84c1b7ffff191571e3b8a6262d46a3b4_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

84c1b7ffff191571e3b8a6262d46a3b4_JaffaCakes118
Size

166KB
MD5

84c1b7ffff191571e3b8a6262d46a3b4
SHA1

71ddb8c51d4b10cdbbd96c54ec663e788532a895
SHA256

2e57e573c4b1b11c51db3a543631d1c78f7d082f07a339f7ed6dbc36bc336399
SHA512

2d8181ff72fb1054d2369b9aa79afb8b9e9b79a378625bfdcc5235725cf06acab0fb164c245c106a2dd3787a71c11bc6112f782f6bbf13b0a15fc98219e80ba3
SSDEEP

3072:PEzQGshkmCfQ7HS6ZUlZtVHfMqBJFXPExMtua:PEzWQQPU9VHkqBJFXPEx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
84c1b7ffff191571e3b8a6262d46a3b4_JaffaCakes118

Files

84c1b7ffff191571e3b8a6262d46a3b4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1599f1c5c78680fd1b9b5cd09302879a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileW
GetDriveTypeA
GetModuleHandleA
GlobalFindAtomW
CopyFileA
lstrcmpA
GetProcessHeap
GetOEMCP
VirtualAlloc
GetVersion
lstrlenW
GetUserDefaultLangID
DeleteFileA
lstrlenA
RemoveDirectoryA
VirtualFree
GetModuleHandleW
GetCurrentThread
GetCommandLineA
GetThreadLocale
QueryPerformanceCounter
GlobalFindAtomA
GetTickCount
GetACP
GetCurrentThreadId
GetStartupInfoA
MulDiv
GetCurrentProcessId
GetWindowsDirectoryA
GetConsoleOutputCP
lstrcmpiA
GetCommandLineW
SetCurrentDirectoryA
lstrcmpiW
IsDebuggerPresent
GetCurrentProcess

gdi32

CreatePen
GetStockObject
CreateCompatibleDC
LineTo
GetDeviceCaps
RestoreDC
SetTextColor
DeleteObject
SetMapMode
GetTextMetricsA
DeleteDC
GetClipBox
GetObjectA
SetStretchBltMode
SaveDC
CreatePalette
SelectObject
PatBlt
SetTextAlign
GetPixel
RectVisible
SelectPalette
CreateFontIndirectA
CreateSolidBrush

user32

GetDC
CharNextA
GetSystemMetrics
TranslateMessage
GetParent
GetDesktopWindow

glu32

gluNurbsCallback

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Idefurvx
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Dtigtsqy
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1599f1c5c78680fd1b9b5cd09302879a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

user32

glu32

Sections

.text Size: 12KB - Virtual size: 12KB

Idefurvx Size: 512B - Virtual size: 4KB

.rdata Size: 25KB - Virtual size: 25KB

Dtigtsqy Size: 512B - Virtual size: 4KB

.data Size: 100KB - Virtual size: 100KB

.rsrc Size: 26KB - Virtual size: 25KB

.text
Size: 12KB - Virtual size: 12KB

Idefurvx
Size: 512B - Virtual size: 4KB

.rdata
Size: 25KB - Virtual size: 25KB

Dtigtsqy
Size: 512B - Virtual size: 4KB

.data
Size: 100KB - Virtual size: 100KB

.rsrc
Size: 26KB - Virtual size: 25KB