d28308bdc27e551c72257ad1041cb71f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d28308bdc27e551c72257ad1041cb71f_JaffaCakes118
Size

130KB
MD5

d28308bdc27e551c72257ad1041cb71f
SHA1

c2b1c1e8dac4ef8d67e20ce9eea738ad4e7439f8
SHA256

7b90a05ba2b72a0f3b92be5e3ff9a1c16b1701ea54c5ec40c8634703d0a7f881
SHA512

f0a3548794b78a37827ad43af5a3c5304fa45a49c099f3ae939351b25b433f6f8c8224e6dcf8b0960090ebd923d540eeaf7a92f3eafc36f9330e18c7fa9addc1
SSDEEP

3072:kOdGma+ZTpO1wj9ZdJr00a7cel4e4MqGBb0:Ffa+ZTm+txmQelWW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d28308bdc27e551c72257ad1041cb71f_JaffaCakes118

Files

d28308bdc27e551c72257ad1041cb71f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dc90493c3f8c6ba2b4ca028ad42cc20c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
DeleteFileA
ExitProcess
ExitThread
GetACP
GetCommandLineA
GetLastError
GetModuleHandleA
GetOEMCP
GetStartupInfoA
GetSystemTimeAsFileTime
HeapAlloc
InterlockedIncrement
OpenFile
RtlUnwind
SetLastError
lstrcmpA
lstrlenA

advapi32

RegCloseKey
RegEnumKeyA
RegLoadKeyA
RegOpenKeyExA
RegQueryValueA

wininet

InternetWriteFile
InternetSetOptionExA
InternetReadFile
InternetQueryDataAvailable
InternetGetLastResponseInfoA
InternetGetCookieA
InternetCrackUrlA
InternetConnectA
InternetCloseHandle
InternetCanonicalizeUrlA
HttpSendRequestA
HttpQueryInfoA
HttpOpenRequestA
HttpAddRequestHeadersA

user32

EndDeferWindowPos
LoadMenuA
LoadAcceleratorsA
IsCharUpperA
DestroyMenu
MessageBoxA
CharUpperA
IsCharLowerA

shell32

ShellExecuteExA
Shell_NotifyIconA
ShellExecuteW
ShellExecuteA
SHGetPathFromIDListA
SHGetMalloc
SHGetFileInfoA
SHBindToParent
SHFileOperationA
SHGetDesktopFolder

shlwapi

PathIsRelativeA
PathMatchSpecA
PathIsDirectoryA
PathQuoteSpacesA
PathUnquoteSpacesA
PathFindExtensionA
PathFileExistsA
PathAppendA
PathCanonicalizeA

imm32

ImmGetCompositionStringW
ImmReleaseContext
ImmSetCompositionFontA
ImmSetCompositionWindow
ImmGetContext

msvcrt

memcpy
memmove
fflush
_errno
memset
sscanf
strchr
strlen
free
time

Sections

.text
Size: 75KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc90493c3f8c6ba2b4ca028ad42cc20c

Headers

File Characteristics

Imports

kernel32

advapi32

wininet

user32

shell32

shlwapi

imm32

msvcrt

Sections

.text Size: 75KB - Virtual size: 76KB

.rdata Size: 21KB - Virtual size: 24KB

.data Size: 4KB - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.rsrc Size: 26KB - Virtual size: 28KB

.text
Size: 75KB - Virtual size: 76KB

.rdata
Size: 21KB - Virtual size: 24KB

.data
Size: 4KB - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 26KB - Virtual size: 28KB