28f7f99a6434c0097e9c9ff572c8457e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

28f7f99a6434c0097e9c9ff572c8457e_JaffaCakes118
Size

50KB
MD5

28f7f99a6434c0097e9c9ff572c8457e
SHA1

e62459b6c31133ee9995614dbb0c0f71bc3da853
SHA256

1802bd86a3905ffb248546c7bc86011bcb55b7444c109cc4dd8b2d1d010c2f32
SHA512

d1a253dfb4d494fef023f1d75031ea0a93dae810705c231569a56e5e1d1bca81de7a4c2801290928376b8463f8ad2ee229120556070bd477718540e114ba28f7
SSDEEP

1536:YqW5xafh4dklImCsEDxt4p/I4Dp4y42m6lA:Yqp4elvBQ4x4L4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28f7f99a6434c0097e9c9ff572c8457e_JaffaCakes118

Files

28f7f99a6434c0097e9c9ff572c8457e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

bb49c5b2de769980b7f60bc9214ad52f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imagehlp

RemovePrivateCvSymbolicEx
UnMapAndLoad
FindFileInSearchPath
SymEnumerateModules
StackWalk64
BindImageEx
FindExecutableImage
SymSetSearchPath
SymGetModuleBase64
SymGetLineFromName
SymGetModuleInfoW64
SymEnumerateSymbols
SymUnloadModule64
ImageAddCertificate
SymFromName
SymRegisterFunctionEntryCallback
SymGetSymFromName
SymGetSymPrev
SymGetModuleInfo
MapFileAndCheckSumA
ImageGetCertificateData
SymUnDName
SymGetLinePrev
SymGetOptions
UnmapDebugInformation
SymEnumerateSymbolsW64
MapFileAndCheckSumW
SymGetTypeInfo
SearchTreeForFile
ImageDirectoryEntryToData
RemovePrivateCvSymbolic
SymEnumSym
SymLoadModule
FindFileInPath
SymGetSymFromAddr64
SymGetModuleInfo64
SymUnloadModule

kernel32

SetEndOfFile
GetStartupInfoW
CommConfigDialogW
InitializeCriticalSectionAndSpinCount
DnsHostnameToComputerNameW
AddConsoleAliasA
TzSpecificLocalTimeToSystemTime
LocalUnlock
GetConsoleDisplayMode
lstrcatA
SetLocalPrimaryComputerNameW
GetConsoleCharType
GetConsoleNlsMode
ActivateActCtx
GetSystemDefaultLangID
BuildCommDCBAndTimeoutsA
SetConsoleOS2OemFormat
DeleteTimerQueueEx
SetConsoleHardwareState
GetGeoInfoA
lstrcmpA
_lcreat
CreateTimerQueueTimer
EraseTape
GetExpandedNameA
CreateActCtxW
LoadLibraryA
GetUserDefaultLCID
VirtualAlloc
SetComputerNameW
SetConsoleNumberOfCommandsA
UnlockFile
SetHandleContext
GetCalendarInfoA
GetStartupInfoA
FlushFileBuffers
CreateDirectoryA
GetConsoleAliasesLengthW
DeleteCriticalSection
GlobalAddAtomW
GetSystemDefaultLCID
GetCommConfig
SetFileAttributesW
RtlCaptureContext
lstrlen

clusapi

GetClusterResourceTypeKey
OfflineClusterGroup
OnlineClusterResource
GetClusterGroupState
BackupClusterDatabase
SetClusterNetworkName
SetClusterResourceName
PauseClusterNode
ClusterResourceGetEnumCount
GetClusterNetInterface
RestoreClusterDatabase
OnlineClusterGroup
ClusterNodeEnum
CloseClusterNode
OpenClusterNetwork
GetClusterNodeId
GetClusterFromGroup
EvictClusterNodeEx
ClusterNetworkOpenEnum
AddClusterResourceDependency
ClusterResourceControl
ClusterResourceEnum
ClusterResourceCloseEnum
GetClusterNetInterfaceState
CloseClusterNotifyPort
SetClusterGroupNodeList
OpenCluster
ClusterEnum
GetClusterFromResource
GetClusterNodeKey
SetClusterName
CreateClusterGroup
GetClusterResourceNetworkName

