1c8d239bc3e1a908dee9dc6ebaee6f5f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1c8d239bc3e1a908dee9dc6ebaee6f5f_JaffaCakes118
Size

244KB
MD5

1c8d239bc3e1a908dee9dc6ebaee6f5f
SHA1

a79750b03ca9f8de19a9c0cda456b4ba14933791
SHA256

95ae83b97eb07467a97a953b2e0c23ef3c1759b8953fe69e1490fe27b493a5db
SHA512

67a05eea7bcae1dd44c7ad8948b220453a24860097830ebe73a566d9135ddad3b9e1691d9f272b1b8375953d403623aa5aee0348ff22c46008b763838b5f272f
SSDEEP

6144:wPnkzrT3XvY3NLXtaOcEgB3rhdCzrkO4R4j:2nAXqNLXtaOcTB3994j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c8d239bc3e1a908dee9dc6ebaee6f5f_JaffaCakes118

Files

1c8d239bc3e1a908dee9dc6ebaee6f5f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cd0ad93a22519b6188ced11ce44256a3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\bld_area\navcon_r11.0.2\Norton_AntiVirus\Consumer\src\bin.ira\navapsvc.pdb

Imports

savrt32

ord6
ord2
ord9
ord10
ord43
ord4
ord44
ord38
ord28
ord26
ord27
ord29
ord33
ord32
ord39
ord35
ord34

kernel32

HeapFree
GetVersionExA
HeapDestroy
HeapAlloc
HeapReAlloc
HeapSize
GetProcessHeap
ExitProcess
GetStartupInfoW
GetThreadContext
SetUnhandledExceptionFilter
VirtualFree
GetProcAddress
FreeLibrary
lstrcpyW
LoadLibraryExW
lstrcatW
GetFileAttributesW
GetLastError
WaitForSingleObject
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventW
CloseHandle
lstrlenA
FindCloseChangeNotification
PulseEvent
FindNextChangeNotification
WaitForMultipleObjects
FindFirstChangeNotificationW
GetShortPathNameW
MultiByteToWideChar
GetVolumeInformationW
SetErrorMode
GetExitCodeThread
TerminateThread
OpenEventW
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
RaiseException
InterlockedIncrement
InterlockedDecrement
lstrlenW
GetModuleHandleW
GetModuleFileNameW
SizeofResource
LoadResource
FindResourceW
lstrcmpiW
lstrcpynW
SetProcessWorkingSetSize
GetCurrentProcess
lstrcmpW
LocalFree
WideCharToMultiByte
LockResource
FindResourceExW
LocalAlloc
FormatMessageW
GetCurrentThread
CreateMutexW
GetCurrentThreadId
GetCommandLineW
LoadLibraryW
GetPrivateProfileStringW
lstrcmpA
GetModuleHandleA
GetVersion
FindClose
FindNextFileW
FindFirstFileW
ResetEvent
GetTempPathA
GetTickCount
DeviceIoControl
CreateFileW
GetLogicalDrives
GetComputerNameW
GetDriveTypeW
TerminateProcess
GetSystemInfo
GetLongPathNameW
OutputDebugStringW
WriteFile
SetFilePointer
GetLocalTime
OpenMutexW
ReleaseMutex
WaitForMultipleObjectsEx
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
LoadLibraryA

user32

GetSystemMetrics
GetMessageW
DispatchMessageW
MessageBoxW
CharNextW
wsprintfW
LoadStringW
PostThreadMessageW
CharPrevW
GetKeyboardType
MsgWaitForMultipleObjectsEx
PeekMessageW
TranslateMessage
PostQuitMessage

shell32

SHGetSpecialFolderPathW

ole32

CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemAlloc
CoInitializeSecurity
CoInitialize
CoTaskMemFree
CoUninitialize
CoInitializeEx
StringFromGUID2
CoCreateInstance

oleaut32

SafeArrayUnaccessData
SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayDestroy
VarUI4FromStr
VariantInit
VariantClear

msvcp71

??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGI@Z
?_Nomemory@std@@YAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?clear@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEHPBG@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAGI@Z
?reserve@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z

shlwapi

PathRemoveBackslashW
PathAddBackslashW
PathAppendW
PathFindExtensionW

msvcr71

_exit
_XcptFilter
_cexit
exit
_wcmdln
_amsg_exit
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_vscwprintf
_wsplitpath
??0exception@@QAE@ABQBD@Z
?_set_new_mode@@YAHH@Z
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_set_purecall_handler
_set_security_error_handler
_c_exit
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
__security_error_handler
??3@YAXPAX@Z
memset
__CxxFrameHandler
_endthread
??1exception@@UAE@XZ
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
_purecall
_CxxThrowException
_beginthread
wcscpy
wcsncpy
wcslen
_endthreadex
_beginthreadex
?what@exception@@UBEPBDXZ
_time64
sprintf
_except_handler3
free
??_V@YAXPAX@Z
memcpy
realloc
malloc
memcmp
_putws
vswprintf
puts
wcschr
memmove
wcscmp
wcsrchr
_wtol
wcstok
swprintf
strcmp
localtime
time
strcpy
wctomb
_wcsicmp
_callnewh

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.crdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cd0ad93a22519b6188ced11ce44256a3

Headers

File Characteristics

PDB Paths

Imports

savrt32

kernel32

user32

shell32

ole32

oleaut32

msvcp71

shlwapi

msvcr71

version

Sections

.text Size: 101KB - Virtual size: 101KB

.rdata Size: 56KB - Virtual size: 56KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 7KB - Virtual size: 7KB

.crdata Size: 72KB - Virtual size: 72KB

.text
Size: 101KB - Virtual size: 101KB

.rdata
Size: 56KB - Virtual size: 56KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 7KB - Virtual size: 7KB

.crdata
Size: 72KB - Virtual size: 72KB