f64d652c6b5edf39c09043ba8236197d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f64d652c6b5edf39c09043ba8236197d_JaffaCakes118
Size

40KB
MD5

f64d652c6b5edf39c09043ba8236197d
SHA1

bc80160be4c33eb0dd04f5b9098f0df9677d246b
SHA256

b0e806eee6afe46b4f973b27100f1053b2e2953c4f4c7ed98ee3da62dd109880
SHA512

3f5abea1c3df4842dd5aa59763e25a6474238f37be8fa7b05c65738cbf530368caec5898203bddc10b0a084fc069f82995da2ea45d2ca876f87821beaac79ef4
SSDEEP

768:QpkcWNex1AtqsVOBR+7X8NVKHNkOYecxdOHvhN+:Qpkq3/E7XgKH1DgdYvhN+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f64d652c6b5edf39c09043ba8236197d_JaffaCakes118

Files

f64d652c6b5edf39c09043ba8236197d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4d0543df756f742bc40f790dc7fe0e5e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\New_CT_Build\CT_Build_201\nm2000\craftTerminal\src\Cmnt\MarbenOSIAM\Tp4TestClient\Release\Tp4TestClient.pdb

Imports

marbenosiam

??0MarbenStackImpl@tp4@@QAE@HABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1MarbenStackImpl@tp4@@UAE@XZ

msvcp71

?width@ios_base@std@@QAEHH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?eof@?$char_traits@D@std@@SAHXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?width@ios_base@std@@QBEHXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?flags@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
?uncaught_exception@std@@YA_NXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?ends@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?setf@ios_base@std@@QAEHHH@Z
?setf@ios_base@std@@QAEHH@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEDD@Z
?_Nomemory@std@@YAXXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcr71

__security_error_handler
_c_exit
_exit
_XcptFilter
_cexit
__p___initenv
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__dllonexit
_onexit
?terminate@@YAXXZ
_controlfp
??1type_info@@UAE@XZ
_callnewh
malloc
_vsnprintf
strtol
_beginthreadex
_except_handler3
memmove
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_CxxThrowException
time
ctime
exit
??0exception@@QAE@ABV0@@Z
_purecall
??3@YAXPAX@Z
__CxxFrameHandler

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
CreateEventA
RaiseException
GetCurrentThreadId
CloseHandle
SuspendThread
ResumeThread
WaitForSingleObject
GetExitCodeThread
TerminateThread
Sleep
GetTickCount
SetEvent
ResetEvent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
GetModuleHandleA
QueryPerformanceCounter
GetLastError

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4d0543df756f742bc40f790dc7fe0e5e

Headers

File Characteristics

PDB Paths

Imports

marbenosiam

msvcp71

msvcr71

kernel32

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 600B

�� Size: 92KB - Virtual size: 92KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 600B

��
Size: 92KB - Virtual size: 92KB