advapi32

TraceMessageVa
WmiSetSingleItemA
ElfOldestRecord
GetMultipleTrusteeOperationA
CredUnmarshalCredentialW
QueryServiceConfig2A
SetSecurityDescriptorGroup
EncryptFileW
WmiFileHandleToInstanceNameA
WmiNotificationRegistrationW
TrusteeAccessToObjectW
WmiReceiveNotificationsW
LogonUserA
GetAuditedPermissionsFromAclA
SetEntriesInAuditListW
SystemFunction023
CryptGenRandom
RegisterServiceCtrlHandlerA
CredDeleteW
RegSaveKeyW
GetNamedSecurityInfoExA
ConvertStringSDToSDRootDomainW
EnumServicesStatusW
LsaStorePrivateData
LsaQueryForestTrustInformation
RegEnumValueA
SystemFunction007
ReadEncryptedFileRaw
ReportEventW
GetTraceEnableFlags
InitiateSystemShutdownExW
GetAce
AccessCheckByTypeAndAuditAlarmA
CredpEncodeCredential
EnumServicesStatusExW
CreateCodeAuthzLevel

crypt32

CertVerifyCRLRevocation
CertSerializeCRLStoreElement
CryptRegisterOIDInfo
CryptGetOIDFunctionValue
CertUnregisterSystemStore
CertSaveStore
CryptEnumKeyIdentifierProperties
CertOpenSystemStoreA
CryptSIPGetSignedDataMsg
CertComparePublicKeyInfo
CertVerifyRevocation
CryptMsgControl
CryptSIPPutSignedDataMsg
I_CryptUnregisterSmartCardStore
CertVerifyTimeValidity
I_CryptReleaseLruEntry
CertGetNameStringA
CertNameToStrA
CryptFindCertificateKeyProvInfo
CryptVerifyCertificateSignature
CryptSIPRemoveProvider
CryptDecodeMessage
CertCompareCertificate
CryptFormatObject
I_CryptGetFileVersion
CryptMsgClose
CertEnumCertificateContextProperties
CryptMsgOpenToEncode
I_CryptWalkAllLruCacheEntries
CryptGetAsyncParam
CertCreateCTLEntryFromCertificateContextProperties
CryptMsgVerifyCountersignatureEncodedEx
CertSetCTLContextProperty
RegOpenHKCUKeyExU
CertGetCertificateContextProperty
I_CryptDisableLruOfEntries
CertGetCTLContextProperty
CertEnumSubjectInSortedCTL
CertVerifyValidityNesting
CertDuplicateCRLContext
CertFindRDNAttr
CertSerializeCTLStoreElement

netapi32

I_NetAccountSync
NetGroupAddUser
NetScheduleJobDel
NetFileGetInfo
NlBindingRemoveServerFromCache
DsGetDcNameWithAccountW
RxNetAccessAdd
NetLocalGroupSetMembers
NetScheduleJobAdd
NetUnjoinDomain
NetFileClose
NetSetPrimaryComputerName
NetErrorLogWrite
DsRoleGetDcOperationResults
NetGetDisplayInformationIndex
DsGetDcNextA
I_BrowserSetNetlogonState
I_NetServerAuthenticate
DsGetDcOpenA
NetBrowserStatisticsGet
NetServerTransportEnum
NetUseAdd
NetpInitFtinfoContext
I_NetGetDCList
NetpGetFileSecurity
NetUserGetInfo
DsAddressToSiteNamesExW
DsRoleServerSaveStateForUpgrade
NetapipBufferAllocate
NetServerEnum
NetRemoteTOD
NetReplExportDirEnum
NetpDbgPrint
I_BrowserQueryOtherDomains
I_NetDatabaseSync2
DsAddressToSiteNamesW
DsDeregisterDnsHostRecordsW
NetEnumerateTrustedDomains
NlBindingSetAuthInfo
NetDfsGetInfo
NetReplImportDirAdd
NetLogonSetServiceBits
NetUserAdd

msvcrt40

_wputenv
_wcmdln
__p___wargv
??0ostream@@IAE@ABV0@@Z
strxfrm
_yn
swscanf
_CIsin
rand
gmtime
??1stdiostream@@UAE@XZ
_commit
?doallocate@strstreambuf@@MAEHXZ
_wgetcwd
_mbsrev
_wcsicmp
??1type_info@@UAE@XZ
??1bad_typeid@@UAE@XZ
_safe_fdivr
wcstok
_vsnprintf
??1istream@@UAE@XZ
_ismbbkpunct
??_Gfstream@@UAEPAXI@Z
_lfind
_daylight
_mbsdec
_strupr
rewind
ungetc

Sections

.tixt
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bb49c5b2de769980b7f60bc9214ad52f

Headers

DLL Characteristics

File Characteristics

Imports

imagehlp

kernel32

clusapi

advapi32

crypt32

netapi32

msvcrt40

Sections

.tixt Size: 35KB - Virtual size: 35KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 3KB - Virtual size: 10KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 29KB

.tixt
Size: 35KB - Virtual size: 35KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 3KB - Virtual size: 10KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 29KB