2864d1f64ee006bb1f294db92480d8d5_JaffaCakes118

General

Target

2864d1f64ee006bb1f294db92480d8d5_JaffaCakes118
Size

115KB
MD5

2864d1f64ee006bb1f294db92480d8d5
SHA1

e335f1cc6e32982afc0dba399d864c5c3b8b16c4
SHA256

a0f167715993a02213f4d34225b081ba8136c64480a131cb19e329fd8d8c99cf
SHA512

130dc0c8cea288f2dab257cfe5f692e75eda8f67d20fc1930b73c8e00a29bfb33f103e2843ec656f706d58cf793fd776083c078d00dbc3fdbd2a848c5cdffb09
SSDEEP

1536:SRYp+UkM8Z6Oo8Yr5MdJaYlJZVPdHWt6FTIcgYFjSOofOKK:IX7M8ro8AIJZVNlvAOofOK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2864d1f64ee006bb1f294db92480d8d5_JaffaCakes118

Files

2864d1f64ee006bb1f294db92480d8d5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

03d693cdd0d43d1430ca6b7b7955e74a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetThreadLocale
GetCurrentProcessId
DeleteFileW
GlobalFindAtomA
lstrcmpiW
GlobalFindAtomW
MulDiv
GetUserDefaultLangID
RemoveDirectoryA
GetModuleHandleA
GetOEMCP
GetCurrentProcess
GetTickCount
lstrcmpA
GetACP
GetProcessHeap
VirtualAlloc
GetModuleHandleW
GetConsoleOutputCP
lstrlenA
VirtualFree
CopyFileA
GetCurrentThread
lstrcmpiA
SetCurrentDirectoryA
GetCommandLineW
lstrlenW
GetCurrentThreadId
GetCommandLineA
GetStartupInfoA
QueryPerformanceCounter
GetVersion
GetDriveTypeA
IsDebuggerPresent
RemoveDirectoryW
GetWindowsDirectoryA
DeleteFileA

user32

TranslateMessage
CharNextA
GetDesktopWindow
GetSystemMetrics
GetParent

gdi32

SetTextAlign
LineTo
CreateCompatibleDC
SaveDC
GetClipBox
CreateFontIndirectA
SetMapMode
GetObjectA
PatBlt
DeleteDC
GetDeviceCaps
DeleteObject
CreateSolidBrush
GetTextMetricsA
CreatePalette
SetStretchBltMode
GetPixel
SelectPalette
SetTextColor
GetStockObject
SelectObject
RestoreDC
RectVisible
CreatePen
SetPixel

glu32

gluQuadricCallback

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03d693cdd0d43d1430ca6b7b7955e74a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

glu32

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 80KB - Virtual size: 79KB

.rsrc Size: 14KB - Virtual size: 14KB

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 80KB - Virtual size: 79KB

.rsrc
Size: 14KB - Virtual size: 14KB