471f9eafdb7bae3f1e8120c176d83625_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

471f9eafdb7bae3f1e8120c176d83625_JaffaCakes118
Size

164KB
MD5

471f9eafdb7bae3f1e8120c176d83625
SHA1

ebb7ce3479b428f62886cebd2d2ccf687ce0268b
SHA256

17243aa973db2d0e57211c7fcc12c0cb03d7b73dfcf3b3a7f330ce74c6d2c659
SHA512

2641dc7593b59181496b4452e894b7121ba68d6a7016e2d144f20783d086f11b322546949c66d22e0885e4da4fc3882e4d15bd812720d8eec27ee54ec95c5797
SSDEEP

1536:o42v0RnECK6u8bMwi6z7v5xSUoyveWBb4Y24DyHw4MXW4TlK2fF6kDH31fb0aVqV:xEC6wLB9oKlInwE4BDHlgNkmrE8Nh9r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
471f9eafdb7bae3f1e8120c176d83625_JaffaCakes118

Files

471f9eafdb7bae3f1e8120c176d83625_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ff213d4d09d4cd81b84721c84afd5822

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

TranslateMessage
GetDC
GetSystemMetrics
GetDesktopWindow
CharNextA
GetParent

gdi32

SetTextAlign
CreateSolidBrush
SelectPalette
GetTextMetricsA
CreateCompatibleDC
SetTextColor
SaveDC
PatBlt
GetStockObject
LineTo
DeleteDC
GetObjectA
GetPixel
DeleteObject
RectVisible
CreateFontIndirectA
SetStretchBltMode
GetClipBox
CreatePen
GetDeviceCaps
SetMapMode
CreatePalette
RestoreDC
SelectObject

kernel32

lstrlenW
lstrcmpA
GetVersion
lstrcmpiA
GetCommandLineA
GetTickCount
DeleteFileW
GetProcessHeap
GetDriveTypeA
MulDiv
GetModuleHandleA
GlobalFindAtomA
DeleteFileA
GetModuleHandleW
GetCurrentThreadId
GetCurrentProcess
GetThreadLocale
RemoveDirectoryA
GetCommandLineW
SetCurrentDirectoryA
lstrcmpiW
GlobalFindAtomW
GetCurrentThread
GetWindowsDirectoryA
CopyFileA
GetACP
GetStartupInfoA
IsDebuggerPresent
GetCurrentProcessId
GetConsoleOutputCP
GetUserDefaultLangID
VirtualAlloc
VirtualFree
lstrlenA
GetOEMCP
QueryPerformanceCounter

glu32

gluNurbsCallback

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Kxeosa G
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Hlvmelph
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff213d4d09d4cd81b84721c84afd5822

Headers

DLL Characteristics

File Characteristics

Imports

user32

gdi32

kernel32

glu32

Sections

.text Size: 10KB - Virtual size: 9KB

Kxeosa G Size: 512B - Virtual size: 4KB

.rdata Size: 26KB - Virtual size: 25KB

Hlvmelph Size: 512B - Virtual size: 4KB

.data Size: 99KB - Virtual size: 98KB

.rsrc Size: 27KB - Virtual size: 27KB

.text
Size: 10KB - Virtual size: 9KB

Kxeosa G
Size: 512B - Virtual size: 4KB

.rdata
Size: 26KB - Virtual size: 25KB

Hlvmelph
Size: 512B - Virtual size: 4KB

.data
Size: 99KB - Virtual size: 98KB

.rsrc
Size: 27KB - Virtual size: 27KB