d728a64aa211d591c8295d8675bdea56_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d728a64aa211d591c8295d8675bdea56_JaffaCakes118
Size

250KB
MD5

d728a64aa211d591c8295d8675bdea56
SHA1

28ce23635f0f14168921eb884c67cdd586c710ec
SHA256

d70a448ab2a207ea6dd8b9d0e97f3730691078bebbb57e729e8ab7cee76986c2
SHA512

d8ee41ff8ac09f22449e5c318dc73b607674898224c924c2d8614a9e4283ec381164b1e4fe022f6cb892cbf27cd4607eba467ad1f5b4d295f09006109a460489
SSDEEP

6144:fxFlLxk+8yfXVtQ/dQpkYkdhJSc+3PFqypn+lgaoiiy5:prxOtYO+c+31pn+l3zn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d728a64aa211d591c8295d8675bdea56_JaffaCakes118

Files

d728a64aa211d591c8295d8675bdea56_JaffaCakes118
.exe windows:1 windows x86 arch:x86

b7a65e1ee54ce835746123ca5f00c4e9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE

Imports

user32

FillRect
SetScrollInfo
GetDC
ShowOwnedPopups
LoadCursorA
CheckRadioButton
GetSystemMenu
MessageBoxA
DispatchMessageA
PostQuitMessage
SetCursor
DestroyIcon
IsDialogMessageA
UpdateWindow
WindowFromPoint
CharToOemBuffA
InsertMenuA
AdjustWindowRect
CopyRect
ExitWindowsEx
ClientToScreen
SetActiveWindow
ShowCursor
IsChild
LoadMenuA
AttachThreadInput
PostMessageA
DefWindowProcA
IsWindowEnabled
IsWindow
SetClassLongA
CharToOemA
SetScrollRange
SetScrollPos
FrameRect
SetCursorPos
GetActiveWindow
GetSysColor
GetDlgItem
GetWindowThreadProcessId
EndDialog
SetForegroundWindow
CreatePopupMenu
GetWindowDC
InsertMenuItemA
GetWindowTextA
RemoveMenu
GetMenuItemRect
CharUpperBuffA
GetMenuItemID
DefDlgProcA
LoadStringA
DestroyCursor
FindWindowA
GetWindow
AppendMenuA
GetClassLongA
IsWindowVisible
ReleaseDC
CharLowerA
UnregisterClassA

advapi32

RegOpenKeyA
RegEnumKeyExA
RegSetValueExA

kernel32

SetConsoleOutputCP
GetConsoleTitleA
ExitProcess
GetCPInfo
GetCurrentProcess
FindResourceA
LoadResource
SizeofResource
DeviceIoControl
LocalAlloc
SetConsoleCtrlHandler
LocalFree
VirtualProtectEx
LoadLibraryA
GetProcAddress
GlobalSize
GetModuleHandleA
SetConsoleTitleA
lstrcmpi
InterlockedExchange
FreeResource
UnmapViewOfFile
SetThreadPriority
SetFileAttributesA
ClearCommBreak
GlobalFree
ReleaseSemaphore
FileTimeToLocalFileTime
CreatePipe
MapViewOfFile
RemoveDirectoryA
LoadModule
Beep
GetACP
CreateProcessA
CreateMutexA
GetCommTimeouts
CreateConsoleScreenBuffer
GetFileAttributesA
WaitForSingleObject
FindClose
GetFullPathNameA
GetDateFormatA
OpenProcess
EnterCriticalSection
GetConsoleMode
SetConsoleTextAttribute
TlsAlloc
GetEnvironmentStringsA
OpenSemaphoreA
GetCurrencyFormatA
SetEvent
DeleteFileA
FindFirstFileA
FreeLibrary
GetDiskFreeSpaceA
GlobalHandle
SetCommState
TlsSetValue
ConnectNamedPipe
TlsGetValue
TerminateThread
OpenMutexA
ClearCommError
GetCurrentProcessId
InterlockedIncrement
SetFilePointer
OpenFileMappingA
TerminateProcess
GetLogicalDrives
SetStdHandle
CreateDirectoryA
GetFileTime
GetLastError
SetCommTimeouts
WaitCommEvent
GetCurrentDirectoryA
GetThreadPriority
SetConsoleCursorPosition
GetTempPathA
SetFileTime
ReadFile
DeleteCriticalSection
SetConsoleCP
DeleteAtom
GetVersionExA
GetLocaleInfoA
GetSystemDirectoryA
CreateSemaphoreA
SetLocalTime
GetCommState
ReadConsoleInputA
WriteConsoleA
CloseHandle
ExitThread
GetConsoleCP
DuplicateHandle
FreeConsole
DisconnectNamedPipe
GetLocalTime
GetDriveTypeA
OpenEventA
GetStdHandle
SuspendThread
CreateFileMappingA
SetCurrentDirectoryA
ResumeThread
SetEndOfFile
WriteConsoleInputA
GetExitCodeThread
SystemTimeToFileTime
SetPriorityClass
GetExitCodeProcess
PeekConsoleInputA
GetCommMask
GetSystemTime
CreateEventA
PurgeComm
GetCommandLineA
SetCommMask
WriteConsoleOutputA
LockFile
CopyFileA
GetFileType
FileTimeToSystemTime
CreateFileA
GetCurrentThreadId
lstrcmpA
FindNextFileA
GlobalReAlloc
LocalReAlloc
CreateNamedPipeA
GetCommConfig
ReadConsoleA
CallNamedPipeA
UnlockFile
GetLogicalDriveStringsA
ReleaseMutex

gdi32

AnimatePalette
MoveToEx
SetTextColor
GetKerningPairsA
FloodFill
GetRgnBox
ResizePalette
LineTo
BitBlt
SetBitmapBits
GetViewportOrgEx

wsock32

connect
WSAGetLastError
htons
gethostname
WSACleanup
htonl
listen
ntohs
accept
gethostbyname
bind
sendto
setsockopt
ntohl
getsockname
recvfrom
recv
socket
send
WSAStartup
closesocket

Sections

CODE
Size: 9KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

DATA
Size: 10KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 218KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7a65e1ee54ce835746123ca5f00c4e9

Headers

File Characteristics

Imports

user32

advapi32

kernel32

gdi32

wsock32

Sections

CODE Size: 9KB - Virtual size:

.rdata Size: 1024B - Virtual size:

DATA Size: 10KB - Virtual size:

.idata Size: 5KB - Virtual size:

.rsrc Size: 218KB - Virtual size:

.reloc Size: 5KB - Virtual size:

CODE
Size: 9KB - Virtual size:

.rdata
Size: 1024B - Virtual size:

DATA
Size: 10KB - Virtual size:

.idata
Size: 5KB - Virtual size:

.rsrc
Size: 218KB - Virtual size:

.reloc
Size: 5KB - Virtual size: