88286b1e3fe02cdfea66c16c42e774eb_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

88286b1e3fe02cdfea66c16c42e774eb_JaffaCakes118
Size

52KB
MD5

88286b1e3fe02cdfea66c16c42e774eb
SHA1

a375dae48839e74c522d2ba2bad5b35c6317a931
SHA256

469ec5cb2622d58415c859404df9d966e92465a6bfe9cb7b4f3a477b3b71c84c
SHA512

064f2de47a162f70696efb7afdc2e4ef5139b96883cc6eb7500d97736f9500db1d469d9c173935bc54d164ac9c51d2309573b6d82163ac4f769efd9e030474c0
SSDEEP

768:gohLcg8015OjBakVAXi7cFfBF+znfCfWkmrO:goVNFOUXi7cF5F+znfjrO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
88286b1e3fe02cdfea66c16c42e774eb_JaffaCakes118

Files

88286b1e3fe02cdfea66c16c42e774eb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

63331d1485bc9f823c178fdeadbd0efa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\winDevelop2\Maintenance\WIH16\WIH\rel120\APP\bin\Cedxm.pdb

Imports

edbio

??1EDataBase@@UAE@XZ
??0EDataBase@@QAE@XZ

xframe

?Load@XDataBase@@QAEHPBDPAVCDocument@@@Z
?Save@XDataBase@@QAEHPBDPAVCDocument@@@Z

cedxmdll

?CdxImportXml@@YAHAAVEDataBase@@PBD1PAH222PA_N@Z
?CdxExportXml@@YAHAAVEDataBase@@PBD1AAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@2H@Z
?CdxGetMsgList@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ

mfc80

ord764
ord578
ord566
ord757
ord1206
ord304

msvcr80

__p__commode
__p__fmode
__set_app_type
_except_handler4_common
_crt_debugger_hook
_invoke_watson
_controlfp_s
?terminate@@YAXXZ
_decode_pointer
_onexit
_adjust_fdiv
_encode_pointer
__dllonexit
_unlock
__CxxFrameHandler3
printf
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_amsg_exit
exit
_XcptFilter
_exit
_cexit
_lock
__getmainargs
__initenv

kernel32

GetSystemTimeAsFileTime
GetLocaleInfoA
GetThreadLocale
GetACP
GetVersionExA
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetModuleHandleA
GetCommandLineA
GetCurrentProcessId

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

63331d1485bc9f823c178fdeadbd0efa

Headers

File Characteristics

PDB Paths

Imports

edbio

xframe

cedxmdll

mfc80

msvcr80

kernel32

Sections

.text Size: 12KB - Virtual size: 9KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 16KB - Virtual size: 14KB

.rsrc Size: 4KB - Virtual size: 800B

.text
Size: 12KB - Virtual size: 9KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 16KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 800B