28f6880f794b9a9d4a83abcbb4ac44bc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

28f6880f794b9a9d4a83abcbb4ac44bc_JaffaCakes118
Size

364KB
MD5

28f6880f794b9a9d4a83abcbb4ac44bc
SHA1

c31b3402c36c5f7c7e24ac071b8e562f7d841a2f
SHA256

0a5be412f41ed93d0029093b637d57135b352e7d569fc90b4a587c8df9439d0b
SHA512

512703d63e2d341d5c2061180be1fcb1c6b63d1eab56ee398270d9926c248022ff66a0c745b3b01c8af90078da632fe13b7131eb5b4fe0ce957c758d5d8176c4
SSDEEP

6144:X8luDQh19+ibV4ORK5rMl7iZ3hOOUDJ4uz3wJJF/IuhsLWEUKyFm5t0QvF9F:MIDQ/dbwrMg3oXJBsJFAssKq2eZvF9F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28f6880f794b9a9d4a83abcbb4ac44bc_JaffaCakes118

Files

28f6880f794b9a9d4a83abcbb4ac44bc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8ca653eac1f1ad38b08d42f33839bd13

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
VirtualAllocEx
GetFullPathNameA
GetOverlappedResult
LoadLibraryExA
IsBadWritePtr
ReleaseMutex
GetShortPathNameA
FindFirstFileW
SearchPathW
LocalSize
ReadConsoleA
DeleteFiber
OpenSemaphoreW
TryEnterCriticalSection
GetUserDefaultLangID
ExitProcess
SetTimeZoneInformation
EnumSystemCodePagesA
EnumCalendarInfoW
RemoveDirectoryA
GetSystemDefaultLangID
IsProcessorFeaturePresent
SetFileTime
GlobalAddAtomA
GetVersionExA
VirtualProtect

user32

MapVirtualKeyA
SetCaretPos
ModifyMenuA
CloseClipboard

comdlg32

GetOpenFileNameA

advapi32

CryptSetKeyParam
SetSecurityInfo
ReportEventA
GetServiceDisplayNameW
ReadEventLogW
AccessCheck
AddAce
RegQueryInfoKeyA
OpenSCManagerA
CloseEventLog
RegReplaceKeyW
SetFileSecurityW
RegUnLoadKeyW
CreateProcessAsUserW
AbortSystemShutdownA
GetTokenInformation
MapGenericMask
ObjectCloseAuditAlarmW
GetSecurityDescriptorSacl
LookupPrivilegeValueA
SetSecurityDescriptorOwner
MakeAbsoluteSD
RegOpenKeyA
GetExplicitEntriesFromAclW
GetUserNameA
RegDeleteKeyA
RegDeleteValueA
GetAclInformation
GetNamedSecurityInfoA
GetUserNameW
LookupPrivilegeDisplayNameA
CryptDestroyHash
RegQueryValueExW
RegConnectRegistryW
InitializeAcl
ChangeServiceConfigW
RegisterEventSourceW

shell32

DragQueryPoint
SHBrowseForFolderA
DragFinish
ShellExecuteA
ExtractIconA
Shell_NotifyIconW

oleaut32

VariantCopy
SetErrorInfo
LoadTypeLibEx
SafeArrayRedim
QueryPathOfRegTypeLi
SafeArrayCreate

shlwapi

PathCombineW
StrCmpW
SHRegGetUSValueW
PathIsDirectoryEmptyW
StrToIntExW
SHSetThreadRef
StrTrimW
PathIsDirectoryA
wvnsprintfW
UrlCombineW
SHSetValueW
PathCompactPathExW
SHGetValueA
PathRemoveBlanksW
PathIsPrefixW

setupapi

SetupDiClassNameFromGuidExA
SetupDiSetDeviceInstallParamsW
SetupDiDeleteDeviceInfo
SetupGetTargetPathW

Sections

.text
Size: 332KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8ca653eac1f1ad38b08d42f33839bd13

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

shell32

oleaut32

shlwapi

setupapi

Sections

.text Size: 332KB - Virtual size: 330KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 24KB - Virtual size: 20KB

.text
Size: 332KB - Virtual size: 330KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 24KB - Virtual size: 20KB