26b78c6323a13ba35f7acd8f9539bf79_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

26b78c6323a13ba35f7acd8f9539bf79_JaffaCakes118
Size

166KB
MD5

26b78c6323a13ba35f7acd8f9539bf79
SHA1

ac74cf0e7ae70306bfb58cc277bc26f680ad1e91
SHA256

c63c2764838538c0e1cce00d00229b5c03bb0b32eff605ba58ba7e69068debaf
SHA512

96cdad2db00c0088e858fe07fd9371d7b7a667bf5196e57b488cc83a99537457d8e02c0da1a76302f47be04ce5850afceb3c7c55c2a48f490be27e7e65356862
SSDEEP

3072:v6YPY76YDhxYfFOL6cDm+OooejHtTIRn4KywONnUVD5Yd+5MN:IFL6QTjVIR4KywOuAE5U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26b78c6323a13ba35f7acd8f9539bf79_JaffaCakes118

Files

26b78c6323a13ba35f7acd8f9539bf79_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d2d4bb086123b11cec1b65bfef7e7b82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\work3\miktex-2.7-nmake\binlib\mpm_mfc.pdb

Imports

miktex207-ui-mfc

?DoModal@SiteWizSheet@MFC@UI@MiKTeX@@SAHPAVCWnd@@@Z
?DoModal@UpdateDialog@MFC@UI@MiKTeX@@SAHPAVCWnd@@PAVPackageManager@Packages@4@ABV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@2@Z
?Create@ProgressDialog@MFC@UI@MiKTeX@@SAPAV1234@XZ
?DoModal@PropSheetPackage@MFC@UI@MiKTeX@@SAHABUPackageInfo@Packages@4@PAVCWnd@@@Z
?DoModal@ErrorDialog@MFC@UI@MiKTeX@@SAHPAVCWnd@@ABVMiKTeXException@Core@4@@Z
?DoModal@ErrorDialog@MFC@UI@MiKTeX@@SAHPAVCWnd@@ABVexception@std@@@Z

miktex207-packagemanager

?Create@PackageManager@Packages@MiKTeX@@SAPAV123@XZ

miktex207-core

?OnThrowStdException@Debug@MiKTeX@@YAXXZ
?Compare@PathName@Core@MiKTeX@@SAHPBD0@Z
?Get@Session@Core@MiKTeX@@SAPAV123@ABVInitInfo@123@@Z
?RegisterMiKTeXUser@Utils@Core@MiKTeX@@SAXXZ
?SetTraceFlags@TraceStream@Core@MiKTeX@@SAXPBD@Z
??0CommandLineBuilder@Core@MiKTeX@@QAE@XZ
?Get@CommandLineBuilder@Core@MiKTeX@@QAEPBDXZ
?FatalMiKTeXError@Session@Core@MiKTeX@@SAXPBD000H@Z
?Get@Session@Core@MiKTeX@@SAPAV123@XZ
?Release@Session@Core@MiKTeX@@SAXPAV123@@Z
?Init@NumberString@Core@MiKTeX@@AAEX_J_N@Z
?FatalWindowsError@Session@Core@MiKTeX@@SAXPBD00H@Z
??1DllProcBase@Core@MiKTeX@@MAE@XZ
??0DllProcBase@Core@MiKTeX@@QAE@PBD0@Z
?GetProc@DllProcBase@Core@MiKTeX@@IAEP6GHXZXZ
?Exists@File@Core@MiKTeX@@SA_NABVPathName@23@@Z
?AppendString@Utils@Core@MiKTeX@@SAIPADIPBD@Z
?Split@PathName@Core@MiKTeX@@SAXPBDPADI1I1I@Z
?Match@PathName@Core@MiKTeX@@SA_NPBD0@Z
?AppendArgument@CommandLineBuilder@Core@MiKTeX@@QAEXPBD@Z
?Start@Process@Core@MiKTeX@@SAXPBD0PAU_iobuf@@PAPAU4@220@Z
?CopyString@Utils@Core@MiKTeX@@SAIPADIPBD@Z
?AppendDirectoryDelimiter@PathName@Core@MiKTeX@@QAEAAV123@XZ
??1CommandLineBuilder@Core@MiKTeX@@QAE@XZ

kernel32

GetSystemTimeAsFileTime
GetLastError
Sleep
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetVersion

user32

LoadMenuA
PostMessageA
EnableMenuItem
TrackPopupMenu
UpdateWindow
EnableWindow
GetSubMenu
SendMessageA
GetFocus

