28cb2e011f8bffb3a74288d6836cbf63_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

28cb2e011f8bffb3a74288d6836cbf63_JaffaCakes118
Size

320KB
MD5

28cb2e011f8bffb3a74288d6836cbf63
SHA1

eab556fb82d093b8ac6f1f2a9cfcdd0cc76293db
SHA256

bda4c0ad3e30316d8b4420f561e9ad7ae3e84606b8e16372f76643d2b4398f53
SHA512

e82abc27e761dfa9610090ef1a046ebb82284a860aa4f614c871b6c6000e289b03706ec4929859377e3506b7e0a3ef78415e0637623992a3c42e54c42c2b7b12
SSDEEP

6144:g7I74jjxSlc0STQqcE9/wUyTNauY8+6mHB2EZZB:5ExSBSTQrUyTNamG2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28cb2e011f8bffb3a74288d6836cbf63_JaffaCakes118

Files

28cb2e011f8bffb3a74288d6836cbf63_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f7b9a8181eee1ac898169a19e12ff925

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CancelIo
DebugBreak
FlushConsoleInputBuffer
CreateIoCompletionPort
LCMapStringA
ReadConsoleA
lstrcmpiA
SetErrorMode
EnumDateFormatsW
GlobalDeleteAtom
CreateMutexA
VirtualAlloc
SetThreadAffinityMask
FindFirstFileExW
ExpandEnvironmentStringsW
VirtualAllocEx
GetModuleHandleA
GlobalGetAtomNameW
SwitchToFiber
PeekConsoleInputW
ReadDirectoryChangesW
GetConsoleCursorInfo
CreateNamedPipeW
FindFirstFileW
LoadLibraryExA
WaitNamedPipeA
GetProfileIntA
LocalSize
VirtualQuery
GetTimeZoneInformation
LeaveCriticalSection
MoveFileW
GetTempFileNameA
FindFirstFileA
GetConsoleMode
DeleteFiber
GetFullPathNameA
EndUpdateResourceA
GetEnvironmentStringsW
GetThreadPriority
GenerateConsoleCtrlEvent
GetUserDefaultLCID
WritePrivateProfileStringA
RaiseException
GetLocaleInfoW
VirtualProtect
GetVersionExA
_hread
LocalLock
_lread
SetProcessAffinityMask
MoveFileExA
CreateDirectoryW
GetCommandLineA
GetPrivateProfileSectionW
ExitProcess

user32

RegisterHotKey
GetMenuItemID
CharToOemW
DefDlgProcW
HiliteMenuItem
ToUnicode
GetMessageA
GetMenuCheckMarkDimensions
EmptyClipboard
SetActiveWindow

gdi32

SetDIBitsToDevice
SetPaletteEntries
CreateEllipticRgn

comdlg32

FindTextW
PageSetupDlgA

advapi32

CryptReleaseContext
BuildTrusteeWithSidW
CryptAcquireContextW
CryptGenRandom

shell32

ShellExecuteA
FindExecutableA
SHGetSpecialFolderPathW
SHFileOperationW
SHAddToRecentDocs

ole32

CoResumeClassObjects
CoRegisterMallocSpy
CoLockObjectExternal
CoGetTreatAsClass
RevokeDragDrop
IIDFromString

oleaut32

QueryPathOfRegTypeLi
SysAllocStringLen

shlwapi

PathFindNextComponentW
SHRegOpenUSKeyW
PathIsDirectoryA
PathAddExtensionW
PathIsNetworkPathW
PathCompactPathExW
PathFindExtensionA
AssocQueryKeyW
SHRegCreateUSKeyW
PathAppendA
StrCmpIW

setupapi

SetupInitDefaultQueueCallback

Sections

.text
Size: 304KB - Virtual size: 303KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f7b9a8181eee1ac898169a19e12ff925

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

setupapi

Sections

.text Size: 304KB - Virtual size: 303KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 4KB

.text
Size: 304KB - Virtual size: 303KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 4KB