0f179fec713daa9be9978e0d3527d21d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0f179fec713daa9be9978e0d3527d21d_JaffaCakes118
Size

169KB
MD5

0f179fec713daa9be9978e0d3527d21d
SHA1

4471f8fdf59336ebbf8deca2a51f131e5ba6493a
SHA256

497ff1d75da2087511d96189d24c1a583910ec584985e08cddea7ba593c1db96
SHA512

788f64b8ab05fe26f306f652cc8816d7993bb73a87ffb1131f4224c9a9f1f5baf543b9923bdb87326a64acb0d1c0fd1f1170305ba604267a4dd8b78f052ca433
SSDEEP

3072:S+3KcYMkjuSvHw7xAGMsm/ANJINNpNbhhoDqQDwZzT1L2IhMc4JxkX:S+37kjun+DkJINhDMfUEWMi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f179fec713daa9be9978e0d3527d21d_JaffaCakes118

Files

0f179fec713daa9be9978e0d3527d21d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

76834575cd303eed6f4a1a66a31fee8f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetParent
GetSystemMetrics
GetDC
CharNextA
GetDesktopWindow
TranslateMessage

kernel32

GetOEMCP
GetCurrentProcess
GetModuleHandleA
QueryPerformanceCounter
lstrcmpiW
GetUserDefaultLangID
SetCurrentDirectoryA
GetCurrentProcessId
GetWindowsDirectoryA
DeleteFileW
GetTickCount
lstrcmpA
GlobalFindAtomA
GetACP
MulDiv
GetProcessHeap
lstrcmpiA
RemoveDirectoryA
GetCurrentThread
lstrlenA
CopyFileA
GetVersion
GetCommandLineW
GetCurrentThreadId
GetThreadLocale
GetModuleHandleW
GetStartupInfoA
lstrlenW
GetDriveTypeA
IsDebuggerPresent
DeleteFileA
GetConsoleOutputCP
GetCommandLineA
GlobalFindAtomW
VirtualAlloc
VirtualFree

gdi32

PatBlt
GetStockObject
CreateCompatibleDC
GetPixel
RestoreDC
SelectPalette
GetClipBox
SetStretchBltMode
CreateFontIndirectA
GetObjectA
GetDeviceCaps
SetMapMode
CreatePalette
DeleteDC
CreateSolidBrush
LineTo
SetTextAlign
SetTextColor
DeleteObject
RectVisible
SaveDC
GetTextMetricsA
CreatePen
SelectObject

glu32

gluNurbsCallback

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Rtax Ywb
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Yleyqtpo
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76834575cd303eed6f4a1a66a31fee8f

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

gdi32

glu32

Sections

.text Size: 10KB - Virtual size: 10KB

Rtax Ywb Size: 512B - Virtual size: 4KB

.rdata Size: 26KB - Virtual size: 25KB

Yleyqtpo Size: 512B - Virtual size: 4KB

.data Size: 100KB - Virtual size: 99KB

.rsrc Size: 30KB - Virtual size: 30KB

.text
Size: 10KB - Virtual size: 10KB

Rtax Ywb
Size: 512B - Virtual size: 4KB

.rdata
Size: 26KB - Virtual size: 25KB

Yleyqtpo
Size: 512B - Virtual size: 4KB

.data
Size: 100KB - Virtual size: 99KB

.rsrc
Size: 30KB - Virtual size: 30KB