2600a88e85668c08311dcab1af8a0295_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2600a88e85668c08311dcab1af8a0295_JaffaCakes118
Size

167KB
MD5

2600a88e85668c08311dcab1af8a0295
SHA1

89f32ff4ea21a9c8128fb405f0564faac701585c
SHA256

642488322af941c402355661fe2671d254798a1a53edff961bb47fb1f2533964
SHA512

958e5bd8fd2cddf2884fc074ddf6499e8d80fe0d73e9885d8c76ae48a6cd93dcf34cf615e39a296a8369c015dd59b3d339b9d2d0b80ff62028212c001a56e260
SSDEEP

3072:mp2mknzcZrgy9VcrrCP4zCNHmw3LL/ozUIYZ:k2mACj2g4OVhL/iy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2600a88e85668c08311dcab1af8a0295_JaffaCakes118

Files

2600a88e85668c08311dcab1af8a0295_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8bf5f21072e7c78695742388609b9dfe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetOEMCP
CopyFileA
lstrcmpiW
RemoveDirectoryA
lstrlenA
GetProcessHeap
GetCurrentThread
QueryPerformanceCounter
lstrlenW
IsDebuggerPresent
GetConsoleOutputCP
GetThreadLocale
MulDiv
GetModuleHandleA
GetDriveTypeA
DeleteFileW
GetCurrentProcessId
GetACP
lstrcmpiA
GetCurrentThreadId
GetCurrentProcess
GetCommandLineA
SetCurrentDirectoryA
GetUserDefaultLangID
GetTickCount
GetWindowsDirectoryA
lstrcmpA
GetVersion
GetCommandLineW
GlobalFindAtomW
GetStartupInfoA
GlobalFindAtomA
VirtualAlloc
VirtualFree
GetModuleHandleW

gdi32

GetObjectA
CreatePen
GetTextMetricsA
SetStretchBltMode
GetPixel
LineTo
CreateSolidBrush
CreatePalette
SetTextColor
CreateFontIndirectA
RectVisible
GetStockObject
SelectPalette
SaveDC
SelectObject
SetMapMode
DeleteDC
GetDeviceCaps
RestoreDC
GetClipBox
DeleteObject
CreateCompatibleDC
PatBlt
SetTextAlign

user32

TranslateMessage
GetDC
GetSystemMetrics
CharNextA
GetParent
GetDesktopWindow

glu32

gluNurbsCallback

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Vqfyucxq
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Ibqumuku
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8bf5f21072e7c78695742388609b9dfe

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

user32

glu32

Sections

.text Size: 11KB - Virtual size: 11KB

Vqfyucxq Size: 512B - Virtual size: 4KB

.rdata Size: 25KB - Virtual size: 24KB

Ibqumuku Size: 512B - Virtual size: 4KB

.data Size: 102KB - Virtual size: 102KB

.rsrc Size: 26KB - Virtual size: 26KB

.text
Size: 11KB - Virtual size: 11KB

Vqfyucxq
Size: 512B - Virtual size: 4KB

.rdata
Size: 25KB - Virtual size: 24KB

Ibqumuku
Size: 512B - Virtual size: 4KB

.data
Size: 102KB - Virtual size: 102KB

.rsrc
Size: 26KB - Virtual size: 26KB