28a5a13be7922e0d9e744a82e7f4c127_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

28a5a13be7922e0d9e744a82e7f4c127_JaffaCakes118
Size

779KB
MD5

28a5a13be7922e0d9e744a82e7f4c127
SHA1

c056f05c3f157e65025d90fd94f49f4a18a944f5
SHA256

dc90297442cd3dfc98309daaf6fb20e8f4b69c307e529a6d40c76288cc522b7e
SHA512

81518cc6ba67360d718a0755b713f496d4690cfc4e1402153f51c153697b81992ed9bd65c5ceb3ee7d46ea2c2e3da2ec64f93af52c61f6e616b132de7b9a6ed4
SSDEEP

12288:1ZQ7t7zGzk3I5IsYuJc3qtEAaHi0PPVgeUeDy72UgzwgoP4t6:c7t7a4YLYuJOqi9F3VhUeDy72z8e6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28a5a13be7922e0d9e744a82e7f4c127_JaffaCakes118

Files

28a5a13be7922e0d9e744a82e7f4c127_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0d1f008da6204a4a62d702ceb2471caf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\ejc\poepjbae\efeoilt\euaefaegpi\lc

Imports

shell32

RealShellExecuteExA

kernel32

WriteFile
GetLocaleInfoA
GetSystemTimeAsFileTime
MultiByteToWideChar
GetTickCount
GetModuleFileNameA
VirtualFree
OpenMutexA
FreeLibrary
GetProcAddress
CompareStringA
GetDateFormatA
HeapSize
SetStdHandle
GetEnvironmentStringsW
TlsAlloc
SetConsoleCtrlHandler
GetCurrentProcessId
HeapDestroy
GetTimeFormatA
GetConsoleMode
InitializeCriticalSection
EnumDateFormatsExA
TlsFree
WideCharToMultiByte
IsValidCodePage
GetConsoleCP
CompareStringW
GlobalAddAtomW
GetCurrentThreadId
EnterCriticalSection
HeapCreate
ExitProcess
SetUnhandledExceptionFilter
GetACP
WriteConsoleW
GetStringTypeA
HeapFree
GetConsoleOutputCP
SetEnvironmentVariableA
GetOEMCP
TryEnterCriticalSection
EnumSystemLocalesA
SetHandleCount
TlsSetValue
InterlockedDecrement
GetLogicalDriveStringsA
FreeEnvironmentStringsW
LCMapStringA
GetLocaleInfoW
GetFileType
GetProcessHeap
RtlUnwind
HeapReAlloc
InterlockedIncrement
SetLastError
ReadFile
GetVersionExA
VirtualAlloc
GetModuleHandleA
LCMapStringW
CreateMutexA
GetTimeZoneInformation
WriteConsoleA
IsDebuggerPresent
GetDiskFreeSpaceExW
Sleep
WriteConsoleInputA
QueryPerformanceCounter
FreeEnvironmentStringsA
TerminateProcess
UnhandledExceptionFilter
VirtualQuery
TlsGetValue
IsValidLocale
GetCurrentThread
FlushFileBuffers
GetStdHandle
GetCurrentProcess
GetStringTypeW
LoadLibraryA
GetCommandLineA
DeleteCriticalSection
GetCPInfo
CloseHandle
HeapAlloc
CreateFileA
GetUserDefaultLCID
GetStartupInfoA
GetLastError
SetFilePointer
GetEnvironmentStrings
InterlockedExchange
LeaveCriticalSection

comctl32

ImageList_DragMove
ImageList_GetImageRect
ImageList_GetImageCount
ImageList_Merge
InitCommonControlsEx
ImageList_LoadImageW
ImageList_GetFlags
ImageList_AddMasked
ImageList_Destroy
GetEffectiveClientRect
ImageList_Write
CreatePropertySheetPage
ImageList_ReplaceIcon
DrawStatusTextA
ImageList_LoadImageA
ImageList_BeginDrag
ImageList_SetIconSize
CreatePropertySheetPageW
ImageList_DrawIndirect

advapi32

InitiateSystemShutdownW
CryptEnumProvidersW
CryptDeriveKey
RegOpenKeyExW
LookupPrivilegeNameA
CryptGetHashParam
RegNotifyChangeKeyValue
LogonUserA
CryptGetKeyParam
CryptSignHashW
LookupAccountSidA
RegQueryInfoKeyW
CryptContextAddRef
RegLoadKeyW
RegOpenKeyW
CryptSetProviderExW
CryptDuplicateHash
CryptGetProvParam
CryptSetProviderA
LookupAccountNameW

wininet

ShowCertificate
FreeUrlCacheSpaceW
InternetFortezzaCommand
GopherGetLocatorTypeW
InternetHangUp
InternetGoOnlineA
InternetWriteFile
FtpOpenFileW
ResumeSuspendedDownload

user32

RegisterClassA
RegisterClassExA
wvsprintfA
PackDDElParam

comdlg32

ChooseColorA
GetOpenFileNameA

Sections

.text
Size: 577KB - Virtual size: 577KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d1f008da6204a4a62d702ceb2471caf

Headers

File Characteristics

PDB Paths

Imports

shell32

kernel32

comctl32

advapi32

wininet

user32

comdlg32

Sections

.text Size: 577KB - Virtual size: 577KB

.rdata Size: 68KB - Virtual size: 72KB

.data Size: 115KB - Virtual size: 114KB

.rsrc Size: 17KB - Virtual size: 17KB

.text
Size: 577KB - Virtual size: 577KB

.rdata
Size: 68KB - Virtual size: 72KB

.data
Size: 115KB - Virtual size: 114KB

.rsrc
Size: 17KB - Virtual size: 17KB