28d4e36c34786d297df248dc12fe13ef_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

28d4e36c34786d297df248dc12fe13ef_JaffaCakes118
Size

724KB
MD5

28d4e36c34786d297df248dc12fe13ef
SHA1

de6bf6002b73d7fc1b5fd5c9177d7deabdb83559
SHA256

1dd4c561f674ecfc0896f5256f51c38f827df9529922d942a7367d024b61e5fd
SHA512

ed15947443807bde56d17c874a5eb0bfa0e4aae8347118e1c89924c1f1e817fdd5e9b63a80836d066974800250a2811ff4e60a1eb4d30a18876bc677f579d96e
SSDEEP

12288:fQw2IS3dhOpMx/8jkzpF3E2S8juyGDUr3jaQRxbi:flS3dVxZXWyEUrza6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28d4e36c34786d297df248dc12fe13ef_JaffaCakes118

Files

28d4e36c34786d297df248dc12fe13ef_JaffaCakes118
.exe windows:4 windows x86 arch:x86

80e98ccd5421f483ae30eebb76cc6ef2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\ivz\hrvzut\exu.pdb

Imports

comctl32

ImageList_SetDragCursorImage
ImageList_BeginDrag
InitCommonControlsEx

wininet

HttpOpenRequestA
GopherOpenFileW
GopherGetAttributeW

user32

CreateDialogParamW
TabbedTextOutA
LookupIconIdFromDirectory
EnumPropsExW
GetWindowLongW
ChangeDisplaySettingsExA
AppendMenuW
RegisterClassExA
MonitorFromRect
IsWindowUnicode
FreeDDElParam
ChangeDisplaySettingsExW
SetSystemCursor
DlgDirSelectComboBoxExA
OemKeyScan
GetWindowPlacement
DdeCreateStringHandleW
DdeReconnect
SetWindowsHookA
SetWindowWord
TrackPopupMenu
SetDlgItemTextW
CallNextHookEx
EndMenu
AdjustWindowRectEx
ShowWindow
RegisterClassA
CreateMenu
MessageBoxIndirectA
GetClipboardViewer
GetMenuInfo
IsCharUpperW
DrawIconEx
GetWindowDC
ToAsciiEx
SendIMEMessageExW
PaintDesktop
LoadMenuA
SetClipboardViewer
ChangeMenuA
EndTask
CreateIconFromResource
MessageBoxExW
SetScrollPos
DeferWindowPos
GetMessageW
GetSysColor
GetClipboardSequenceNumber
SwapMouseButton
InsertMenuItemW
LoadStringA
IsCharAlphaNumericW
SetActiveWindow
DragDetect
CreatePopupMenu
SetMenuItemInfoA
CreateWindowExA
GetSysColorBrush
DestroyWindow
RegisterHotKey
WINNLSEnableIME
EnumDisplayDevicesW
CheckDlgButton
SetWindowPos
PeekMessageA
OemToCharBuffA
MonitorFromPoint
GetDoubleClickTime
MsgWaitForMultipleObjectsEx
PackDDElParam
CopyIcon
LoadImageA
TranslateAccelerator
UpdateWindow
IsClipboardFormatAvailable
PtInRect
CreateCaret
InflateRect
GetPriorityClipboardFormat
IsCharUpperA
ReleaseDC
InsertMenuW
SetMenuDefaultItem
EnumPropsExA
MapVirtualKeyA
ChangeMenuW
SetKeyboardState
CreateWindowStationW
GetKeyboardLayoutNameA
EndDialog
CheckMenuRadioItem
WinHelpW
DefWindowProcA
GetActiveWindow
GetMenuBarInfo
MessageBoxW
GetKeyboardState
CheckRadioButton
PostThreadMessageA
ToAscii

kernel32

TerminateProcess
HeapAlloc
GetCurrentThread
EnterCriticalSection
GetCurrentThreadId
CompareStringW
SetFilePointer
CreateDirectoryExW
GetPrivateProfileStringA
GetVersion
MultiByteToWideChar
CreateDirectoryExA
HeapCreate
GetDiskFreeSpaceExW
GetLocalTime
GetLastError
VirtualFree
SetThreadAffinityMask
SetHandleCount
WriteFile
OpenMutexA
FreeEnvironmentStringsW
SetEnvironmentVariableW
TlsFree
VirtualQuery
RtlMoveMemory
GetSystemTimeAsFileTime
WritePrivateProfileStringW
GetCommandLineA
GetModuleFileNameA
SetLastError
HeapReAlloc
SetConsoleMode
GetPrivateProfileIntW
GetProcAddress
GetFileType
AllocConsole
SetStdHandle
CompareStringA
LCMapStringW
QueryPerformanceCounter
FillConsoleOutputCharacterA
SystemTimeToFileTime
GetStringTypeExA
HeapFree
GetTickCount
UnhandledExceptionFilter
GetCPInfo
InitializeCriticalSection
LoadLibraryA
InterlockedExchange
GetOEMCP
GetConsoleScreenBufferInfo
GetFileAttributesA
lstrlen
VirtualAlloc
FlushFileBuffers
CloseHandle
GetStringTypeW
GetConsoleTitleW
GetEnvironmentStringsW
LeaveCriticalSection
GetCurrentDirectoryA
EnumResourceLanguagesA
GetCurrentProcessId
DeleteCriticalSection
WaitCommEvent
GetSystemDirectoryW
CreateProcessA
LocalLock
IsBadWritePtr
OpenFile
GetEnvironmentStrings
ReadFile
GetTimeZoneInformation
InterlockedDecrement
HeapLock
SetEnvironmentVariableA
CreateMutexA
LocalAlloc
EnumSystemCodePagesA
GetStartupInfoA
GetCurrentProcess
GetThreadLocale
GetProcessAffinityMask
HeapDestroy
lstrcatW
ReadConsoleOutputW
OpenFileMappingA
RtlUnwind
GetModuleHandleA
OpenEventA
InterlockedIncrement
GetStdHandle
GetSystemTime
GetStringTypeA
TlsAlloc
TlsGetValue
lstrcmpW
ExitProcess
GetThreadTimes
WideCharToMultiByte
FreeEnvironmentStringsA
WriteProfileStringW
LCMapStringA
GetACP
TlsSetValue

Sections

.text
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 392KB - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

80e98ccd5421f483ae30eebb76cc6ef2

Headers

File Characteristics

PDB Paths

Imports

comctl32

wininet

user32

kernel32

Sections

.text Size: 156KB - Virtual size: 152KB

.rdata Size: 392KB - Virtual size: 388KB

.data Size: 140KB - Virtual size: 161KB

.rsrc Size: 32KB - Virtual size: 29KB

.text
Size: 156KB - Virtual size: 152KB

.rdata
Size: 392KB - Virtual size: 388KB

.data
Size: 140KB - Virtual size: 161KB

.rsrc
Size: 32KB - Virtual size: 29KB