1442a43bc694054e0a2bb10f2fbb6433_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1442a43bc694054e0a2bb10f2fbb6433_JaffaCakes118
Size

128KB
MD5

1442a43bc694054e0a2bb10f2fbb6433
SHA1

5c8c5a66b737c718e0b1a429a14361ab81bf93b8
SHA256

1e40b36bb087f047329074a4592f0221151cc1eb3da04166e13a03c4667fd9d9
SHA512

c381a47600136ac345ba6fc8a0ceb5e45bdae6c0e87da0eddbe3edd20a6f810354e9a816bedb23ac059865005bf900745fbc75e888e33951f57ad894d1e0fb87
SSDEEP

3072:04HrIYgll5yrtEyyO4mBlcq1RB0YYYYgGeg2VVIl:0QrJg35qyOpByq1RBLGqVVIl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1442a43bc694054e0a2bb10f2fbb6433_JaffaCakes118

Files

1442a43bc694054e0a2bb10f2fbb6433_JaffaCakes118
.exe windows:5 windows x86 arch:x86

47f69fdd9a36b62deef6d98d65d6c17d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\trunk_code_for_safecenter\Rhino\Safe\Bin\Win32\release\pdb\2345SafeUpdate.pdb

Imports

imm32

ImmDisableIME

kernel32

CreateMutexW
GetLastError
CloseHandle
InterlockedIncrement
InterlockedDecrement
HeapFree
GetProcessHeap
GetModuleFileNameW
GetCurrentProcessId
InterlockedExchangeAdd
ReleaseMutex
GetModuleHandleExW
GetLocalTime
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
ReadFile
WriteFile
SetFilePointer
GetFileSize
lstrlenW
GetFileAttributesW
CreateDirectoryW
GetFullPathNameW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
FindClose
GetProcAddress
FreeLibrary
GetModuleHandleW
LoadLibraryW
WideCharToMultiByte
MultiByteToWideChar
WaitForSingleObject
SetEvent
CreateEventW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
HeapAlloc
GetCurrentThreadId
LocalFree
FindFirstFileW
CreateFileW
GetFileAttributesExW

msvcp120

?_Syserror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Winerror_map@std@@YAPBDH@Z

msvcr120

towupper
_controlfp_s
strstr
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
??1type_info@@UAE@XZ
_XcptFilter
__crtGetShowWindowMode
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
_wcmdln
_fmode
_commode
atoi
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
__CxxFrameHandler3
??_V@YAXPAX@Z
towlower
wcschr
?name@type_info@@QBEPBDPAU__type_info_node@@@Z
??2@YAPAXI@Z
??3@YAXPAX@Z
_purecall
memmove
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_except_handler4_common
?terminate@@YAXXZ
__crtSetUnhandledExceptionFilter
_invoke_watson
_vsnwprintf
memcpy
memset
_CxxThrowException
_except1

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

47f69fdd9a36b62deef6d98d65d6c17d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

imm32

kernel32

msvcp120

msvcr120

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 5KB - Virtual size: 5KB