ecf5678810269abed651942513adf891_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ecf5678810269abed651942513adf891_JaffaCakes118
Size

585KB
MD5

ecf5678810269abed651942513adf891
SHA1

a42726eea1da5a7959a71053882735b6ec359058
SHA256

aa0c816f3b6df488dc34c38ba7b5a67ccae03bf74cbeff7aecd2ddbd379f9fe9
SHA512

d14fcf2723fb4b634bbc08ed2c02ac19184ee2e7f21a77b5cf17894a45e50d7a96b63e1f373e5b7e59f99a6a2248db8ce2fe636ebc2ba637a045fc8afeb41ab2
SSDEEP

6144:UywiqUMjAL+M30lJk1RuUG0up391zYPV7EhqZGoz0NYI4vy3nBZ9dJkeQaIsgqKH:UgqRJk1RT4BPEZGoaJkfG3ZNAO9QoqB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ecf5678810269abed651942513adf891_JaffaCakes118

Files

ecf5678810269abed651942513adf891_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7303804eb0bff953d33f677f46c7a01b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\tvt_polo_rnr_svn\tvt8_nova\bin\overinstall.pdb

Imports

user32

GetUserObjectInformationW
GetProcessWindowStation
GetDesktopWindow
MessageBoxA
wsprintfW

shlwapi

SHDeleteKeyW

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

mfc80u

ord6173
ord764
ord3249
ord1176
ord1571
ord631
ord1431
ord2279
ord3925
ord386
ord2340
ord5327
ord6293
ord266
ord757
ord762
ord5316
ord6282
ord1472
ord577
ord293
ord2461
ord2311
ord3990
ord5524
ord774
ord2742
ord2745
ord2271
ord261
ord6167
ord4100
ord2121
ord776
ord280
ord283
ord1197
ord566
ord1476
ord5558
ord899
ord2444
ord287
ord1172

msvcr80

_wtol
wcsncmp
wcsncpy
_wtoi
wcsstr
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
_wtof
memcpy
memset
_wstat64i32
_wfopen
fgetws
fclose
_CxxThrowException
_errno
_wgetenv
_wcsicmp
wprintf
_purecall
__CxxFrameHandler3
strstr
?raw_name@type_info@@QBEPBDXZ
_wctime64
_ftime64
_itow
free
malloc
_vsnprintf
vfprintf
__iob_func
abort
strcmp
realloc
qsort
memchr
memmove
ferror
fread
fwrite
fflush
fopen
_setmode
_fileno
ftell
feof
fseek
fgets
fprintf
_vsnwprintf
_wsplitpath
_vsnprintf_s
_controlfp_s
_invoke_watson
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__winitenv
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ

kernel32

GetLocaleInfoA
GetACP
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedCompareExchange
InterlockedExchange
DeviceIoControl
ConnectNamedPipe
CreateNamedPipeW
OpenEventW
WaitNamedPipeW
SetNamedPipeHandleState
TerminateThread
DisconnectNamedPipe
GetOverlappedResult
WideCharToMultiByte
GetVersionExA
LoadLibraryA
GlobalMemoryStatus
GetCurrentProcessId
QueryPerformanceCounter
GetTickCount
SetEvent
CreateEventW
GetStdHandle
GetFileType
GetVersion
GetCurrentThreadId
CreateThread
ReadFile
WaitForSingleObject
Sleep
FindFirstFileW
GetFileAttributesW
FindClose
GetVersionExW
GetNativeSystemInfo
ExpandEnvironmentStringsW
LoadLibraryW
GetProcAddress
FreeLibrary
TerminateProcess
GetCurrentProcess
GetEnvironmentVariableW
MoveFileExW
CreateDirectoryW
CreateFileW
WriteFile
SetFilePointer
CloseHandle
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
WritePrivateProfileStringW
WritePrivateProfileSectionW
GetModuleFileNameW
GetThreadLocale
GetCommandLineW
GetModuleHandleW
GetTempPathW
DeleteFileW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetLastError
SetLastError

advapi32

RegisterEventSourceA
ReportEventA
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges
DeregisterEventSource
RegQueryMultipleValuesW
RegRestoreKeyW
RegEnumValueW
RegEnumKeyExW
RegSaveKeyW

shell32

SHGetFolderPathW
ord680

Sections

.text
Size: 300KB - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 44KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7303804eb0bff953d33f677f46c7a01b

Headers

File Characteristics

PDB Paths

Imports

user32

shlwapi

msvcp80

mfc80u

msvcr80

kernel32

advapi32

shell32

Sections

.text Size: 300KB - Virtual size: 296KB

.rdata Size: 156KB - Virtual size: 155KB

.data Size: 44KB - Virtual size: 54KB

.rsrc Size: 76KB - Virtual size: 76KB

.text
Size: 300KB - Virtual size: 296KB

.rdata
Size: 156KB - Virtual size: 155KB

.data
Size: 44KB - Virtual size: 54KB

.rsrc
Size: 76KB - Virtual size: 76KB