f5d2d2f30a0f50c7ba105d738984a54e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f5d2d2f30a0f50c7ba105d738984a54e_JaffaCakes118
Size

171KB
MD5

f5d2d2f30a0f50c7ba105d738984a54e
SHA1

cb61cef532572e6b413c8d66f32258a64ae29925
SHA256

704c77c974d732545380554bfd03ede3906fcd2d4f9ea69e0d08d7e64f3a65b4
SHA512

8f6b65e23a695b2079f7304f6ebb03a0de76a441673c71323ad4a2780db1889c1d4d607c9d10697d445ba6e41f3820739cebfb79bc832461eedec381d31022c5
SSDEEP

3072:4ciG9UpTmVvF5IZx+nNRbq01n3lIl1Qo+LXrk0Hh+Zzm6GgD9Ri0:4ciGKWFxNRbq01n3lIl1Qo+LXrk0Hh+S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f5d2d2f30a0f50c7ba105d738984a54e_JaffaCakes118

Files

f5d2d2f30a0f50c7ba105d738984a54e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a43f293c8ab2734f819742fd39e395ac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetDC
GetSystemMetrics
CharNextA
GetDesktopWindow
TranslateMessage
GetParent

kernel32

lstrcmpiW
GetStartupInfoA
GetOEMCP
GetCommandLineW
GetVersion
GetTickCount
GetThreadLocale
GetCurrentThreadId
GlobalFindAtomW
IsDebuggerPresent
SetCurrentDirectoryA
MulDiv
QueryPerformanceCounter
RemoveDirectoryA
GetCurrentThread
DeleteFileA
GetProcessHeap
DeleteFileW
GetCommandLineA
lstrcmpA
GetUserDefaultLangID
GetWindowsDirectoryA
GlobalFindAtomA
lstrlenW
GetCurrentProcess
GetModuleHandleA
GetConsoleOutputCP
GetACP
lstrcmpiA
GetCurrentProcessId
CopyFileA
VirtualAlloc
VirtualFree
lstrlenA
GetModuleHandleW
GetDriveTypeA

gdi32

SelectObject
PatBlt
SaveDC
GetClipBox
CreateFontIndirectA
SetMapMode
SetTextAlign
SelectPalette
DeleteObject
LineTo
RectVisible
GetTextMetricsA
SetTextColor
CreatePalette
DeleteDC
GetPixel
CreateSolidBrush
GetDeviceCaps
CreatePen
GetObjectA
RestoreDC
CreateCompatibleDC
SetStretchBltMode
GetStockObject

glu32

gluNurbsCallback

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Xosevfno
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Eundcvua
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a43f293c8ab2734f819742fd39e395ac

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

gdi32

glu32

Sections

.text Size: 10KB - Virtual size: 10KB

Xosevfno Size: 512B - Virtual size: 4KB

.rdata Size: 25KB - Virtual size: 25KB

Eundcvua Size: 512B - Virtual size: 4KB

.data Size: 101KB - Virtual size: 101KB

.rsrc Size: 31KB - Virtual size: 31KB

.text
Size: 10KB - Virtual size: 10KB

Xosevfno
Size: 512B - Virtual size: 4KB

.rdata
Size: 25KB - Virtual size: 25KB

Eundcvua
Size: 512B - Virtual size: 4KB

.data
Size: 101KB - Virtual size: 101KB

.rsrc
Size: 31KB - Virtual size: 31KB