0b05d8108794eb16ef85d13f3f437060_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0b05d8108794eb16ef85d13f3f437060_JaffaCakes118
Size

168KB
MD5

0b05d8108794eb16ef85d13f3f437060
SHA1

19fa067b8d2dcd6220dacbafd4c941eaf12de7a3
SHA256

040e89c04392e000dfcfbe80f18089c0e93f845238fe78374e5b012fe9836690
SHA512

c6c6a544fb3e397a72250e6f0cd5739d172b86d8146042527013e04303800eadff287b3f9cd666a21e23f3fff10143524c1bbae3fa81b0cf0036eae549f87b6f
SSDEEP

3072:KdU2IsbIgpsvXNBE669CKrEeJT8zsqjSNv3qyLYoqn9SJEU2:KdU2Fmv2C0EAT8zQd9LYXnV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b05d8108794eb16ef85d13f3f437060_JaffaCakes118

Files

0b05d8108794eb16ef85d13f3f437060_JaffaCakes118
.exe windows:5 windows x86 arch:x86

04c7a7a69561896c97a404f5db79c95a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SetStretchBltMode
RectVisible
SetTextAlign
LineTo
CreateSolidBrush
CreateFontIndirectA
DeleteObject
RestoreDC
SaveDC
SetMapMode
CreatePen
GetTextMetricsA
GetClipBox
CreatePalette
GetPixel
PatBlt
GetDeviceCaps
SetTextColor
GetStockObject
DeleteDC
GetObjectA
SelectObject
CreateCompatibleDC

user32

GetDesktopWindow
TranslateMessage
GetDC
GetParent
CharNextA
GetSystemMetrics

kernel32

GetUserDefaultLangID
SetCurrentDirectoryA
GetCurrentThread
RemoveDirectoryA
VirtualAlloc
VirtualFree
GetTickCount
GetDriveTypeA
GetModuleHandleA
lstrcmpiW
GetProcessHeap
GetVersion
DeleteFileW
lstrcmpA
GlobalFindAtomW
GetStartupInfoA
GetCommandLineW
GetCommandLineA
IsDebuggerPresent
GetModuleHandleW
GetThreadLocale
GetCurrentThreadId
GetConsoleOutputCP
lstrcmpiA
lstrlenA
DeleteFileA
QueryPerformanceCounter
CopyFileA
GetCurrentProcessId
MulDiv
GlobalFindAtomA
GetOEMCP
GetACP
GetCurrentProcess
lstrlenW
GetWindowsDirectoryA

glu32

gluNurbsCallback

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Ypoeponx
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Fee, Qyy
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

04c7a7a69561896c97a404f5db79c95a

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

kernel32

glu32

Sections

.text Size: 11KB - Virtual size: 10KB

Ypoeponx Size: 512B - Virtual size: 4KB

.rdata Size: 26KB - Virtual size: 25KB

Fee, Qyy Size: 512B - Virtual size: 4KB

.data Size: 101KB - Virtual size: 100KB

.rsrc Size: 28KB - Virtual size: 60KB

.text
Size: 11KB - Virtual size: 10KB

Ypoeponx
Size: 512B - Virtual size: 4KB

.rdata
Size: 26KB - Virtual size: 25KB

Fee, Qyy
Size: 512B - Virtual size: 4KB

.data
Size: 101KB - Virtual size: 100KB

.rsrc
Size: 28KB - Virtual size: 60KB