42f264e4b8e84879ead13ebe485b8b65_JaffaCakes118

General

Target

42f264e4b8e84879ead13ebe485b8b65_JaffaCakes118
Size

166KB
MD5

42f264e4b8e84879ead13ebe485b8b65
SHA1

01a868c4933b79b951815911880a5de9c85a6413
SHA256

68f6b68933a6eb67d3a9cfe2a0c481b8500928c89e7802c50cc64fc8bf489b23
SHA512

ed27a4002c20119d08e5090e0a75c03ad186414ad04b27360bbf6efaf78e6c7773bdc5af9f5a96328915d6bdc6f770c8252339d3c5dc033fd9b36eefba650d0c
SSDEEP

3072:H9zbmSqKONdyH1utDkHDLOlSvMkORFnjZPtsqr6DL:H9t28VeE1OnjZPtst

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42f264e4b8e84879ead13ebe485b8b65_JaffaCakes118

Files

42f264e4b8e84879ead13ebe485b8b65_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fbecf7f87362d9cb06a87d3f0551ec7f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetDC
GetSystemMetrics
GetDesktopWindow
CharNextA
GetParent
TranslateMessage

gdi32

DeleteObject
RestoreDC
SelectPalette
SetTextAlign
GetClipBox
SetTextColor
GetObjectA
SetStretchBltMode
SelectObject
CreatePalette
SetMapMode
GetStockObject
GetPixel
CreateCompatibleDC
DeleteDC
CreatePen
GetDeviceCaps
LineTo
CreateSolidBrush
GetTextMetricsA
RectVisible
SaveDC
CreateFontIndirectA
PatBlt

kernel32

GlobalFindAtomW
GetDriveTypeA
DeleteFileW
lstrlenW
SetCurrentDirectoryA
DeleteFileA
lstrlenA
GlobalFindAtomA
GetOEMCP
GetCommandLineA
VirtualAlloc
CopyFileA
GetTickCount
VirtualFree
GetCommandLineW
GetCurrentThreadId
GetModuleHandleW
IsDebuggerPresent
GetCurrentThread
GetCurrentProcessId
MulDiv
GetCurrentProcess
GetACP
RemoveDirectoryA
GetThreadLocale
GetUserDefaultLangID
GetWindowsDirectoryA
GetStartupInfoA
lstrcmpiA
GetConsoleOutputCP
GetModuleHandleA
lstrcmpiW
GetProcessHeap
QueryPerformanceCounter

glu32

gluNurbsCallback

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Kasbpyqn
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Ntysftti
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fbecf7f87362d9cb06a87d3f0551ec7f

Headers

File Characteristics

Imports

user32

gdi32

kernel32

glu32

Sections

.text Size: 10KB - Virtual size: 10KB

Kasbpyqn Size: 512B - Virtual size: 4KB

.rdata Size: 25KB - Virtual size: 25KB

Ntysftti Size: 512B - Virtual size: 4KB

.data Size: 100KB - Virtual size: 99KB

.rsrc Size: 28KB - Virtual size: 28KB

.text
Size: 10KB - Virtual size: 10KB

Kasbpyqn
Size: 512B - Virtual size: 4KB

.rdata
Size: 25KB - Virtual size: 25KB

Ntysftti
Size: 512B - Virtual size: 4KB

.data
Size: 100KB - Virtual size: 99KB

.rsrc
Size: 28KB - Virtual size: 28KB