015257a552d276238770228884d34fc5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

015257a552d276238770228884d34fc5_JaffaCakes118
Size

157KB
MD5

015257a552d276238770228884d34fc5
SHA1

53669779e03ef7713a614e733b59007590007654
SHA256

92a226d3b11bc8bf5c16cb8cdb324767f9d4fb75fe01e091e1417ebd984737b5
SHA512

470108589549c4f928de4efd904642b0fbb4398576954609d2683f92717c933a173abab965b4d0ce928e4b0d316c1d7d28c1a33411f300847a14d5752bb89809
SSDEEP

3072:KQMnwjrJ1hdIjrEJKcYAb3WvrNIQJCcm9yF4L2kHA6EkRMmLUm:hMnq11wjroY6ZQVmW43LUm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
015257a552d276238770228884d34fc5_JaffaCakes118

Files

015257a552d276238770228884d34fc5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c47047abeb1e45380f01ad51207b498b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BUILD_~1\jdk6_24\control\build\WINDOW~1\tmp\deploy\plugin\jbroker\obj\jbroker.pdb

Imports

advapi32

RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegEnumKeyA
StartServiceA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
ControlService
QueryServiceStatusEx
CreateProcessAsUserA
OpenProcessToken
RegOpenKeyA
SetNamedSecurityInfoA
GetNamedSecurityInfoA
CryptAcquireContextA
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

shell32

SHFileOperationA

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
ExitProcess
GetStartupInfoA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
SizeofResource
LockResource
LoadResource
FindResourceA
GetLastError
lstrlenA
lstrcmpiA
CloseHandle
GetLocalTime
CreateFileA
lstrcatA
lstrcpyA
GetTempPathA
lstrcmpA
FindClose
FindFirstFileA
GetFullPathNameA
GetFileAttributesA
SetEndOfFile
SetFilePointer
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
GetWindowsDirectoryA
GetShortPathNameA
MoveFileExA
Sleep
GetTickCount
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
lstrcpynA
DeleteFileA
FindNextFileA
CopyFileA
GetTempFileNameA
GetCurrentProcess
GetEnvironmentVariableA
IsDBCSLeadByte
FreeLibrary
LoadLibraryExA
GetModuleHandleA
GetModuleFileNameA
lstrcpyW
GetSystemDirectoryA
CreateDirectoryA
RemoveDirectoryA
SetFileAttributesA
GetProcAddress
LoadLibraryA
GetLongPathNameA
ReadFile
WriteFile
ConnectNamedPipe
CreateNamedPipeA
WaitNamedPipeA
CreateMutexA
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection

user32

CharNextA
wsprintfA
wsprintfW

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
CoInitialize
StringFromCLSID

oleaut32

VarUI4FromStr
SysAllocStringLen
SysFreeString

msvcr71

fread
_chdir
_mkdir
_strdup
_stricmp
_controlfp
__security_error_handler
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_except_handler3
free
??3@YAXPAX@Z
??_V@YAXPAX@Z
malloc
_resetstkoflw
_CxxThrowException
_iob
fopen
fclose
fprintf
??_U@YAPAXI@Z
islower
atoi
strchr
_local_unwind2
calloc
_stat
_snprintf
memmove
strstr
strtok
_splitpath
__CxxFrameHandler
??2@YAPAXI@Z
realloc
strncpy
fwrite
fseek
sprintf
_getdrive
_errno
exit
??1exception@@UAE@XZ
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
asctime
localtime
time
vsprintf
memset
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UAE@XZ
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
_acmdln

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rrdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c47047abeb1e45380f01ad51207b498b

Headers

File Characteristics

PDB Paths

Imports

advapi32

version

shell32

kernel32

user32

ole32

oleaut32

msvcr71

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 1KB

.rrdata Size: 80KB - Virtual size: 80KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 1KB

.rrdata
Size: 80KB - Virtual size: 80KB