28eeb73922ab61475c84c1386db0cdf8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

28eeb73922ab61475c84c1386db0cdf8_JaffaCakes118
Size

501KB
MD5

28eeb73922ab61475c84c1386db0cdf8
SHA1

5b0de1d7a6f2c0918d079480af4e283c178cf29d
SHA256

69c0415a4495ce53736007b8ee237bd749d585b2e32f99a9da5003cdb9d75b74
SHA512

6cf6a7accaa34f6ee025940b43bb9ca2200fbdc5a7047eba09bf947d00c87f74dc7ec7f42c19b96d36e9a2ce104d86e6ff5b3f97f0ee3fc07e2bac961bdc80d2
SSDEEP

12288:iX18DX5saEl/1yOn60wBf0GMMnMMMMMqg13mW+Ml:iX1kNO/1NgfXMMnMMMMMqgEM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28eeb73922ab61475c84c1386db0cdf8_JaffaCakes118

Files

28eeb73922ab61475c84c1386db0cdf8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ad23eba376fb09ef884c9f10483453df

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DdeDisconnect
LoadAcceleratorsA
CreateIcon
ToAscii
GetDoubleClickTime
LockWindowUpdate
CreateCursor
ShowScrollBar
PtInRect
OffsetRect
DeferWindowPos
ClientToScreen
SetCursorPos
InvalidateRgn
FillRect
TranslateMDISysAccel
GetClipboardFormatNameA
TranslateMessage
GetQueueStatus
FrameRect
IsChild
DrawFrameControl
DdeGetData
CreatePopupMenu
PostMessageA
CopyAcceleratorTableA
GetMenuItemID
GetMenuItemInfoA
DdePostAdvise
IsWindow
ModifyMenuA
VkKeyScanW
AttachThreadInput
GetClientRect
GetClassInfoA

ws2_32

WSAConnect
setsockopt

ddraw

DirectDrawEnumerateA

advapi32

OpenProcessToken
DeregisterEventSource
RegOpenKeyExA
InitializeSecurityDescriptor
RegisterEventSourceA
RegDeleteValueA
RegEnumValueA
AdjustTokenPrivileges
RegEnumValueW
ReportEventA
RegQueryValueExA
RegQueryInfoKeyA
RegCreateKeyA
RegCloseKey
RegQueryValueA
RegEnumKeyW
RegOpenKeyW
RegSetValueA
SetSecurityDescriptorDacl
RegOpenKeyA
RegDeleteKeyA
RegDeleteKeyW
RegSetValueExW
RegDeleteValueW
LookupPrivilegeValueA
RegCreateKeyW
RegQueryValueExW
RegEnumKeyA
RegSetValueExA

samlib

SamRemoveMultipleMembersFromAlias
SamConnectWithCreds

kernel32

lstrlenA
ReadFile
SetHandleCount
FreeResource
ResumeThread
GetTempFileNameA
GetLocaleInfoA
GetTempPathA
VirtualProtect
SetFilePointer
GetStdHandle
SetFileAttributesA
lstrcmpiW
TlsSetValue
GetOEMCP
FileTimeToLocalFileTime
CompareStringA
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetUserDefaultLCID
LoadLibraryA
FindResourceA
GetDriveTypeA
GetProfileStringA
lstrcmpA
GetSystemInfo
ExitProcess
GetCommandLineA
RaiseException
GetModuleHandleA
GlobalHandle
FormatMessageA
SetEndOfFile
GetVersion
ResetEvent
FreeLibrary
CloseHandle
FreeEnvironmentStringsA
CreateProcessA
WinExec
DeleteCriticalSection
GetACP
HeapReAlloc
_lread
HeapDestroy
TlsGetValue
FindClose
GetVolumeInformationA
FileTimeToSystemTime
GlobalDeleteAtom
GetStringTypeExA
RemoveDirectoryA
MulDiv
RtlUnwind
GetSystemDefaultLCID
DeleteFileA
HeapSize
IsBadCodePtr
InitializeCriticalSection
HeapCreate
GetWindowsDirectoryA
WideCharToMultiByte
VirtualFree
VirtualAlloc
GetCurrentProcessId
WriteFile
lstrcpynA
SetLastError
GetProcAddress
GlobalFree
GetFileAttributesA
CreateDirectoryA
InterlockedDecrement
_llseek
_lclose
lstrcpyA
GetStartupInfoA
CreateProcessW
GetDateFormatA
CompareStringW
InterlockedIncrement
GetLastError
GetTimeZoneInformation
lstrcmpiA
GetEnvironmentStringsW
LockFile
LeaveCriticalSection
LCMapStringW
GetModuleFileNameW
VirtualQuery
GetFullPathNameA
Sleep
CreateFileA
FlushInstructionCache
UnlockFile
GlobalAddAtomA
SystemTimeToFileTime
LoadResource
FindNextFileA
WaitForSingleObject
MoveFileA
UnhandledExceptionFilter
GetFileType
GetLocalTime
CreateSemaphoreA
EnterCriticalSection
GetFileTime
TlsAlloc
HeapAlloc
HeapFree
FlushFileBuffers
LoadLibraryExA
LCMapStringA
GetExitCodeProcess
CreateEventA
GetSystemDirectoryA
IsBadReadPtr
TerminateProcess
GetModuleFileNameA
GetTickCount
GetUserDefaultLangID
GlobalLock
FindFirstFileA
GetSystemTime
OpenProcess
_lwrite
IsDBCSLeadByte
GetCurrentDirectoryA
GlobalSize
SetEvent
ExitThread
LockResource
GetShortPathNameA
SetStdHandle
lstrcatA
GetCurrentThreadId
FormatMessageW
DuplicateHandle
SetLocalTime
CreateThread
SetErrorMode
GetStringTypeA
MultiByteToWideChar
SearchPathA
GlobalReAlloc
GlobalUnlock
GetEnvironmentStrings
GetCPInfo
SetCurrentDirectoryA
GetSystemDefaultLangID
TlsFree
SizeofResource
SetFileTime
GlobalAlloc
GetCurrentProcess
GetVersionExA
GetStringTypeW

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 155KB - Virtual size: 1024KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad23eba376fb09ef884c9f10483453df

Headers

File Characteristics

Imports

user32

ws2_32

ddraw

advapi32

samlib

kernel32

Sections

.text Size: 1KB - Virtual size: 1KB

.idata Size: 6KB - Virtual size: 5KB

.rdata Size: 206KB - Virtual size: 206KB

.data Size: 155KB - Virtual size: 1024KB

.rsrc Size: 131KB - Virtual size: 131KB

.text
Size: 1KB - Virtual size: 1KB

.idata
Size: 6KB - Virtual size: 5KB

.rdata
Size: 206KB - Virtual size: 206KB

.data
Size: 155KB - Virtual size: 1024KB

.rsrc
Size: 131KB - Virtual size: 131KB