28cf23b38bfd89754c7bc8fffbca96d5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

28cf23b38bfd89754c7bc8fffbca96d5_JaffaCakes118
Size

307KB
MD5

28cf23b38bfd89754c7bc8fffbca96d5
SHA1

bc6c73bc2ec962d94e9bcacb30fa604d1c1f5d98
SHA256

e8bef4b800a998d012ad493955c7070780901475cd0fac73cc5be0bcf6791507
SHA512

682f93afd59745e51a48793e4a124bd485430f57ea2a78606fba16350d18ef781dce589075a8326817fbdd60661a655e3fdf9320a8f575d838720e5f0eaab96f
SSDEEP

6144:VRvFsPWAloczjbHckpWCdwQiY41Jk8/178EOYgaS+TL8:nNseA+czfHbdwQQHd78egnmL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28cf23b38bfd89754c7bc8fffbca96d5_JaffaCakes118

Files

28cf23b38bfd89754c7bc8fffbca96d5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

be1183885ba0c1c7ab2bc1f627998cf0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\dkf\elmx\ohec.pdb

Imports

user32

CloseWindow
CreateWindowExW
GetMessageTime
EnumWindowStationsA
DispatchMessageA
SetCursorPos
DestroyWindow
DrawIcon
LoadCursorA
SetClassLongW
IsDialogMessageA
DefWindowProcW
ClientToScreen
GetDlgCtrlID
SetWindowWord
MessageBoxW
RegisterClassA
DdeDisconnectList
WinHelpA
RegisterClassExA
ShowWindow

wininet

InternetTimeToSystemTimeW
FtpFindFirstFileW
InternetQueryOptionW
HttpSendRequestExA
InternetSetOptionExA
InternetLockRequestFile
InternetShowSecurityInfoByURL
HttpEndRequestW
ResumeSuspendedDownload

kernel32

GetCommandLineW
GetStringTypeW
GetTickCount
GetModuleFileNameW
WriteFile
TlsFree
QueryPerformanceCounter
GetFileType
TlsSetValue
IsBadWritePtr
HeapCreate
VirtualFree
OpenMutexA
WideCharToMultiByte
RtlUnwind
SetFilePointer
GetStartupInfoA
InitializeCriticalSection
CompareStringW
LeaveCriticalSection
InterlockedDecrement
GetCurrentThread
EnumTimeFormatsA
GetLocalTime
HeapValidate
GetCurrentProcess
SetLastError
GetLastError
HeapDestroy
GetStdHandle
EnterCriticalSection
UnhandledExceptionFilter
FreeEnvironmentStringsA
FlushFileBuffers
TerminateProcess
GetProcAddress
GetSystemTime
VirtualAlloc
GetSystemTimeAsFileTime
CloseHandle
HeapFree
GetCommandLineA
GetCurrentThreadId
GetVersion
GetCPInfo
LCMapStringW
SetStdHandle
FreeEnvironmentStringsW
GetStartupInfoW
ExitProcess
GetCurrentProcessId
DeleteCriticalSection
InterlockedIncrement
SetHandleCount
HeapAlloc
TlsAlloc
CreateMutexA
MultiByteToWideChar
LCMapStringA
VirtualQuery
HeapReAlloc
CompareStringA
GetEnvironmentStrings
TlsGetValue
GetModuleFileNameA
ReadFile
GetModuleHandleA
GetStringTypeA
GetTimeZoneInformation
InterlockedExchange
GetEnvironmentStringsW
LoadLibraryA
SetEnvironmentVariableA

comctl32

MakeDragList
InitCommonControlsEx
ImageList_SetFlags

shell32

SHInvokePrinterCommandA
RealShellExecuteW
ExtractAssociatedIconA
SHGetDesktopFolder
SHGetInstanceExplorer

comdlg32

ReplaceTextA
ChooseFontA
GetSaveFileNameW

Sections

.text
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be1183885ba0c1c7ab2bc1f627998cf0

Headers

File Characteristics

PDB Paths

Imports

user32

wininet

kernel32

comctl32

shell32

comdlg32

Sections

.text Size: 127KB - Virtual size: 126KB

.rdata Size: 56KB - Virtual size: 83KB

.data Size: 86KB - Virtual size: 86KB

.rsrc Size: 36KB - Virtual size: 36KB

.text
Size: 127KB - Virtual size: 126KB

.rdata
Size: 56KB - Virtual size: 83KB

.data
Size: 86KB - Virtual size: 86KB

.rsrc
Size: 36KB - Virtual size: 36KB