27691d0b024f824faaa57b3a0ad68b09_JaffaCakes118

General

Target

27691d0b024f824faaa57b3a0ad68b09_JaffaCakes118
Size

166KB
MD5

27691d0b024f824faaa57b3a0ad68b09
SHA1

77d31366d0c3be84e9551db327126ea4ae7ea93c
SHA256

ce74d6157f55e4cf0c29948cb92f66e58e1ea197f790ffd94ddd6302d37b2040
SHA512

1c2654da3f24bab6e676acd4ed7d00f08393a6c0ca5f00cd449671fea9dc7024989c0ae6c3f9a8ed9b66952a7e077e12064ba2e15e3c51ed77565e482f8b30fe
SSDEEP

3072:TOxbNx355c71CBcJVlT+JvsFm0n5O9x8Sta+WPbq/OS:q9Nx2YBK+JvGm45O9x8WGPI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27691d0b024f824faaa57b3a0ad68b09_JaffaCakes118

Files

27691d0b024f824faaa57b3a0ad68b09_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a0ceaf70ad3ef0a6ec4d13e02318d3cc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenW
GetModuleHandleW
GetOEMCP
GetStartupInfoA
GetCurrentThread
GetWindowsDirectoryA
GetACP
lstrcmpiA
lstrcmpA
IsDebuggerPresent
RemoveDirectoryA
GetTickCount
GetCommandLineW
GetProcessHeap
GetUserDefaultLangID
GetDriveTypeA
GetCurrentProcess
DeleteFileW
CopyFileA
GetCurrentThreadId
GetConsoleOutputCP
GetCommandLineA
lstrcmpiW
DeleteFileA
SetCurrentDirectoryA
MulDiv
GetCurrentProcessId
GetThreadLocale
QueryPerformanceCounter
VirtualAlloc
VirtualFree
GlobalFindAtomA
GlobalFindAtomW
GetModuleHandleA
lstrlenA

gdi32

GetTextMetricsA
SaveDC
RectVisible
CreateFontIndirectA
DeleteObject
LineTo
CreatePen
CreateCompatibleDC
GetDeviceCaps
SetMapMode
DeleteDC
SetStretchBltMode
PatBlt
SelectObject
RestoreDC
CreateSolidBrush
CreatePalette
SetTextColor
SetTextAlign
GetClipBox
SelectPalette
GetPixel
GetObjectA
GetStockObject

user32

GetDC
GetDesktopWindow
GetParent
TranslateMessage
CharNextA
GetSystemMetrics

glu32

gluNurbsCallback

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Pmtop Yj
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Pyyyyvkm
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a0ceaf70ad3ef0a6ec4d13e02318d3cc

Headers

File Characteristics

Imports

kernel32

gdi32

user32

glu32

Sections

.text Size: 10KB - Virtual size: 10KB

Pmtop Yj Size: 512B - Virtual size: 4KB

.rdata Size: 26KB - Virtual size: 25KB

Pyyyyvkm Size: 512B - Virtual size: 4KB

.data Size: 100KB - Virtual size: 100KB

.rsrc Size: 27KB - Virtual size: 26KB

.text
Size: 10KB - Virtual size: 10KB

Pmtop Yj
Size: 512B - Virtual size: 4KB

.rdata
Size: 26KB - Virtual size: 25KB

Pyyyyvkm
Size: 512B - Virtual size: 4KB

.data
Size: 100KB - Virtual size: 100KB

.rsrc
Size: 27KB - Virtual size: 26KB