0ede74b4f52b60b398fbf97af5f1baa9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0ede74b4f52b60b398fbf97af5f1baa9_JaffaCakes118
Size

372KB
MD5

0ede74b4f52b60b398fbf97af5f1baa9
SHA1

70e53887c2be85e935b54c9ff33993e171d4d3d9
SHA256

5b14c54fcbe455433edfe5a00c2e52968b75c8338c3912854a7c757615104e23
SHA512

25cd904807afd2338d3f8bf3b733b0183e0ef6542291b23fca49ce7fc8dfd00dc6d181421a5e92eb9a62c48bfe42a78410464b9b41f712fa76a1359574c2f6c6
SSDEEP

6144:2+0APPTybbasvDIepNpSqtxXXeWm60yDPrOYZHmtsnYpkBUuR8wF4Hi:xPPTybb5vDFcqAulG0Kmui

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ede74b4f52b60b398fbf97af5f1baa9_JaffaCakes118

Files

0ede74b4f52b60b398fbf97af5f1baa9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

202921f1c81eecc68b37ab1d2a3a230d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\build\V1.5\Output\Release(x86)\Program Files\Common Files\DeviceDataService.pdb

Imports

kernel32

LocalFree
LoadLibraryA
Sleep
OutputDebugStringW
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
LocalAlloc
FormatMessageW
WaitForMultipleObjects
CreateThread
GetProcAddress
GetModuleHandleW
GetCurrentThreadId
GetCommandLineW
OpenProcess
RaiseException
GetExitCodeThread
SwitchToThread
TerminateThread
FindNextFileW
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
FindFirstFileW
FindClose
CopyFileW
DeleteFileW
InterlockedExchange
WideCharToMultiByte
lstrlenA
GetLastError
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
MultiByteToWideChar
CloseHandle
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleFileNameW
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
lstrlenW
InitializeCriticalSection
InterlockedDecrement
DeleteCriticalSection
GetLocaleInfoW

user32

IsWindow
TranslateMessage
DispatchMessageW
GetMessageW
PostThreadMessageW
CharNextW
CharUpperW
PostMessageW

advapi32

RegCloseKey
RegOpenKeyExW
RegSetValueExW

ole32

CoCreateInstance
CoUnmarshalInterface
CoTaskMemFree
CoMarshalInterThreadInterfaceInStream
CoUninitialize
CoInitialize
CoTaskMemRealloc
OleRun
CLSIDFromProgID

oleaut32

SysFreeString
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysStringLen
LoadRegTypeLi
LoadTypeLi
VariantClear
VariantInit
SetErrorInfo
VariantCopy
SafeArrayDestroy
GetErrorInfo
SysAllocStringLen
VarDateFromStr
VarUdateFromDate
RegisterTypeLi
UnRegisterTypeLi
SafeArrayCopy
SafeArrayRedim
VariantCopyInd
SafeArrayLock
SafeArrayGetVartype
SafeArrayUnlock
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
VariantChangeType

atl90

ord61
ord11
ord10
ord17
ord20
ord23
ord68
ord56
ord49
ord67
ord31
ord32
ord64
ord30
ord58

msvcp90

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

msvcr90

__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_decode_pointer
__set_app_type
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ
_except_handler4_common
wcscpy_s
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_onexit
realloc
??3@YAXPAX@Z
_CxxThrowException
??2@YAPAXI@Z
??_V@YAXPAX@Z
__CxxFrameHandler3
free
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
memcpy_s
_vscwprintf
vswprintf_s
wcsnlen
memmove_s
??0exception@std@@QAE@ABV01@@Z
malloc
memset
_wcsicmp
_purecall
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
wcsstr
memcpy
swprintf_s
_wtol
_wtoi
wcsncpy_s
_endthreadex
_beginthreadex
strcpy_s
_crt_debugger_hook

Sections

.text
Size: 195KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

202921f1c81eecc68b37ab1d2a3a230d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

atl90

msvcp90

msvcr90

Sections

.text Size: 195KB - Virtual size: 195KB

.rdata Size: 51KB - Virtual size: 50KB

.data Size: 6KB - Virtual size: 7KB

.rsrc Size: 118KB - Virtual size: 118KB

.text
Size: 195KB - Virtual size: 195KB

.rdata
Size: 51KB - Virtual size: 50KB

.data
Size: 6KB - Virtual size: 7KB

.rsrc
Size: 118KB - Virtual size: 118KB