226d638e43c7b5c5cc257e2c08c0fcbc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

226d638e43c7b5c5cc257e2c08c0fcbc_JaffaCakes118
Size

165KB
MD5

226d638e43c7b5c5cc257e2c08c0fcbc
SHA1

a95cb4bcc1c3acd70b4119d7be7aacf820386583
SHA256

79705d52b226cbe8231b1c26bfbcce9545804d182a268b7330a6cfbe18607a09
SHA512

eb04cc494ca75a20b250fbd7d0548e1b98ca62ca0b1739f2284a399b8db53d45413430e6bdf76ed35b268c1204a3f56c761dabfc311f42beacc88421bcf78dca
SSDEEP

3072:yhArO6CA27Kq9Snu/LEnkb9nj/8ZUfzlztOzVfcHju:vrVq9T6Kj0ZkBOzVfcS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
226d638e43c7b5c5cc257e2c08c0fcbc_JaffaCakes118

Files

226d638e43c7b5c5cc257e2c08c0fcbc_JaffaCakes118
.exe windows:5 windows x86 arch:x86

74ac0ab22beac2b5627bd5dfb3511640

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\bld_area\cc\Common_Client_20051014\src\r20051.0.14\bin\bin.ira\ccSetMgr.pdb

Imports

kernel32

InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
WideCharToMultiByte
FreeLibrary
LoadLibraryExA
GetLastError
CloseHandle
CreateFileA
WriteFile
SetFilePointer
lstrcatA
GetFileAttributesA
Sleep
CopyFileA
GetTickCount
lstrlenA
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
RaiseException
lstrcmpiA
lstrlenW
EnterCriticalSection
LeaveCriticalSection
lstrcpynA
lstrcpyA
GetModuleFileNameA
IsDBCSLeadByte
GetModuleHandleA
LocalAlloc
FormatMessageA
GetProcAddress
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetStartupInfoA
ExitProcess
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
LoadLibraryA
LocalFree

user32

wsprintfA
PostThreadMessageA
TranslateMessage
DispatchMessageA
GetMessageA
CharNextA

ole32

CoCreateGuid
CoInitializeSecurity
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoResumeClassObjects
StringFromGUID2
CoDisconnectObject
CoSuspendClassObjects
OleRun
CoCreateInstance

oleaut32

VariantClear
SafeArrayPutElement
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocStringByteLen
SysFreeString
SysStringLen
SysAllocString
SafeArrayGetUBound
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
VariantInit

msvcp71

?_Nomemory@std@@YAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?find_first_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
?find_last_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEABGI@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AViterator@12@XZ
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AViterator@12@XZ
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEHIIPBG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEHPBG@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z

ccl40

ord1456
ord2079
ord2077
ord971
ord972
ord970
ord969
ord968
ord967
ord966
ord965
ord1683
ord1677
ord1676
ord1675
ord1674
ord1673
ord1672
ord1641
ord1640
ord1639
ord1638
ord1637
ord1636
ord1635
ord1634
ord1633
ord1632
ord1631
ord1630
ord1629
ord1628
ord1687
ord1551
ord894
ord1452
ord1006
ord962
ord1550
ord893
ord1450
ord1004
ord961
ord1334
ord325
ord2051
ord1662
ord1661
ord1658
ord896
ord1663
ord1660
ord1657
ord1667
ord1493
ord1499
ord2063
ord2052
ord2050
ord938
ord939
ord936
ord1258
ord1659
ord1656
ord1410
ord1403
ord1413
ord1409
ord1122
ord1306
ord1316
ord1313
ord1309
ord1304
ord1115
ord2115
ord1137
ord1333
ord2114
ord1558
ord1556
ord2040
ord1395
ord1852
ord1837
ord1855
ord1836
ord1853
ord1851
ord2021
ord2045
ord2044
ord2038
ord2017
ord1215
ord842
ord797
ord1487
ord1214
ord1111
ord1112
ord1139
ord1124
ord1123
ord754
ord1114
ord1106
ord1108
ord753
ord1119
ord1121
ord1117
ord1118
ord1479
ord1417
ord1416
ord1415
ord1414
ord802
ord800
ord794
ord777
ord1915
ord1909
ord1669
ord1671
ord1787
ord1908
ord1907
ord1455
ord2011
ord1986
ord1987
ord1345
ord1344
ord1346
ord1343
ord1342
ord1985
ord1980
ord1976
ord1166
ord143
ord145
ord160
ord142
ord1756
ord1771
ord1786
ord1802
ord964
ord144
ord1167
ord1092
ord1284
ord1754
ord1757
ord1761
ord1804
ord1755
ord1286
ord1295
ord1297
ord1299
ord1289
ord1301
ord1298
ord1303
ord1093
ord1689
ord493
ord1691
ord1454
ord898
ord1769
ord128
ord1021
ord1034
ord1439
ord986
ord1014
ord1019
ord1024
ord1664
ord1026
ord1914
ord1922
ord1888
ord1887
ord1886
ord529
ord1877
ord1876
ord324
ord1178
ord1176
ord1174
ord1179
ord158
ord157
ord161
ord140
ord778
ord139
ord1015

msvcr71

wcsncpy
realloc
memset
_callnewh
__security_error_handler
??1type_info@@UAE@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
exit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_resetstkoflw
free
malloc
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_except_handler3
_mbsicmp
_ltow
_wtol
_ultow
towupper
??_V@YAXPAX@Z
towlower
_mbsinc
wcslen
wcscpy
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_localtime64
strftime
_time64
vsprintf
_vscprintf
??3@YAXPAX@Z
__CxxFrameHandler
_purecall
memmove
_CxxThrowException
_mbscmp
_wcsicmp

Sections

.text
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

74ac0ab22beac2b5627bd5dfb3511640

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

oleaut32

msvcp71

ccl40

msvcr71

Sections

.text Size: 92KB - Virtual size: 89KB

.rdata Size: 48KB - Virtual size: 45KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 16KB - Virtual size: 12KB

.text
Size: 92KB - Virtual size: 89KB

.rdata
Size: 48KB - Virtual size: 45KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 16KB - Virtual size: 12KB