37c28b1be0b1824de349a766e779bb2f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

37c28b1be0b1824de349a766e779bb2f_JaffaCakes118
Size

312KB
MD5

37c28b1be0b1824de349a766e779bb2f
SHA1

28a7ecd9feebc127b5ef7f6fc95b9131fe939c87
SHA256

10155e6fb772129d2b7b646a49e424d9e2e44fbfbcacae7e1a6d1a2d5f3dd619
SHA512

a35bfcb22dea4742e284083e931fc26852e75d9295b0ec1320dd0f58f3e63e579b4cc333daf7a6b4754d4060f14288445c711f87e13de4b5c30062ad4920b6a0
SSDEEP

6144:kXYuhJ8K8+wkrmxyKAqniuuekaqnlaeTZTRjIMmRi3DLUuzqiX4j9g1YXoY81P:gAYQyRqniNekyeZTZdxDALiX4VXg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37c28b1be0b1824de349a766e779bb2f_JaffaCakes118

Files

37c28b1be0b1824de349a766e779bb2f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d28ad892936b7f305c89b6ce94f0814e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareStringA
GetCurrentProcess
LocalAlloc
FreeResource
VirtualProtect
GetHandleInformation
lstrcpyA
SetupComm
LoadLibraryExA
FindFirstFileA
CreateIoCompletionPort
ReleaseMutex
PulseEvent
_hread
ExitProcess
CreateEventA
FileTimeToLocalFileTime
UnmapViewOfFile
LocalReAlloc
GetCurrentProcessId
GetCompressedFileSizeW
GetOEMCP
ReadConsoleInputW
GetFileAttributesExA
GetProcessTimes
GetNumberFormatW
GetLongPathNameA
GetTapeParameters
GetLogicalDriveStringsA
lstrcmpA
GetTimeZoneInformation
SetConsoleCursorPosition
GlobalReAlloc
GetVolumeInformationW
ReadFile
CreateMutexA
OutputDebugStringA
SwitchToFiber
SetCommMask
WritePrivateProfileStringW
VirtualFree
WriteProcessMemory
InitializeCriticalSection
SetProcessShutdownParameters
GetCommandLineA
lstrlenA
GetVersionExA

user32

BroadcastSystemMessageW

gdi32

GetGlyphOutlineA
SetWorldTransform
LineTo
ScaleWindowExtEx
GetObjectW
SetWinMetaFileBits
CreateHalftonePalette
CreateICA
WidenPath
GetMetaFileBitsEx
RectInRegion
GetCharWidth32W

advapi32

SetSecurityDescriptorDacl
CreateProcessAsUserA
QueryServiceObjectSecurity
InitiateSystemShutdownA
SetThreadToken
EqualSid
CryptGetKeyParam
RegEnumValueW
DuplicateToken
RegSaveKeyW
RegSetKeySecurity
AccessCheck
RegSetValueExA
RegGetKeySecurity
GetUserNameW
GetAce
RegisterServiceCtrlHandlerW
RegSetValueA
QueryServiceStatus
CryptSignHashW
DeregisterEventSource
ControlService
CryptReleaseContext
CryptGetHashParam
IsValidAcl
GetSecurityDescriptorLength

shell32

ShellExecuteA

ole32

OleCreateLink

oleaut32

SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
LoadTypeLi
VariantChangeType
SafeArrayRedim

comctl32

PropertySheetW

shlwapi

StrChrIW
StrStrW
PathIsDirectoryA
StrCpyW
PathSkipRootW
SHRegWriteUSValueW
StrChrA
PathCombineW

setupapi

SetupLogErrorA
SetupDiGetDeviceInstanceIdW

Sections

.text
Size: 292KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d28ad892936b7f305c89b6ce94f0814e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

shlwapi

setupapi

Sections

.text Size: 292KB - Virtual size: 288KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 11KB

.text
Size: 292KB - Virtual size: 288KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 11KB