6a43af50be4351d5030c39405d3d7909_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6a43af50be4351d5030c39405d3d7909_JaffaCakes118
Size

168KB
MD5

6a43af50be4351d5030c39405d3d7909
SHA1

c91905cd6aa9554304bc94f161970ac6f35ba17f
SHA256

b475880dda5a2c3352dd821de6a563ee866ebc568a55128c1cc23470af31cbb9
SHA512

7c3d09af8f1b489866833673724897d708816c49a8d00952184e602a015737ee8fbf1daa7d0b1f348e2569dea8d3d2368ed57918b30b3aa0c49a820ca6b558ca
SSDEEP

3072:D8UqbNh30jEmTNx2SNPggz72Sj7/++LW/:D8UokjNZhRgHSX0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a43af50be4351d5030c39405d3d7909_JaffaCakes118

Files

6a43af50be4351d5030c39405d3d7909_JaffaCakes118
.exe windows:4 windows x86 arch:x86

802481e8ae994de034084ca7532a9973

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
DeleteFileW
MulDiv
GetCurrentProcess
GetStartupInfoA
GetModuleHandleA
lstrcmpiW
GlobalFindAtomW
SetCurrentDirectoryA
DeleteFileA
GetCurrentThread
GetTickCount
GetVersion
GetCommandLineA
GlobalFindAtomA
GetConsoleOutputCP
lstrcmpiA
GetCurrentThreadId
GetDriveTypeA
GetUserDefaultLangID
QueryPerformanceCounter
GetThreadLocale
lstrcmpA
GetWindowsDirectoryA
GetProcessHeap
GetCurrentProcessId
GetOEMCP
RemoveDirectoryA
CopyFileA
IsDebuggerPresent
lstrlenA
GetCommandLineW
GetACP
VirtualAlloc
VirtualFree
lstrlenW

gdi32

SelectPalette
CreatePalette
RestoreDC
CreateFontIndirectA
SetTextColor
DeleteObject
SetMapMode
SetTextAlign
DeleteDC
GetClipBox
PatBlt
GetStockObject
GetPixel
GetTextMetricsA
GetDeviceCaps
SetStretchBltMode
RectVisible
GetObjectA
CreateSolidBrush
SaveDC
SelectObject
CreatePen
CreateCompatibleDC
LineTo

user32

GetDC
CharNextA
GetParent
TranslateMessage
GetSystemMetrics
GetDesktopWindow

glu32

gluNurbsCallback

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Hwrx Qek
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Cvdb, Hm
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

802481e8ae994de034084ca7532a9973

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

user32

glu32

Sections

.text Size: 11KB - Virtual size: 10KB

Hwrx Qek Size: 512B - Virtual size: 4KB

.rdata Size: 25KB - Virtual size: 24KB

Cvdb, Hm Size: 512B - Virtual size: 4KB

.data Size: 102KB - Virtual size: 101KB

.rsrc Size: 28KB - Virtual size: 27KB

.text
Size: 11KB - Virtual size: 10KB

Hwrx Qek
Size: 512B - Virtual size: 4KB

.rdata
Size: 25KB - Virtual size: 24KB

Cvdb, Hm
Size: 512B - Virtual size: 4KB

.data
Size: 102KB - Virtual size: 101KB

.rsrc
Size: 28KB - Virtual size: 27KB