ole32

CoUninitialize
CoInitializeEx

mfc90

ord4683
ord5139
ord3732
ord1384
ord2369
ord5638
ord4589
ord6780
ord5497
ord2074
ord5581
ord4650
ord1497
ord4330
ord1752
ord1755
ord6391
ord3346
ord1684
ord4415
ord2645
ord2646
ord3278
ord5786
ord978
ord6361
ord3222
ord6359
ord3221
ord5323
ord3224
ord4539
ord4716
ord5435
ord5432
ord2855
ord2079
ord2445
ord5339
ord4970
ord6164
ord6318
ord986
ord4706
ord5598
ord377
ord555
ord585
ord576
ord415
ord601
ord2539
ord316
ord4337
ord2651
ord3994
ord3792
ord3991
ord388
ord4670
ord4891
ord3110
ord6533
ord6419
ord3030
ord3331
ord4627
ord2090
ord5122
ord5156
ord5270
ord4663
ord5928
ord3004
ord5844
ord1466
ord6027
ord5589
ord2239
ord2204
ord6742
ord2862
ord2854
ord4979
ord2620
ord310
ord1137
ord3568
ord2282
ord4498
ord2130
ord2591
ord1361
ord1108
ord1387
ord1183
ord2372
ord349
ord3555
ord4679
ord3245
ord5600
ord1445
ord3218
ord6356
ord3670
ord4688
ord5647
ord5584
ord4645
ord4331
ord4364
ord5279
ord5282
ord4786
ord4791
ord4788
ord4806
ord4808
ord4793
ord5195
ord5005
ord4585
ord4576
ord5403
ord4794
ord5199
ord4608
ord5209
ord4850
ord4851
ord2281
ord621
ord2899
ord4116
ord1729
ord4248
ord2232
ord6333
ord266
ord265
ord817
ord3140
ord2481
ord4477
ord1097
ord6559
ord600
ord290
ord1111
ord3998
ord4880
ord4881
ord374
ord3506
ord4668
ord5608
ord5636
ord5585
ord1496
ord6388
ord3344
ord1678
ord1809
ord1810
ord2208
ord4993
ord5309
ord5152
ord4617
ord5615
ord639
ord945
ord2447
ord4029
ord4875
ord4878
ord4882
ord589
ord3659
ord4667
ord4890
ord6001
ord5646
ord5663
ord4981
ord4333
ord5659
ord5657
ord3209
ord2087
ord4199
ord5813
ord6721
ord5533
ord1046
ord4165
ord6018
ord2206
ord2251
ord4733
ord6781
ord4159
ord6783
ord4409
ord4434
ord793
ord3987
ord6584
ord617
ord5658
ord5552
ord341
ord994
ord570
ord4427
ord6462
ord4197
ord2618
ord2616
ord2633
ord2628
ord2612
ord2635
ord2623
ord2605
ord2607
ord2625
ord2375
ord2368
ord1644
ord6784
ord4160
ord6782
ord3671
ord5389
ord6355
ord3217
ord1446
ord2139
ord1792
ord1791
ord1728
ord5633
ord2766
ord2978
ord3107
ord4714
ord2961
ord3135
ord2769
ord2888
ord2759
ord4066
ord4067
ord4057
ord2886
ord4334
ord4895
ord4671
ord640
ord787
ord778
ord670
ord619
ord3808
ord4437
ord820
ord2592
ord798
ord800
ord6446
ord5668
ord5666
ord958
ord963
ord967
ord965
ord969
ord2610
ord2630
ord3832
ord2614
ord650
ord1276

msvcr90

_difftime64
strftime
_gmtime64_s
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_stricmp
memcpy
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
memset
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
_setmbcp
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
_controlfp_s
_invoke_watson
_except_handler4_common
_crt_debugger_hook
__CxxFrameHandler3
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__set_app_type
__p__fmode

comctl32

InitCommonControlsEx

msvcp90

?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

oleaut32

SysFreeString

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 58KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d2d4bb086123b11cec1b65bfef7e7b82

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

miktex207-ui-mfc

miktex207-packagemanager

miktex207-core

kernel32

user32

ole32

mfc90

msvcr90

comctl32

msvcp90

oleaut32

Sections

.text Size: 72KB - Virtual size: 72KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 1KB - Virtual size: 2KB

.idata Size: 9KB - Virtual size: 9KB

.rsrc Size: 58KB - Virtual size: 71KB

.text
Size: 72KB - Virtual size: 72KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 1KB - Virtual size: 2KB

.idata
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 58KB - Virtual size: 71KB