28d8fea540bcbf0725b628591f9a5413_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

28d8fea540bcbf0725b628591f9a5413_JaffaCakes118
Size

978KB
MD5

28d8fea540bcbf0725b628591f9a5413
SHA1

0c2a05785fd70616e19d5c6281be32bb8f36344f
SHA256

4c20eeaf377d201fb400045efafb0a4aa293461727e99e96a96e8862280a4b1b
SHA512

883d4d87b1c8352d114ad446451ec3ebba3a6a289edab6c25257881a8d55e50f5196a10309f01671e81251bc70db687e2eccd37a54922dc50d523777f7b45ec6
SSDEEP

24576:lXdMnfxw70nOqqMledCE+Ers4PzEb2RKWQXOx:lXOn6ZqDar/zgE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28d8fea540bcbf0725b628591f9a5413_JaffaCakes118

Files

28d8fea540bcbf0725b628591f9a5413_JaffaCakes118
.exe windows:5 windows x86 arch:x86

af75cd0b79ffd679fb32baf0eab7b39c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_adjust_fdiv
_XcptFilter
??2@YAPAXI@Z
_purecall
_except_handler3
atoi
_vsnwprintf
??1type_info@@UAE@XZ
_wcslwr
wcsstr
__winitenv
__dllonexit
wcsrchr
strncmp
vwprintf
_wcsnicmp
_iob
__set_app_type
wcslen
_snwprintf
memset
_wcsicmp
_controlfp
_CxxThrowException
realloc
fputs
_onexit
_vsnprintf
exit
_exit
strchr
qsort
free
??3@YAXPAX@Z
_snprintf
iswspace
__CxxFrameHandler
_itoa
_cexit
_c_exit
?terminate@@YAXXZ
__p__fmode
__setusermatherr
_itow
_initterm
__p__commode
__wgetmainargs

user32

CharNextW
CharNextA
wsprintfW

imagehlp

ImageDirectoryEntryToData
ImageNtHeader
ImageGetDigestStream
ImageRvaToVa

kernel32

GetACP
GetFullPathNameA
lstrlenW
GetThreadLocale
InterlockedCompareExchange
InterlockedExchange
ReadFile
BeginUpdateResourceW
FindClose
IsDebuggerPresent
lstrcmpiA
GetOEMCP
lstrcpyA
FindNextFileW
CloseHandle
InterlockedDecrement
GetEnvironmentVariableA
ExitProcess
GetLocaleInfoA
RemoveDirectoryW
CopyFileA
EndUpdateResourceW
GetModuleHandleW
GetSystemDirectoryA
OutputDebugStringA
GetFileAttributesA
GetFileAttributesW
GetVersionExW
CopyFileW
GetFileInformationByHandle
GlobalFree
LoadLibraryExA
LocalFree
LoadLibraryExW
WideCharToMultiByte
lstrlenA
SetFilePointer
InterlockedIncrement
DebugBreak
FreeResource
FreeLibrary
GetVersion
GlobalAlloc
RaiseException
UpdateResourceW
RemoveDirectoryA
GetFullPathNameW

shell32

CommandLineToArgvW

msvfw32

ICGetInfo
ICRemove

ole32

CoCreateInstance
CoUninitialize
CoTaskMemFree
CLSIDFromString
CoInitialize
StringFromCLSID
StringFromIID

Sections

.text
Size: 708KB - Virtual size: 707KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 252KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af75cd0b79ffd679fb32baf0eab7b39c

Headers

File Characteristics

Imports

msvcrt

user32

imagehlp

kernel32

shell32

msvfw32

ole32

Sections

.text Size: 708KB - Virtual size: 707KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 252KB - Virtual size: 251KB

.rsrc Size: 14KB - Virtual size: 3.2MB

.text
Size: 708KB - Virtual size: 707KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 252KB - Virtual size: 251KB

.rsrc
Size: 14KB - Virtual size: 3.2MB