GetKerningPairsW
CancelDC
PtInRegion
DeleteEnhMetaFile
SetTextAlign
SaveDC
CreateEllipticRgn
GetRgnBox
GetTextMetricsA
GetBoundsRect
CreateColorSpaceW
GetTextCharacterExtra
CreateDCA
CreatePolygonRgn
CreateICA
OffsetViewportOrgEx
SetMagicColors
CreatePalette
GetMetaFileA
StartDocW
SetWorldTransform
CreateICW
BitBlt
SetICMProfileA
GdiFlush
GetRasterizerCaps
GetPolyFillMode
GetTextExtentExPointA
SetTextCharacterExtra
SetMapMode
SelectClipPath
GetCharABCWidthsA
UpdateColors
GetOutlineTextMetricsA
EnumFontFamiliesExW
CheckColorsInGamut
SetMetaRgn
CopyEnhMetaFileA
DeleteDC
Arc
FixBrushOrgEx
CreatePenIndirect
LPtoDP
GetSystemPaletteUse
GetBkColor
EnumFontFamiliesA

advapi32

LogonUserW
CryptDuplicateHash
CryptCreateHash
ReportEventA
LookupAccountNameW
CryptGetKeyParam
CryptExportKey
CryptSetProviderExA
CryptSetProviderW
LookupSecurityDescriptorPartsW
CryptSetProviderA
CryptDuplicateKey
AbortSystemShutdownW
RegQueryValueW
RegReplaceKeyA
CryptAcquireContextW
CryptHashSessionKey
RegFlushKey
CryptDeriveKey
RegSetValueA
CryptSetHashParam
RegLoadKeyA
ReportEventW
LookupPrivilegeNameA
RegReplaceKeyW
RegEnumKeyW
RegQueryMultipleValuesA
RegCreateKeyExW
RegDeleteValueW
CryptContextAddRef
CryptEnumProvidersW
StartServiceW
CryptGenRandom
RegQueryInfoKeyW

comdlg32

GetSaveFileNameW
PrintDlgA
PageSetupDlgA
LoadAlterBitmap
GetFileTitleA
GetFileTitleW
GetSaveFileNameA
ChooseFontA
ReplaceTextA
ChooseFontW
GetOpenFileNameW
FindTextW
GetOpenFileNameA
ChooseColorA
ReplaceTextW
PageSetupDlgW

