28a7236df3b6e04566cf6906db169854_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

28a7236df3b6e04566cf6906db169854_JaffaCakes118
Size

162KB
MD5

28a7236df3b6e04566cf6906db169854
SHA1

6e7adbf8e0cec06150f9faeee8afc13a0b10ab45
SHA256

db69014c2ec4208ef9483d4708cc156f0d9733dd343fb6af6b3864ba76210f1a
SHA512

09a9f1bb7c0c8ee090daec08aec2da7a09a096729362397403f7c7651ce31833c8444106633c0e486a1a8e108f402bff9be1bd445438224899386e598c2a852e
SSDEEP

3072:qC4PBXPYztXYgISCBd08VlHKT5RmcKh68KmJ86UGE4oI:f4ZXAztX4Bd08VkT/ECP4o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28a7236df3b6e04566cf6906db169854_JaffaCakes118

Files

28a7236df3b6e04566cf6906db169854_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4973b359b75520a9beb0c457c52102ec

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateDirectoryA
CreateEventA
DeleteCriticalSection
DisableThreadLibraryCalls
DuplicateHandle
ExitThread
FindFirstFileA
GetConsoleOutputCP
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetDriveTypeA
GetFileAttributesA
GetFileSize
GetFileType
GetLocalTime
GetShortPathNameA
GetThreadLocale
HeapAlloc
HeapFree
InterlockedIncrement
LCMapStringA
LoadLibraryA
LoadResource
MoveFileExA
ReadFile
ResetEvent
SetCurrentDirectoryA
SetEnvironmentVariableA
SetFileAttributesA
SetPriorityClass
SetStdHandle
WriteConsoleA

user32

CharLowerA
CharNextA
CheckRadioButton
CreateDialogParamA
DestroyMenu
DialogBoxParamA
DispatchMessageA
DrawFocusRect
DrawIcon
DrawTextA
EnableMenuItem
ExitWindowsEx
GetClassNameA
GetDC
GetDlgItemTextA
GetMenuItemCount
GetMessageA
GetProcessWindowStation
GetWindowDC
GetWindowLongA
GetWindowRect
GetWindowThreadProcessId
IsChild
IsWindow
MessageBeep
MessageBoxA
MsgWaitForMultipleObjects
PostMessageA
ScreenToClient
SetCapture
SetDlgItemInt
SetWindowRgn
SystemParametersInfoA
TrackPopupMenu

advapi32

AdjustTokenPrivileges
AllocateAndInitializeSid
ChangeServiceConfig2A
ChangeServiceConfigA
CloseServiceHandle
ControlService
CreateServiceA
DeleteService
GetSecurityDescriptorControl
GetUserNameA
InitializeSecurityDescriptor
LockServiceDatabase
OpenSCManagerA
QueryServiceStatus
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegFlushKey
RegOpenKeyA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueA
RegSetValueExA
RegisterServiceCtrlHandlerA
SetSecurityDescriptorDacl
StartServiceA
StartServiceCtrlDispatcherA

Sections

.text
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4973b359b75520a9beb0c457c52102ec

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 147KB - Virtual size: 147KB

.data Size: 2KB - Virtual size: 97KB

.bss Size: - Virtual size: 6KB

.data1 Size: 7KB - Virtual size: 7KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 912B

.text
Size: 147KB - Virtual size: 147KB

.data
Size: 2KB - Virtual size: 97KB

.bss
Size: - Virtual size: 6KB

.data1
Size: 7KB - Virtual size: 7KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 912B