5cfe44047a642f4d8d9be5d3cc80f287_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5cfe44047a642f4d8d9be5d3cc80f287_JaffaCakes118
Size

15.5MB
MD5

5cfe44047a642f4d8d9be5d3cc80f287
SHA1

68f9d0f88b8acf9f9da077b7fcdf27c99ca4318c
SHA256

2edb8524c5ee250805c24bed588508ec8aa2a4d27c9ccb5f736660bcd261a22b
SHA512

41d8cbb1689ea22483ad241b19bb7f42f657ed6de6a0041a3dc74ca87e964747f870cbf6991389fd849d0d160d0493dd551c7da3d3447d09cc102ea2150e63e3
SSDEEP

98304:nnS5FGKvRdsrNC5ngmXT9rEHmbRmMaS4OW4DEWtrVtS:EGfCgmXT9IHmxRWYz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5cfe44047a642f4d8d9be5d3cc80f287_JaffaCakes118

Files

5cfe44047a642f4d8d9be5d3cc80f287_JaffaCakes118
.dll windows:4 windows x64 arch:x64

9162b2951fc5e438828ae77cc25f7a8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\jenkins_source_v2\workspace\TRR_TRUNK\label\Win64_Vc6\engn_src\trunk\core_engn\build\win\bin\x64\release\heurscan.pdb

Imports

kernel32

WideCharToMultiByte
FileTimeToSystemTime
QueryPerformanceCounter
CloseHandle
LocalFree
TerminateProcess
GetExitCodeProcess
OpenProcess
GetLastError
GetSystemDirectoryA
FindClose
FindNextFileA
MoveFileExA
DeleteFileA
GetFileAttributesA
FindFirstFileA
SetFileAttributesA
RemoveDirectoryA
CreateDirectoryA
GetShortPathNameA
Sleep
GetLogicalDriveStringsA
Thread32Next
SuspendThread
OpenThread
Thread32First
CreateToolhelp32Snapshot
GetWindowsDirectoryA
FindNextFileW
RemoveDirectoryW
SetFileAttributesW
CreateDirectoryW
FindFirstFileW
GetLogicalDriveStringsW
GetLongPathNameA
GetFileAttributesW
GetSystemTime
GetFileTime
CreateFileA
GetDriveTypeA
GetVolumeInformationA
GetTempPathA
GetComputerNameA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
RtlLookupFunctionEntry
RtlCaptureContext
DisableThreadLibraryCalls
__C_specific_handler
RtlVirtualUnwind

user32

wsprintfW
CharUpperBuffA

ole32

CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize

oleaut32

VariantInit
VariantClear

platform.qvd

ord1
ord5
ord7
ord6
ord44
ord12
ord25
ord26
ord24
ord27
ord19
ord18
ord8
ord23
ord2
ord43
ord13

msvcrt

_strupr
_stricmp
_strcmpi
?terminate@@YAXXZ
_strlwr
memset
memcpy
strncpy
sprintf
strstr
printf
_snprintf
strncmp
strrchr
memcmp
remove
strtok
strchr
atoi
_wrename
__CxxFrameHandler
wcsncpy
strncat
strtoul
memmove
toupper
isalnum
isalpha
time
isupper
_initterm
free
malloc
_access
_CxxThrowException
??3@YAXPEAX@Z
??1type_info@@UEAA@XZ
atol
_strnicmp

Exports

Exports

GetRealTypeByContents
GetRealTypeByContentsNew
HeurClean
HeurGetDetectionInfo
IsDNScanReq
IsVBScanReq
QHLibDeinit
QHLibInit

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 465KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10.7MB - Virtual size: 10.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 282KB - Virtual size: 282KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9162b2951fc5e438828ae77cc25f7a8a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

oleaut32

platform.qvd

msvcrt

Exports

Exports

Sections

.text Size: 3.9MB - Virtual size: 3.9MB

.rdata Size: 465KB - Virtual size: 464KB

.data Size: 10.7MB - Virtual size: 10.7MB

.pdata Size: 191KB - Virtual size: 190KB

.rsrc Size: 1024B - Virtual size: 592B

.reloc Size: 282KB - Virtual size: 282KB

.text
Size: 3.9MB - Virtual size: 3.9MB

.rdata
Size: 465KB - Virtual size: 464KB

.data
Size: 10.7MB - Virtual size: 10.7MB

.pdata
Size: 191KB - Virtual size: 190KB

.rsrc
Size: 1024B - Virtual size: 592B

.reloc
Size: 282KB - Virtual size: 282KB