19b3baf223b7830859b13dc604b1b242_JaffaCakes118

General

Target

19b3baf223b7830859b13dc604b1b242_JaffaCakes118
Size

167KB
MD5

19b3baf223b7830859b13dc604b1b242
SHA1

b1fdb22a81018a45a53ed2de63fbee1e291096fa
SHA256

444e53712c65c7a8d6d6fd24634b66606394057ec1a3fdcffdf09e01bd818c93
SHA512

c24ebc62383058ea0c0608c02ae33a251dc839db0f7210ecd7064dc70b5531f8cce517caa9e1a26c112e26576b96b4f6875b2dc782520a11e4972bb8d953608e
SSDEEP

3072:HMKrqHgxiHfIfY5+fGeg9gW7QdHsq3c0uUOq:TiQffYkd+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
19b3baf223b7830859b13dc604b1b242_JaffaCakes118

Files

19b3baf223b7830859b13dc604b1b242_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6acbde13e558bfacf25a716c148b70df

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetDC
GetDesktopWindow
TranslateMessage
GetSystemMetrics
CharNextA
GetParent

gdi32

SetStretchBltMode
SetTextAlign
SetMapMode
GetPixel
GetClipBox
LineTo
DeleteObject
GetStockObject
PatBlt
SaveDC
SelectPalette
RestoreDC
GetDeviceCaps
CreateSolidBrush
CreatePalette
DeleteDC
GetTextMetricsA
CreateFontIndirectA
GetObjectA
SelectObject
SetTextColor
CreateCompatibleDC
CreatePen

kernel32

GetWindowsDirectoryA
RemoveDirectoryA
GetOEMCP
GetModuleHandleA
GetCurrentThreadId
GetThreadLocale
GlobalFindAtomW
GetProcessHeap
GetCurrentProcess
lstrlenW
CopyFileA
GetCommandLineA
lstrcmpiW
lstrcmpA
GetTickCount
GetVersion
GetDriveTypeA
GlobalFindAtomA
IsDebuggerPresent
GetCurrentThread
GetCommandLineW
GetStartupInfoA
QueryPerformanceCounter
DeleteFileW
MulDiv
SetCurrentDirectoryA
GetCurrentProcessId
GetConsoleOutputCP
lstrcmpiA
GetModuleHandleW
DeleteFileA
GetUserDefaultLangID
GetACP
VirtualAlloc
VirtualFree
lstrlenA

glu32

gluNurbsCallback

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Wyjpmloq
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Hawgov A
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6acbde13e558bfacf25a716c148b70df

Headers

File Characteristics

Imports

user32

gdi32

kernel32

glu32

Sections

.text Size: 10KB - Virtual size: 10KB

Wyjpmloq Size: 512B - Virtual size: 4KB

.rdata Size: 25KB - Virtual size: 25KB

Hawgov A Size: 512B - Virtual size: 4KB

.data Size: 100KB - Virtual size: 100KB

.rsrc Size: 28KB - Virtual size: 28KB

.text
Size: 10KB - Virtual size: 10KB

Wyjpmloq
Size: 512B - Virtual size: 4KB

.rdata
Size: 25KB - Virtual size: 25KB

Hawgov A
Size: 512B - Virtual size: 4KB

.data
Size: 100KB - Virtual size: 100KB

.rsrc
Size: 28KB - Virtual size: 28KB