f76ca61b818e0acc2339ec788ba770a3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f76ca61b818e0acc2339ec788ba770a3_JaffaCakes118
Size

33KB
MD5

f76ca61b818e0acc2339ec788ba770a3
SHA1

add1e5361c47d50845d68b913e19cd0733609f29
SHA256

27be64590edb0e23a4a873d9f4b54d2572debc86ea282b3ea0b5d78f58ebbd8e
SHA512

d5909bc2ce461b81e763bb9fb93d0e2caa3e63cc1c7c078b3252464b5646a5c01e94e77817515745a5146eec4052b268b65f031d7141faed5a9ac2ad5c647f09
SSDEEP

768:BWlek59EqwtxCwjf2nUKu3jUpOkUMpO2Et1LKzV2:tk59tJQ2noqOCl2ezV2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f76ca61b818e0acc2339ec788ba770a3_JaffaCakes118

Files

f76ca61b818e0acc2339ec788ba770a3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b7c7ec851b2a4a6d4281ffa2a503c290

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\Administrator\Desktop\MFC\Release\DHLDAT.pdb

Imports

mfc90

ord3278
ord5786
ord979
ord6361
ord3222
ord6359
ord3221
ord5323
ord3225
ord4539
ord4716
ord5436
ord5432
ord2855
ord2079
ord2445
ord5339
ord4970
ord1700
ord5433
ord5601
ord798
ord450
ord3842
ord778
ord787
ord4673
ord2139
ord4684
ord5641
ord2071
ord4417
ord2647
ord978
ord6362
ord6360
ord3224
ord4717
ord5437
ord5434
ord2080
ord1734
ord4112
ord5602
ord4437
ord585
ord576
ord451
ord2189
ord2341
ord2340
ord6318
ord4706
ord4000
ord4956
ord4950
ord4696
ord589
ord3659
ord4667
ord4890
ord3110
ord6001
ord5646
ord5663
ord4981
ord4333
ord2447
ord5659
ord5657
ord3209
ord2087
ord4199
ord5813
ord6721
ord5533
ord1046
ord4165
ord6018
ord2206
ord2251
ord4733
ord6781
ord4159
ord6783
ord4409
ord4434
ord793
ord374
ord3506
ord4668
ord5608
ord3218
ord6356
ord3346
ord5636
ord2074
ord5585
ord1496
ord4331
ord6388
ord3344
ord1678
ord1809
ord1810
ord2208
ord4993
ord5309
ord5152
ord4617
ord5615
ord639
ord3987
ord4029
ord4875
ord4878
ord4882
ord6584
ord617
ord5658
ord5552
ord341
ord994
ord457
ord4427
ord6462
ord1098
ord1182
ord3792
ord3991
ord2646
ord5430
ord388
ord4670
ord4891
ord6533
ord6419
ord3030
ord3331
ord4627
ord2090
ord5156
ord5270
ord4663
ord5928
ord3004
ord5844
ord1466
ord6027
ord5589
ord2239
ord2204
ord6742
ord2862
ord2854
ord4979
ord650
ord5122
ord3935
ord4028
ord4880
ord4881
ord588
ord4679
ord1445
ord3670
ord5647
ord5584
ord4364
ord5279
ord5282
ord4786
ord4791
ord4788
ord4806
ord4808
ord4793
ord5195
ord5005
ord4585
ord4576
ord5403
ord5209
ord4851
ord792
ord5607
ord2232
ord266
ord265
ord6391
ord1755
ord1752
ord4330
ord1497
ord4650
ord5581
ord2070
ord5497
ord6780
ord4589
ord5640
ord2369
ord1384
ord3732
ord5139
ord4683
ord1729
ord6446
ord5668
ord5666
ord958
ord963
ord967
ord965
ord969
ord2610
ord2630
ord2614
ord2620
ord2618
ord2616
ord2633
ord2628
ord2612
ord2635
ord2623
ord2605
ord2607
ord2625
ord2375
ord2368
ord1644
ord6784
ord4160
ord6782
ord3671
ord5389
ord6355
ord3217
ord1446
ord2138
ord1792
ord1791
ord1728
ord5633
ord2766
ord2978
ord3107
ord4714
ord2961
ord3135
ord2769
ord2888
ord2759
ord4066
ord4067
ord4057
ord2886
ord4334
ord4895
ord2645
ord4416
ord4886
ord1684
ord4671
ord670
ord3999
ord3841
ord4688
ord947
ord800

msvcr90

__dllonexit
_unlock
strlen
malloc
free
realloc
memset
memcpy
_stricmp
_encode_pointer
_controlfp_s
_invoke_watson
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
__CxxFrameHandler3

kernel32

VirtualProtect
VirtualFree
GetProcAddress
LoadLibraryA
IsBadReadPtr
HeapFree
GetProcessHeap
FreeLibrary
HeapAlloc
CloseHandle
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
GetFileSize
ReadFile
Sleep
CreateFileA
WriteFile
VirtualAlloc

user32

EnableWindow
UpdateWindow

oleaut32

SysFreeString

ws2_32

WSAStartup

imagehlp

MakeSureDirectoryPathExists

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle
InternetReadFile

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7c7ec851b2a4a6d4281ffa2a503c290

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc90

msvcr90

kernel32

user32

oleaut32

ws2_32

imagehlp

wininet

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 10KB - Virtual size: 9KB

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 10KB - Virtual size: 9KB