3b28b4826c14053e75cef417a60c1893_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3b28b4826c14053e75cef417a60c1893_JaffaCakes118
Size

332KB
MD5

3b28b4826c14053e75cef417a60c1893
SHA1

2d1c91da2daab964cbde11efc30b9d94a225c8c5
SHA256

30b8761c5baa5b240c3c4aaea30fd26f70c5368d51d373ef80c6129591caf41c
SHA512

c11705ee8ae1c1063a91839427679341d0ec014c9f0d2a6e5a1ab4f230f699b06685c675cc1f5d10393f3065fd7cf0ec21fde42d898f59ab584a1a4248eea750
SSDEEP

6144:O7301vhaPGd9Z0kwpYQJ3YkPdhENjKCSEjE0sP+CW/Hxy:dhaPGp0MubP/MKjOwAR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b28b4826c14053e75cef417a60c1893_JaffaCakes118

Files

3b28b4826c14053e75cef417a60c1893_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6f34b6f05ce5db163d3dd3321d8aabad

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
CloseHandle
LoadResource
QueryDosDeviceW
SetEnvironmentVariableW
GetOverlappedResult
DuplicateHandle
GetCommModemStatus
FlushFileBuffers
CancelIo
SetStdHandle
IsProcessorFeaturePresent
GetCurrentDirectoryW
GetSystemInfo
WriteConsoleOutputCharacterA
GetTapeStatus
ReadConsoleOutputA
GetHandleInformation
OpenMutexA
LocalSize
GetTempPathW
GetCommState
GetTimeZoneInformation
GetShortPathNameA
GetWindowsDirectoryA
SetThreadLocale
GetPrivateProfileStringW
SwitchToFiber
ReadConsoleA
LocalFileTimeToFileTime
GetShortPathNameW
GlobalUnlock
GetACP
RemoveDirectoryW
InitializeCriticalSection
QueryDosDeviceA
EnumCalendarInfoW
EnumDateFormatsW
SizeofResource
GetProcessTimes
_lclose
FileTimeToLocalFileTime
CreatePipe
PrepareTape
CreateMutexW
GetFullPathNameA
GetOEMCP
GetDriveTypeA
_llseek
SetSystemTime
GetUserDefaultLangID
GetStringTypeExW
GetLongPathNameA
IsBadStringPtrA
SetProcessShutdownParameters
SetTimeZoneInformation
GetPrivateProfileStringA
SetThreadPriorityBoost
DosDateTimeToFileTime
OutputDebugStringW
lstrcmpiA
GenerateConsoleCtrlEvent
GetNumberFormatW
SetConsoleMode
lstrcpynA
GetBinaryTypeA
RemoveDirectoryA
SetCommMask
SetFileAttributesA
CreateMutexA
GlobalAddAtomA
GetLogicalDriveStringsA
SetFileTime
FindResourceExA
SetLastError
SetThreadAffinityMask
CreateDirectoryExA
UnhandledExceptionFilter
GetDiskFreeSpaceExA
CreateEventA
GetSystemDefaultLangID
GetCommandLineW
GlobalFlags
PeekNamedPipe
GlobalReAlloc
DebugBreak
GetBinaryTypeW
GetFileAttributesExA
CreateFileW
_hread
DeleteFiber
IsValidLocale
ExpandEnvironmentStringsW
FindCloseChangeNotification
WritePrivateProfileStringA
GetCommandLineA
lstrlenA
VirtualAlloc
WritePrivateProfileSectionA
ExitProcess

user32

CheckMenuItem
CopyAcceleratorTableA
CopyImage
DrawFrameControl
CharNextExA
LockWindowUpdate
LoadCursorA
GetMenuItemRect
ShowWindow
CreateWindowStationW
ClientToScreen
GetWindowRgn
CharPrevA
SetWindowTextW
EndMenu
LoadStringA
MessageBoxIndirectW
SetWindowContextHelpId
GetInputState
DialogBoxParamA
GetCaretPos
wsprintfW
DestroyWindow
GetIconInfo

gdi32

StartDocA
SelectPalette
GetTextExtentPoint32W
PlayMetaFileRecord
GetOutlineTextMetricsW
GetCharWidthA
PaintRgn

comdlg32

CommDlgExtendedError
GetSaveFileNameA
PageSetupDlgW
PrintDlgW

advapi32

LookupPrivilegeNameA
RegQueryValueExW
GetSidSubAuthority
AddAccessDeniedAce
CryptDestroyHash
SetSecurityDescriptorSacl
RegEnumValueA
DuplicateTokenEx
InitiateSystemShutdownW

shell32

DragAcceptFiles
DragQueryPoint
ExtractIconExW
FindExecutableW
SHGetPathFromIDListA

comctl32

ImageList_GetImageInfo
ImageList_DragEnter

shlwapi

StrToIntExW
PathQuoteSpacesW
StrRChrA
PathIsRootA
PathFindExtensionA
UrlCreateFromPathW
PathFindFileNameA
PathAppendW
SHRegGetUSValueW

Sections

mmmok
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

cyymke
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

akmwikm
Size: 277KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

iweceg
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6f34b6f05ce5db163d3dd3321d8aabad

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

shlwapi

Sections

mmmok Size: 3KB - Virtual size: 2KB

cyymke Size: 5KB - Virtual size: 4KB

akmwikm Size: 277KB - Virtual size: 276KB

iweceg Size: 46KB - Virtual size: 45KB

mmmok
Size: 3KB - Virtual size: 2KB

cyymke
Size: 5KB - Virtual size: 4KB

akmwikm
Size: 277KB - Virtual size: 276KB

iweceg
Size: 46KB - Virtual size: 45KB