28e979d39ea8136cb92baf0a14f1ae58_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

28e979d39ea8136cb92baf0a14f1ae58_JaffaCakes118
Size

264KB
MD5

28e979d39ea8136cb92baf0a14f1ae58
SHA1

bd81bf637e3ae7b3d3912c1ac77d899d309cd542
SHA256

126e59526ea5412bc274a680c59e8988ca77e18773459439f3e77ccbc368cae4
SHA512

3008391c126072947d17b72d0584502c05c0a9f794d4202dcc1da856a1d41f393d26f9f12a8a05e7b3ef9c37b5564394fef8b6e25e7b3f130f891317518d3303
SSDEEP

6144:FAi9q9dRSX25lAhlljGBYtQKUYkvaW1FMygapJC28WK:7Gdj5aDKBRikvB1FFbJC2V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28e979d39ea8136cb92baf0a14f1ae58_JaffaCakes118

Files

28e979d39ea8136cb92baf0a14f1ae58_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e1e42e3767d704d87cad94a2defe7014

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ole32

StgOpenStorage
StgCreateDocfileOnILockBytes
WriteClassStm
CoGetObjectContext
GetHGlobalFromStream
MkParseDisplayName
OleCreateStaticFromData

shell32

SHGetSpecialFolderLocation
SHFileOperationA

oleaut32

GetErrorInfo
SafeArrayGetUBound
OleLoadPicture
RegisterTypeLib
SysStringLen
SafeArrayUnaccessData
SafeArrayCreate
VariantCopyInd
SysAllocStringLen
VariantChangeType

kernel32

GetStdHandle
ExitThread
LoadResource
GlobalFindAtomA
IsBadReadPtr
GetACP
GetLocaleInfoA
ExitProcess
GetVersionExA
GetStringTypeW
LockResource
GetVersion
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetUserDefaultLCID
LoadLibraryExA
GetLocalTime
HeapAlloc
VirtualAllocEx
InitializeCriticalSection
GetTickCount
GetStringTypeA
GetModuleFileNameA
GetThreadLocale
LoadLibraryA
GetCommandLineW
GetProcessHeap
VirtualAlloc
GetProcAddress
GetLastError
GetSystemDefaultLangID
GetOEMCP
GetModuleHandleA
HeapFree
GetStartupInfoA
RaiseException

user32

RegisterClipboardFormatA

Sections

CODE
Size: 224KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 4KB - Virtual size: 166B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 12KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 4KB - Virtual size: 617B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1e42e3767d704d87cad94a2defe7014

Headers

File Characteristics

Imports

ole32

shell32

oleaut32

kernel32

user32

Sections

CODE Size: 224KB - Virtual size: 223KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 1KB

DATA Size: 4KB - Virtual size: 166B

.cdata Size: 12KB - Virtual size: 109KB

.adata Size: 4KB - Virtual size: 617B

.rsrc Size: 4KB - Virtual size: 836B

.reloc Size: 4KB - Virtual size: 1KB

CODE
Size: 224KB - Virtual size: 223KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 1KB

DATA
Size: 4KB - Virtual size: 166B

.cdata
Size: 12KB - Virtual size: 109KB

.adata
Size: 4KB - Virtual size: 617B

.rsrc
Size: 4KB - Virtual size: 836B

.reloc
Size: 4KB - Virtual size: 1KB