2effd20759df0fc52bb1d7a4bdb10eb4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2effd20759df0fc52bb1d7a4bdb10eb4_JaffaCakes118
Size

166KB
MD5

2effd20759df0fc52bb1d7a4bdb10eb4
SHA1

c758e54a10b64adbdb6e2eb91172143112d48073
SHA256

15f198702a5551dc4dee759fa6e40153d0a896c4c3742896d129ab879c959386
SHA512

33b2e2960774e210833b622f1891942ae3df26c68481fef5ad8510d1ef5d323fd73f7b02dea40235913be96dd5276064aca235e91a16a972b69d33e1d5f0ac3c
SSDEEP

3072:xy1qeKYGZZ9aj1v3l7GzwWB2xYVEaC95FT0KShDddlDnrY1Nms/:X6gOw5fCbFTOfnc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2effd20759df0fc52bb1d7a4bdb10eb4_JaffaCakes118

Files

2effd20759df0fc52bb1d7a4bdb10eb4_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5e4fe4a84ac22c6355248ed71efd096e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiW
SetCurrentDirectoryA
GetOEMCP
GetModuleHandleA
QueryPerformanceCounter
GetCommandLineW
GetWindowsDirectoryA
GetVersion
GlobalFindAtomA
GetModuleHandleW
GetCurrentProcessId
GetCurrentThread
GetProcessHeap
GetCurrentThreadId
GetStartupInfoA
lstrcmpA
GetDriveTypeA
IsDebuggerPresent
GetCommandLineA
DeleteFileA
GetUserDefaultLangID
MulDiv
GlobalFindAtomW
VirtualAlloc
VirtualFree
DeleteFileW
CopyFileA
lstrcmpiA
GetACP
GetThreadLocale
RemoveDirectoryA
GetTickCount
GetCurrentProcess
lstrlenW
lstrlenA
GetConsoleOutputCP

user32

GetParent
CharNextA
GetDC
GetSystemMetrics
TranslateMessage
GetDesktopWindow

gdi32

SetTextAlign
GetObjectA
CreateFontIndirectA
DeleteDC
SelectObject
LineTo
SelectPalette
RectVisible
SaveDC
GetStockObject
RestoreDC
GetClipBox
GetDeviceCaps
GetPixel
DeleteObject
CreatePen
GetTextMetricsA
CreateCompatibleDC
CreateSolidBrush
SetTextColor
SetStretchBltMode
CreatePalette
PatBlt
SetMapMode

glu32

gluNurbsCallback

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Waeh, As
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Gmbsa Qc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5e4fe4a84ac22c6355248ed71efd096e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

glu32

Sections

.text Size: 10KB - Virtual size: 10KB

Waeh, As Size: 512B - Virtual size: 4KB

.rdata Size: 25KB - Virtual size: 24KB

Gmbsa Qc Size: 512B - Virtual size: 4KB

.data Size: 101KB - Virtual size: 100KB

.rsrc Size: 27KB - Virtual size: 96KB

.text
Size: 10KB - Virtual size: 10KB

Waeh, As
Size: 512B - Virtual size: 4KB

.rdata
Size: 25KB - Virtual size: 24KB

Gmbsa Qc
Size: 512B - Virtual size: 4KB

.data
Size: 101KB - Virtual size: 100KB

.rsrc
Size: 27KB - Virtual size: 96KB