2f9d6751a2eec3d6c90ac839d6bc3acc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2f9d6751a2eec3d6c90ac839d6bc3acc_JaffaCakes118
Size

124KB
MD5

2f9d6751a2eec3d6c90ac839d6bc3acc
SHA1

3d23bc3bffe4c2edc65d2b4a08d704bc932c0590
SHA256

63a945e1b5230fdf4465a28929fcddab3819dc70c074e3e5f96827a88fb267bf
SHA512

b537c69e3313607f8d1d3e4a50c6f31062ba30f7bee6c8763af1211860ebce9e3cd0ad4204b88f5bba81d61f301dfca0037df2e4d576ec53d648223f294c5bbc
SSDEEP

3072:Pmhi+Ma80vQcBB20roi/B3CkqBXuUC3Cf4Xne+sq:+hrMfqQcB5CzRCSf4XnGq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f9d6751a2eec3d6c90ac839d6bc3acc_JaffaCakes118

Files

2f9d6751a2eec3d6c90ac839d6bc3acc_JaffaCakes118
.dll windows:4 windows x86 arch:x86

acf60aee5386acf1a3583ec7f9f0eb18

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\V100r006b002d09sp00c03\utps\solution\win32\ToolBarMgrPlugin\Release\ToolBarMgrPlugin.pdb

Imports

skinmagicu

ord7
ord9
ord53

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?_Nomemory@std@@YAXXZ
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z

msvcr71

??1exception@@UAE@XZ
??0exception@@QAE@XZ
__CxxFrameHandler
??3@YAXPAX@Z
strchr
strncmp
fclose
fopen
sprintf
strstr
strtol
??0exception@@QAE@ABV0@@Z
_CxxThrowException
fread
ftell
fseek
_purecall
wcsstr
__RTDynamicCast
wcsncpy
wcscpy
??_V@YAXPAX@Z
malloc
_callnewh
??1type_info@@UAE@XZ
__security_error_handler
_except_handler3
free
memset
_onexit
__dllonexit
_initterm
_adjust_fdiv
__CppXcptFilter
?terminate@@YAXXZ

mfc71u

ord1079
ord1093
ord371
ord1168
ord416
ord1555
ord948
ord651
ord4119
ord2471
ord5733
ord1461
ord5736
ord532
ord3291
ord2970
ord4959
ord6269
ord1340
ord1335
ord4983
ord4190
ord1574
ord5721
ord4109
ord5729
ord6086
ord595
ord751
ord562
ord3319
ord4255
ord2978
ord1953
ord5157
ord4960
ord2396
ord6265
ord5141
ord1393
ord5911
ord1342
ord1336
ord1343
ord2030
ord2068
ord2072
ord1903
ord3981
ord5351
ord3923
ord4192
ord6010
ord1586
ord1642
ord2869
ord605
ord356
ord3176
ord4256
ord4480
ord3943
ord2638
ord3703
ord3713
ord3712
ord2942
ord2527
ord2640
ord2534
ord2856
ord2708
ord4301
ord2829
ord2725
ord2531
ord5196
ord1590
ord1646
ord1647
ord1955
ord4716
ord4276
ord1416
ord5198
ord2362
ord2364
ord5178
ord4206
ord4729
ord4884
ord4574
ord2011
ord1662
ord1661
ord1542
ord5908
ord1611
ord1608
ord3940
ord1392
ord4238
ord5148
ord1899
ord5067
ord6271
ord4179
ord5199
ord3397
ord1591
ord5956
ord5231
ord5229
ord920
ord925
ord929
ord927
ord931
ord2384
ord2404
ord5171
ord2394
ord2392
ord2390
ord2407
ord2402
ord2386
ord2409
ord2397
ord2379
ord2381
ord2399
ord2169
ord2163
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord2388

kernel32

GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ExitProcess
ReleaseMutex
WaitForSingleObject
CreateMutexA
CloseHandle
GetModuleFileNameW
WideCharToMultiByte

user32

IsWindow
LoadImageW
DestroyIcon
EnableWindow
InvalidateRect
GetWindowRect
PostMessageW
CopyRect
SendMessageW

gdi32

CreateFontIndirectW
GetObjectW
DeleteObject

comctl32

ImageList_ReplaceIcon
ImageList_Remove
ImageList_AddMasked
ImageList_GetImageCount
ImageList_Copy
ImageList_SetBkColor

Exports

Exports

CreatePlugin

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

acf60aee5386acf1a3583ec7f9f0eb18

Headers

File Characteristics

PDB Paths

Imports

skinmagicu

msvcp71

msvcr71

mfc71u

kernel32

user32

gdi32

comctl32

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 1008B

.rsrc Size: 4KB - Virtual size: 840B

.reloc Size: 8KB - Virtual size: 5KB

.text Size: 64KB - Virtual size: 64KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 1008B

.rsrc
Size: 4KB - Virtual size: 840B

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 64KB - Virtual size: 64KB