28bf0e05e3c35c597d7952a42a1303d6_JaffaCakes118

General

Target

28bf0e05e3c35c597d7952a42a1303d6_JaffaCakes118
Size

301KB
MD5

28bf0e05e3c35c597d7952a42a1303d6
SHA1

93733106e576580faf15b9b7cc2e2a5a749e0748
SHA256

d2a1c2136ea14ea1e60900f11ada95397630dec886e2fb388b7113e8f4369474
SHA512

4d8c97545fd5f1243b4e4cb4456204ffb8c421b247bcd32613e9c0164250011b875a131e9b42f58958bf8e05b697cc35c60d88cc108f1eafde3f77246fc85f6a
SSDEEP

6144:Wj21+bjgy2q4+AL/rpVR4ih2pTQZgtDDzsOas6zkJp7ScH+qff48MjZ:qtL2jf3R4hT7DDzh6wJpRZf45F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28bf0e05e3c35c597d7952a42a1303d6_JaffaCakes118

Files

28bf0e05e3c35c597d7952a42a1303d6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b2c0903995147026d9388ff7538c6977

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
FindResourceW
lstrcpyA
SystemTimeToFileTime
lstrcpynW
VirtualAlloc
lstrcpyW
GetModuleFileNameW
CloseHandle
SetEvent
GetFileAttributesW
ResetEvent
GetTimeZoneInformation
HeapAlloc
GlobalUnlock
GetVersionExW
FindClose
lstrcmpiA
HeapReAlloc
WaitForSingleObject
GetFileSize
LeaveCriticalSection
GetUserDefaultUILanguage
GetSystemTimeAsFileTime
CreateMutexW

user32

CloseWindowStation
ToUnicode
GetWindowThreadProcessId
EndDialog
OpenDesktopA
DispatchMessageA
GetIconInfo
SendMessageA
GetMessageA
GetCursorPos
MsgWaitForMultipleObjects
GetWindowLongA
SetProcessWindowStation
GetClassNameA
SetThreadDesktop
GetKeyboardState

shlwapi

StrCmpNIW
SHDeleteKeyA
PathFileExistsW
wvnsprintfW
StrCmpNIA
PathCombineW
wvnsprintfA
PathRemoveFileSpecW
PathFindFileNameW
wnsprintfA

advapi32

DuplicateTokenEx
CryptDestroyHash
RegCreateKeyExA
CryptHashData
RegEnumKeyExA
RegCloseKey
RegSetValueExA
GetUserNameW
RegDeleteValueA
CryptCreateHash
CryptReleaseContext
CryptGetHashParam
RegQueryValueExA

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RCryptor
Size: 41B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b2c0903995147026d9388ff7538c6977

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shlwapi

advapi32

Sections

.text Size: 61KB - Virtual size: 60KB

.data Size: 512B - Virtual size: 24KB

RCryptor Size: 41B - Virtual size: 4KB

.text
Size: 61KB - Virtual size: 60KB

.data
Size: 512B - Virtual size: 24KB

RCryptor
Size: 41B - Virtual size: 4KB