3794e09bf45311278a1f2b5df58179d0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3794e09bf45311278a1f2b5df58179d0_JaffaCakes118
Size

165KB
MD5

3794e09bf45311278a1f2b5df58179d0
SHA1

76278818a7dbcecf23459138a90b58e6ff3370ef
SHA256

83005546efee4fb8546ba35038b6a8e2a6890e62a6efaf8a061e4257b4eb3bd1
SHA512

c9a8c65ff9e028e79a4f0342898dba9cedd4b684917740607761e2b2a21110ad4de7299f878e7c334adff59a6d0cc73405cc6299e6061cb3ae3b1025b73497c4
SSDEEP

3072:AdlYy6+VFYqb43dau6AqxDtyjGhtB5bQQThU:Adlw+VFY9d49xDtyjmB9C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3794e09bf45311278a1f2b5df58179d0_JaffaCakes118

Files

3794e09bf45311278a1f2b5df58179d0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b7e1a33e7e951636258c0e5d515c4fc8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetParent
TranslateMessage
GetDesktopWindow
GetDC
CharNextA
GetSystemMetrics

kernel32

GetCommandLineW
GetStartupInfoA
GetModuleHandleA
GetTickCount
GlobalFindAtomW
CopyFileA
MulDiv
DeleteFileA
GetProcessHeap
lstrlenW
lstrcmpiW
GetCurrentThread
GetVersion
IsDebuggerPresent
GlobalFindAtomA
SetCurrentDirectoryA
GetWindowsDirectoryA
DeleteFileW
GetModuleHandleW
lstrlenA
lstrcmpA
lstrcmpiA
RemoveDirectoryA
GetOEMCP
GetCurrentThreadId
GetConsoleOutputCP
GetDriveTypeA
GetCommandLineA
GetACP
GetUserDefaultLangID
GetCurrentProcessId
QueryPerformanceCounter
GetCurrentProcess
GetThreadLocale
VirtualAlloc
VirtualFree

gdi32

GetClipBox
GetStockObject
GetTextMetricsA
SelectObject
DeleteDC
CreateFontIndirectA
DeleteObject
RestoreDC
PatBlt
GetDeviceCaps
SetTextColor
SetMapMode
CreatePalette
CreatePen
GetPixel
GetObjectA
CreateCompatibleDC
SetTextAlign
LineTo
SaveDC
SelectPalette
SetStretchBltMode
RectVisible
CreateSolidBrush

glu32

gluNurbsCallback

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Omvlhqqo
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sipgblyl
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7e1a33e7e951636258c0e5d515c4fc8

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

gdi32

glu32

Sections

.text Size: 10KB - Virtual size: 10KB

Omvlhqqo Size: 512B - Virtual size: 4KB

.rdata Size: 26KB - Virtual size: 26KB

Sipgblyl Size: 512B - Virtual size: 4KB

.data Size: 100KB - Virtual size: 99KB

.rsrc Size: 26KB - Virtual size: 26KB

.text
Size: 10KB - Virtual size: 10KB

Omvlhqqo
Size: 512B - Virtual size: 4KB

.rdata
Size: 26KB - Virtual size: 26KB

Sipgblyl
Size: 512B - Virtual size: 4KB

.data
Size: 100KB - Virtual size: 99KB

.rsrc
Size: 26KB - Virtual size: 26KB