3a01eaa334097bb6bba75ed71603caf0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3a01eaa334097bb6bba75ed71603caf0_JaffaCakes118
Size

167KB
MD5

3a01eaa334097bb6bba75ed71603caf0
SHA1

cf2a3b0c854c17fc50e364a7a0069558fe5c3cb4
SHA256

1531ed6934dba0de4ee644aa74f05c7325f9965e0161291cd0b9db92271c3611
SHA512

8fd73e9ac35396098914d852d17fc8e4393c303ac3e12c2ce24187e4e35d09456a4985795a9e550f0e23a0daa6fcb304857ab624de6bba5ff396e9560a1cd952
SSDEEP

3072:+lGbeW2KVl9nAT6iofphr6c2Jvmx5SeYnE/HiWAL8S06VyPrZ:g3F3Vofphr65mTYn4CWAL7y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a01eaa334097bb6bba75ed71603caf0_JaffaCakes118

Files

3a01eaa334097bb6bba75ed71603caf0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

aa78f00f26639658819e53ac2e8981c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
GetThreadLocale
GetTickCount
DeleteFileW
lstrlenW
GetProcessHeap
IsDebuggerPresent
GlobalFindAtomA
GetOEMCP
lstrcmpA
GetUserDefaultLangID
RemoveDirectoryA
DeleteFileA
CopyFileA
lstrcmpiA
GetCurrentProcessId
GetWindowsDirectoryA
GetCurrentThread
GetModuleHandleA
GetCurrentThreadId
lstrcmpiW
GetCommandLineW
VirtualAlloc
VirtualFree
GetConsoleOutputCP
MulDiv
GetACP
GetVersion
GetStartupInfoA
GetCurrentProcess
GetCommandLineA
GlobalFindAtomW
GetModuleHandleW
QueryPerformanceCounter
GetDriveTypeA

gdi32

CreatePen
PatBlt
GetTextMetricsA
SelectObject
RectVisible
SetStretchBltMode
LineTo
CreateSolidBrush
SetTextAlign
SetTextColor
SelectPalette
GetPixel
GetObjectA
GetStockObject
DeleteDC
SaveDC
SetMapMode
DeleteObject
GetClipBox
CreateFontIndirectA
CreateCompatibleDC
GetDeviceCaps
RestoreDC
CreatePalette

user32

GetDC
GetDesktopWindow
TranslateMessage
GetParent
CharNextA
GetSystemMetrics

glu32

gluNurbsCallback

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Qjpn, Wi
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Bsfnnyyt
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa78f00f26639658819e53ac2e8981c0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

user32

glu32

Sections

.text Size: 11KB - Virtual size: 10KB

Qjpn, Wi Size: 512B - Virtual size: 4KB

.rdata Size: 25KB - Virtual size: 25KB

Bsfnnyyt Size: 512B - Virtual size: 4KB

.data Size: 101KB - Virtual size: 101KB

.rsrc Size: 27KB - Virtual size: 26KB

.text
Size: 11KB - Virtual size: 10KB

Qjpn, Wi
Size: 512B - Virtual size: 4KB

.rdata
Size: 25KB - Virtual size: 25KB

Bsfnnyyt
Size: 512B - Virtual size: 4KB

.data
Size: 101KB - Virtual size: 101KB

.rsrc
Size: 27KB - Virtual size: 26KB