28e45ca3f5f57de7d388db32f4853e76_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

28e45ca3f5f57de7d388db32f4853e76_JaffaCakes118
Size

395KB
MD5

28e45ca3f5f57de7d388db32f4853e76
SHA1

48ef7f0af6421de4c9dbaf24fa25410c8cfc9b26
SHA256

1a4186fe1559981164e4fb30b49fc26cd7411471acae989be5679b6027b2b1da
SHA512

1a62ed4672f6ec4ce0a34de0f860656bcb658f5d023341f97da0f7ee28f7acdba07c18fd96b42028b788a24a315af0bfaa776c2ae8a1f318cc8413ab7d28fa10
SSDEEP

12288:Wwi8/lRHN3g+K1rLxt+1JnSp3lnTp5pIOwAetdE:KElT3XKRuJnGlnTp7d1e3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28e45ca3f5f57de7d388db32f4853e76_JaffaCakes118

Files

28e45ca3f5f57de7d388db32f4853e76_JaffaCakes118
.exe windows:5 windows x86 arch:x86

be7c709706563f8d2262e2a89bca5e09

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CompareStringA
GetQueuedCompletionStatus
EnterCriticalSection
InitializeCriticalSection
RegisterWaitForSingleObjectEx
GetThreadLocale
CreateIoCompletionPort
GetNamedPipeInfo
RegisterWaitForInputIdle
SetLastError
GetEnvironmentStringsA
DecodePointer
HeapWalk
GetUserDefaultLangID
HeapValidate
SetFirmwareEnvironmentVariableA
HeapDestroy
RtlFillMemory
OpenThread
ReadFile
MapViewOfFile
WriteFileEx
WaitForSingleObjectEx
GetThreadSelectorEntry
CopyFileExA
CreateFileA
GetSystemDefaultLCID
SetThreadLocale
WriteFileGather
TransactNamedPipe
CreateNamedPipeA
InterlockedPushEntrySList
WaitNamedPipeA
GetThreadIOPendingFlag
CreateMutexA
InterlockedPopEntrySList
ReadFileScatter
CreateThread
SleepEx
DeleteFileA
EnumSystemLanguageGroupsA
HeapAlloc
EncodePointer
HeapFree
UnmapViewOfFile
VirtualAllocEx
GetEnvironmentVariableA
InterlockedFlushSList
EnumSystemLocalesA
WaitForSingleObject
SetThreadAffinityMask
WaitForSingleObject
InterlockedExchange
ConvertDefaultLocale
GetCurrentDirectoryA
MapViewOfFileEx
DeleteCriticalSection
GetUserDefaultLCID
HeapCompact
EnumLanguageGroupLocalesA
FreeEnvironmentStringsA
SetFilePointer
DosDateTimeToFileTime
GetCurrentThreadId
LeaveCriticalSection
ConnectNamedPipe
lstrlenW
lstrcpyW
CreateFileMappingA
GetSystemDefaultUILanguage
SetThreadIdealProcessor
HeapSetInformation
GetTickCount
HeapCreate
GetSystemDefaultLangID

advapi32

RegQueryValueExW
RegCreateKeyW
RegOpenKeyExA
RegFlushKey

msvcrt

_exit
srand
isdigit
__set_app_type
__p__fmode
__getmainargs
__setusermatherr
_except_handler3
_c_exit
rand

user32

DispatchMessageW
PostQuitMessage
ShowCursor
SetTimer
IsIconic
SendMessageW
SetCapture
ReleaseCapture
InvalidateRect
GetDlgItemInt
GetMenu
GetWindowDC
BeginPaint
GetDesktopWindow
UpdateWindow
EndDialog
RegisterClassW
LoadIconW
CreateWindowExW
FlashWindow
SetCursor
GetWindowRect
TranslateMessage
TranslateAcceleratorW
GetSystemMetrics
LoadStringW
GetMessageW
LoadCursorW

Sections

.text
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be7c709706563f8d2262e2a89bca5e09

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

msvcrt

user32

Sections

.text Size: 239KB - Virtual size: 239KB

.data Size: 146KB - Virtual size: 145KB

.rsrc Size: 9KB - Virtual size: 388KB

.text
Size: 239KB - Virtual size: 239KB

.data
Size: 146KB - Virtual size: 145KB

.rsrc
Size: 9KB - Virtual size: 388KB