a01946a3850d20bf9e3043bd290e9d61_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a01946a3850d20bf9e3043bd290e9d61_JaffaCakes118
Size

169KB
MD5

a01946a3850d20bf9e3043bd290e9d61
SHA1

0224a0eaa00e6d8249e4b999d7c12d52e5bce2ea
SHA256

565da8a78d086ebed50d32e22caa091711c36abb48179b44ff545feb9f1c57af
SHA512

5d729ab8101d5d6b77df950e3a085b6f136a4a2f9483cb7550451b306d11a18c5c05c249c8552c2ac56f9ffaac88e6afd1d7625b3213e56a63aeed3948ecb76c
SSDEEP

3072:+SKTkDvbULaTWr1HZsmmxyF+/GC3QSohrZRlObP:+SKnH15+DsMbP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a01946a3850d20bf9e3043bd290e9d61_JaffaCakes118

Files

a01946a3850d20bf9e3043bd290e9d61_JaffaCakes118
.exe windows:4 windows x86 arch:x86

61a78b383cae314bab144c94c3cb1e08

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineW
DeleteFileW
QueryPerformanceCounter
SetCurrentDirectoryA
GetModuleHandleA
GetConsoleOutputCP
IsDebuggerPresent
MulDiv
GetTickCount
GetCommandLineA
GetWindowsDirectoryA
GetCurrentThreadId
GetThreadLocale
lstrlenA
lstrcmpA
GetCurrentThread
GlobalFindAtomW
GetProcessHeap
GetCurrentProcessId
GetModuleHandleW
GetACP
lstrlenW
GetUserDefaultLangID
GetDriveTypeA
RemoveDirectoryA
VirtualAlloc
GlobalFindAtomA
GetVersion
VirtualFree
GetOEMCP
GetStartupInfoA
lstrcmpiA
lstrcmpiW
GetCurrentProcess
CopyFileA
DeleteFileA

user32

GetDC
GetDesktopWindow
GetParent
GetSystemMetrics
CharNextA
TranslateMessage

gdi32

CreateCompatibleDC
SetStretchBltMode
SaveDC
CreateSolidBrush
SetMapMode
GetStockObject
PatBlt
LineTo
RestoreDC
GetTextMetricsA
GetClipBox
SelectObject
CreateFontIndirectA
GetPixel
SelectPalette
RectVisible
SetTextColor
CreatePalette
DeleteObject
CreatePen
SetTextAlign
GetDeviceCaps
DeleteDC
GetObjectA

glu32

gluNurbsCallback

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Tihxp Gp
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Laemrdaf
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61a78b383cae314bab144c94c3cb1e08

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

glu32

Sections

.text Size: 12KB - Virtual size: 11KB

Tihxp Gp Size: 512B - Virtual size: 4KB

.rdata Size: 24KB - Virtual size: 24KB

Laemrdaf Size: 512B - Virtual size: 4KB

.data Size: 101KB - Virtual size: 100KB

.rsrc Size: 29KB - Virtual size: 29KB

.text
Size: 12KB - Virtual size: 11KB

Tihxp Gp
Size: 512B - Virtual size: 4KB

.rdata
Size: 24KB - Virtual size: 24KB

Laemrdaf
Size: 512B - Virtual size: 4KB

.data
Size: 101KB - Virtual size: 100KB

.rsrc
Size: 29KB - Virtual size: 29KB