wininet

InternetFortezzaCommand
FtpDeleteFileA
InternetConfirmZoneCrossingA
InternetSetDialStateA
InternetCloseHandle
HttpOpenRequestW
GetUrlCacheEntryInfoW
InternetTimeFromSystemTimeA
ShowSecurityInfo
FtpRemoveDirectoryW
HttpQueryInfoW
FindNextUrlCacheContainerW
InternetSetFilePointer
CreateUrlCacheGroup
InternetSetCookieW
InternetWriteFileExA
FtpPutFileA
FindNextUrlCacheEntryExA
InternetFindNextFileW
UnlockUrlCacheEntryFile
InternetGetLastResponseInfoA
InternetOpenA
ShowX509EncodedCertificate
GopherOpenFileA
DeleteUrlCacheEntryW
InternetQueryOptionW
InternetTimeToSystemTime
FtpCreateDirectoryA
RetrieveUrlCacheEntryFileA
FtpCommandW
FindNextUrlCacheContainerA
ResumeSuspendedDownload
FtpPutFileEx
FindNextUrlCacheEntryW
UrlZonesDetach
InternetReadFileExW
InternetCrackUrlW
InternetSetOptionA
DeleteUrlCacheContainerW
InternetQueryFortezzaStatus
HttpOpenRequestA
HttpSendRequestA
IncrementUrlCacheHeaderData
RetrieveUrlCacheEntryFileW
GopherCreateLocatorW
InternetConnectA
SetUrlCacheEntryGroup
HttpSendRequestExA
InternetSetOptionExW
RegisterUrlCacheNotification
InternetCheckConnectionA
InternetCanonicalizeUrlA
GopherGetAttributeA
FtpSetCurrentDirectoryA
HttpQueryInfoA
FindFirstUrlCacheGroup
InternetGetCookieA
InternetConfirmZoneCrossingW
InternetTimeFromSystemTimeW
FtpGetCurrentDirectoryA
InternetGetConnectedStateEx
InternetHangUp
HttpSendRequestExW
InternetTimeFromSystemTime
InternetOpenUrlW
FtpFindFirstFileA
FtpDeleteFileW
InternetWriteFile
FindFirstUrlCacheEntryW
InternetShowSecurityInfoByURL
CommitUrlCacheEntryA
InternetSetOptionW
InternetShowSecurityInfoByURLA
UnlockUrlCacheEntryStream
InternetGetConnectedStateExA
InternetLockRequestFile
GopherGetLocatorTypeA
InternetSecurityProtocolToStringA
InternetGoOnlineA
InternetQueryDataAvailable
FtpRenameFileW
FindFirstUrlCacheEntryExW
CreateUrlCacheEntryA
InternetConfirmZoneCrossing
DeleteUrlCacheEntryA
InternetCheckConnectionW
SetUrlCacheEntryInfoW
InternetDialW
InternetReadFileExA
UnlockUrlCacheEntryFileW
InternetAutodial
IsUrlCacheEntryExpiredA
FindFirstUrlCacheContainerW
InternetAlgIdToStringA
InternetAutodialHangup
InternetAttemptConnect
FreeUrlCacheSpaceW
FindFirstUrlCacheContainerA
InternetGetConnectedStateExW
InternetDial
DeleteUrlCacheEntry
FtpGetFileA
InternetGetCertByURL
InternetCanonicalizeUrlW
GopherFindFirstFileW
FtpRenameFileA
GopherGetAttributeW
SetUrlCacheGroupAttributeW
GopherCreateLocatorA
FindNextUrlCacheGroup
HttpAddRequestHeadersW
InternetSetDialStateW
InternetOpenW
LoadUrlCacheContent
DetectAutoProxyUrl
GetUrlCacheEntryInfoA
GopherGetLocatorTypeW
HttpCheckDavCompliance
GopherOpenFileW
InternetFindNextFileA
CreateUrlCacheContainerA
IsHostInProxyBypassList
SetUrlCacheEntryInfoA
InternetCreateUrlA
FtpCreateDirectoryW
ShowCertificate
ShowClientAuthCerts
GetUrlCacheEntryInfoExW
InternetCombineUrlW
InternetShowSecurityInfoByURLW
FindFirstUrlCacheEntryA
FtpGetFileEx
GetUrlCacheGroupAttributeW
CommitUrlCacheEntryW
InternetCreateUrlW
HttpSendRequestW
RetrieveUrlCacheEntryStreamA
DeleteUrlCacheGroup
InternetSetOptionExA
SetUrlCacheHeaderData
InternetGoOnlineW
FtpPutFileW
InternetGetConnectedState
InternetReadFile
ReadUrlCacheEntryStream
InternetSetDialState
RetrieveUrlCacheEntryStreamW
HttpAddRequestHeadersA
UnlockUrlCacheEntryFileA
InternetTimeToSystemTimeA
InternetGetCertByURLA
FtpOpenFileA
RunOnceUrlCache
UpdateUrlCacheContentPath
InternetUnlockRequestFile
DeleteUrlCacheContainerA
InternetConnectW
InternetDialA
InternetSetCookieA
InternetGetLastResponseInfoW
FtpCommandA
HttpEndRequestA
InternetGetCookieW
InternetCombineUrlA
GetUrlCacheEntryInfoExA
InternetSecurityProtocolToStringW
InternetWriteFileExW
FreeUrlCacheSpaceA
GetUrlCacheGroupAttributeA
FindCloseUrlCache
FtpFindFirstFileW
InternetTimeToSystemTimeW
GopherFindFirstFileA
FtpGetFileW
SetUrlCacheConfigInfoW
SetUrlCacheEntryGroupW
InternetInitializeAutoProxyDll
SetUrlCacheEntryGroupA
FtpRemoveDirectoryA
DeleteIE3Cache
CreateUrlCacheContainerW
InternetCrackUrlA
IsUrlCacheEntryExpiredW
InternetErrorDlg
FtpGetCurrentDirectoryW
GetUrlCacheConfigInfoW
FindFirstUrlCacheEntryExA
InternetOpenUrlA
FindNextUrlCacheEntryExW
FtpOpenFileW
GetUrlCacheHeaderData
CreateUrlCacheEntryW
SetUrlCacheConfigInfoA
HttpEndRequestW
InternetGoOnline
FindNextUrlCacheEntryA

Sections

.text
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

10aab3b10dea047fc51281591b923d73

Headers

File Characteristics

Imports

kernel32

gdi32

advapi32

comdlg32

wininet

Sections

.text Size: 123KB - Virtual size: 122KB

.data Size: 288KB - Virtual size: 288KB

.reloc Size: 16KB - Virtual size: 16KB

.bss Size: 5KB - Virtual size: 5KB

.text
Size: 123KB - Virtual size: 122KB

.data
Size: 288KB - Virtual size: 288KB

.reloc
Size: 16KB - Virtual size: 16KB

.bss
Size: 5KB - Virtual size: 5KB