28d4ca5236f485f3640bf56842cd19f4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

28d4ca5236f485f3640bf56842cd19f4_JaffaCakes118
Size

27KB
MD5

28d4ca5236f485f3640bf56842cd19f4
SHA1

508df55a92becf560e45c6f2d62a9bc9644d9a0e
SHA256

19c6f16cad345989107bea6e220ad005a75d30803a562d8f33cc73450eb995ee
SHA512

069784311bec1806e5247cbf2ae1fd6c3a53c7be21d9accd489f1f0fb464516365d2966536428995bc7551b78bdc8e2b2fe17fa444c43dfa3813da391db5b778
SSDEEP

768:CF6Ez86lMLSk1gZFEJa16f7TXb84Z6YSD+Ott:CkA86GScgIJaCg44qOn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28d4ca5236f485f3640bf56842cd19f4_JaffaCakes118

Files

28d4ca5236f485f3640bf56842cd19f4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

553f1a8d4242c642e6a4e320b17aaa97

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResumeThread
PeekConsoleInputA
OpenJobObjectW
LoadLibraryW
IsValidCodePage
InterlockedExchangeAdd
GetGeoInfoA
FreeConsole
FindFirstVolumeMountPointW
VirtualAlloc

msvcrt

iswspace
_cexit
getwchar
_mbsnbicmp
fgets
_strtime
fwprintf
time
_CIlog

user32

CharLowerBuffW
EnumDesktopsA
GetRawInputDeviceList
RegisterWindowMessageW

ole32

CoQueryClientBlanket
ComPs_NdrDllUnregisterProxy
CoTreatAsClass
CoTaskMemFree
GetClassFile
OleFlushClipboard
OleSave
PropVariantCopy
SNB_UserMarshal
CoBuildVersion
HDC_UserFree
CoGetClassVersion
CreateStreamOnHGlobal
CoSetState
CoTaskMemAlloc

ntdll

RtlpUnWaitCriticalSection
NtSetInformationKey

rpcrt4

NdrMesSimpleTypeAlignSize
SimpleTypeBufferSize
NdrInterfacePointerMarshall

shell32

ord17
ord92
SHGetDiskFreeSpaceExA
SHGetDiskFreeSpaceExW
FreeIconList
ord716
SHQueryRecycleBinA
ord173
SheGetDirA
ExtractAssociatedIconW
DragQueryPoint
SHGetFolderLocation
ord28

ws2_32

WSAAddressToStringA
WSACloseEvent
WSADuplicateSocketA
shutdown
select
recv
htons
gethostbyname
accept
WSCDeinstallProvider
WSASendTo
WSARecvDisconnect
WSAJoinLeaf
WSAInstallServiceClassA
WSAHtons
WSAEnumProtocolsW
WSAEnumProtocolsA

version

VerFindFileW
VerQueryValueW
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoW

gdi32

Chord
CreateScalableFontResourceA
EnumFontFamiliesExA
FillPath
GetArcDirection
GetEnhMetaFileDescriptionA
GetTextCharset
GetTextExtentPoint32A
GetTextExtentPointA
OffsetRgn
SetTextCharacterExtra
SetPixelFormat
SetMetaRgn
SetMagicColors
SelectClipRgn
ResizePalette
PolyBezierTo
PatBlt
AddFontResourceExW

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

553f1a8d4242c642e6a4e320b17aaa97

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

ole32

ntdll

rpcrt4

shell32

ws2_32

version

gdi32

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 10KB - Virtual size: 9KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 1KB - Virtual size: 1KB