e18fe4724237548a70a7b093bc94dd15_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e18fe4724237548a70a7b093bc94dd15_JaffaCakes118
Size

168KB
MD5

e18fe4724237548a70a7b093bc94dd15
SHA1

6296ca2c423109461a73d19e6ec0cc24eb1019d7
SHA256

9797a2e3cf55acbb0f5eb5f11bbc9f2570fd5f416fd3e989350a2aef5386171a
SHA512

6bcdc32e5b7c4149edbc5b49fddc4f31b48c61bbbb5386c871523521f8d1bc393b6bd066b90b0c341eb9636db21569885cee0afad6c9e8c9bf5a7b47ad7d3cd4
SSDEEP

3072:BtqylDhGSn5pS2bQEGvGffCuLHhihur54VxA2c:BtqMDQ1vGyuDh4V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e18fe4724237548a70a7b093bc94dd15_JaffaCakes118

Files

e18fe4724237548a70a7b093bc94dd15_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fcd399aff7a4a2c44d78f1f33660db32

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpA
MulDiv
GetProcessHeap
GetOEMCP
IsDebuggerPresent
GlobalFindAtomA
GetUserDefaultLangID
lstrcmpiW
GetCurrentThread
GetWindowsDirectoryA
lstrlenA
SetCurrentDirectoryA
GetCommandLineA
GetCommandLineW
DeleteFileW
QueryPerformanceCounter
GetCurrentProcess
GetModuleHandleA
DeleteFileA
GetStartupInfoA
GetCurrentProcessId
GetConsoleOutputCP
RemoveDirectoryA
GetCurrentThreadId
lstrcmpiA
GetVersion
GetDriveTypeA
GetTickCount
GetACP
lstrlenW
GetModuleHandleW
CopyFileA
GlobalFindAtomW
VirtualAlloc
VirtualFree

gdi32

RectVisible
GetDeviceCaps
GetPixel
SetStretchBltMode
SetTextAlign
RestoreDC
GetObjectA
GetClipBox
DeleteObject
SetMapMode
CreateSolidBrush
LineTo
DeleteDC
CreatePalette
CreateFontIndirectA
SaveDC
SelectObject
PatBlt
SetTextColor
CreatePen
GetTextMetricsA
SelectPalette
GetStockObject
CreateCompatibleDC

user32

TranslateMessage
GetDC
GetParent
GetSystemMetrics
GetDesktopWindow
CharNextA

glu32

gluNurbsCallback

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Riscqhqr
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Htjyp Af
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fcd399aff7a4a2c44d78f1f33660db32

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

user32

glu32

Sections

.text Size: 10KB - Virtual size: 10KB

Riscqhqr Size: 512B - Virtual size: 4KB

.rdata Size: 25KB - Virtual size: 25KB

Htjyp Af Size: 512B - Virtual size: 4KB

.data Size: 100KB - Virtual size: 99KB

.rsrc Size: 30KB - Virtual size: 29KB

.text
Size: 10KB - Virtual size: 10KB

Riscqhqr
Size: 512B - Virtual size: 4KB

.rdata
Size: 25KB - Virtual size: 25KB

Htjyp Af
Size: 512B - Virtual size: 4KB

.data
Size: 100KB - Virtual size: 99KB

.rsrc
Size: 30KB - Virtual size: 29KB