851ead3334706162bfe2448601e11f06_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

851ead3334706162bfe2448601e11f06_JaffaCakes118
Size

328KB
MD5

851ead3334706162bfe2448601e11f06
SHA1

3c1317547828d1d4bd0ad9c16f6aa89ddc498a2a
SHA256

470eb889b1e35b9fa46965a0148c9c8f09efc80afa9eb901373af620c49eaaa1
SHA512

f5d52fdbd8822ae7ed1d8d63e1deb3a324b14a219fdea10cfbeca19902703c743faac7a1ff5630ffef9e45024b55bcdc08724de3382d006df7ffd4e41c68af58
SSDEEP

3072:4YHf5o+f6oCKevBsEZGgoPIk3yxATOJZqL1asvWjNcg2KT478:t5MKWLPk3aATODqh5u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
851ead3334706162bfe2448601e11f06_JaffaCakes118

Files

851ead3334706162bfe2448601e11f06_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1c5e691f6d106b045d85bd79378dff34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetParent
TranslateMessage
GetSystemMetrics
GetDesktopWindow
CharNextA
GetDC

kernel32

GetProcessHeap
GetTickCount
GetCurrentProcessId
GetCurrentProcess
GetDriveTypeA
GetCurrentThread
GetCurrentThreadId
GetOEMCP
DeleteFileA
SetCurrentDirectoryA
GetVersion
RemoveDirectoryA
GetACP
GetCommandLineW
CopyFileA
lstrcmpA
lstrlenW
lstrcmpiA
GetConsoleOutputCP
QueryPerformanceCounter
lstrlenA
GetThreadLocale
GetUserDefaultLangID
GlobalFindAtomW
GetCommandLineA
lstrcmpiW
GetModuleHandleW
DeleteFileW
GetModuleHandleA
GetStartupInfoA
GlobalFindAtomA
GetWindowsDirectoryA
VirtualAlloc
IsDebuggerPresent
VirtualFree

gdi32

CreatePalette
RectVisible
SetTextAlign
GetPixel
SelectObject
CreatePen
SaveDC
SetMapMode
SelectPalette
RestoreDC
CreateCompatibleDC
GetStockObject
GetClipBox
SetTextColor
GetObjectA
CreateSolidBrush
LineTo
SetStretchBltMode
CreateFontIndirectA
PatBlt
GetDeviceCaps
DeleteDC
GetTextMetricsA
DeleteObject

glu32

gluNurbsCallback

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Gwjcsy R
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Rqqt, Dg
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 188KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1c5e691f6d106b045d85bd79378dff34

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

gdi32

glu32

Sections

.text Size: 11KB - Virtual size: 10KB

Gwjcsy R Size: 512B - Virtual size: 4KB

.rdata Size: 24KB - Virtual size: 24KB

Rqqt, Dg Size: 512B - Virtual size: 4KB

.data Size: 102KB - Virtual size: 102KB

.rsrc Size: 188KB - Virtual size: 216KB

.text
Size: 11KB - Virtual size: 10KB

Gwjcsy R
Size: 512B - Virtual size: 4KB

.rdata
Size: 24KB - Virtual size: 24KB

Rqqt, Dg
Size: 512B - Virtual size: 4KB

.data
Size: 102KB - Virtual size: 102KB

.rsrc
Size: 188KB - Virtual size: 216KB