3073019914f151646945d38fe386f9ae_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3073019914f151646945d38fe386f9ae_JaffaCakes118
Size

520KB
MD5

3073019914f151646945d38fe386f9ae
SHA1

12f18b55496789caba0a7d0c0c239f0123c75922
SHA256

ab336151ec1fc8df15714034a9e04018ecedbd45d55b3226646e4e346dc961cd
SHA512

ce2633e12ed39b577a37f396991c21089a40f29e30aac4c16c1acc298aa30fd592b091647f255efc2c42a66ef3ee67ee8b82568f0dda2e77971f59bf1a58100b
SSDEEP

12288:+AFgtNQw5/vbo3OrfBlawcE8fGP2rmZQwTt:de35Hc3OrfBEEIw2K5T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3073019914f151646945d38fe386f9ae_JaffaCakes118

Files

3073019914f151646945d38fe386f9ae_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2502ee273e5b1fc65b4cd04f3765c974

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Xeb\DVDNavExt\DVDNavExt\Release\DVDNavExt.pdb

Imports

rpcrt4

UuidToStringW
RpcStringFreeW
UuidFromStringW

kernel32

WideCharToMultiByte
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetLastError
InterlockedIncrement
InterlockedDecrement
lstrlenA
lstrcmpiA
lstrlenW
lstrcpyA
GetModuleHandleA
GetModuleFileNameA
lstrcpynA
IsDBCSLeadByte
LeaveCriticalSection
EnterCriticalSection
CloseHandle
WaitForSingleObject
Sleep
CreateThread
CreateEventA
lstrcatA
GetCurrentThreadId
SetEvent
FreeLibrary
SizeofResource
MultiByteToWideChar
FindResourceA
LoadLibraryExA
GetCommandLineA
OutputDebugStringA
GetPrivateProfileStringW
LocalFree
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
ExitProcess
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
LoadResource

user32

CharNextA
TranslateMessage
DispatchMessageA
GetMessageA
PostThreadMessageA
CharUpperA

advapi32

RegDeleteValueA
RegQueryValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA

shell32

SHGetFileInfoA

ole32

StringFromGUID2
CoCreateInstance
CoTaskMemFree
StringFromCLSID
CoInitialize
CoUninitialize
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

VariantClear
SysAllocStringByteLen
RegisterTypeLi
UnRegisterTypeLi
SysAllocString
SysStringLen
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SafeArrayAccessData
SafeArrayUnaccessData
SysFreeString

shlwapi

PathFindExtensionA
PathFindExtensionW

msvcr71

__p__fmode
__set_app_type
_controlfp
_wcsrev
memset
__security_error_handler
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
rand
wcsstr
strncmp
printf
calloc
abort
srand
sprintf
_ftime
_iob
fprintf
strncpy
wcsncpy
_resetstkoflw
??2@YAPAXI@Z
realloc
??3@YAXPAX@Z
_onexit
__dllonexit
?terminate@@YAXXZ
_mbschr
malloc
free
_CxxThrowException
_except_handler3
??_U@YAPAXI@Z
__CxxFrameHandler
??_V@YAXPAX@Z
_purecall
??1type_info@@UAE@XZ

Sections

.text
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 384KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2502ee273e5b1fc65b4cd04f3765c974

Headers

File Characteristics

PDB Paths

Imports

rpcrt4

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcr71

Sections

.text Size: 96KB - Virtual size: 94KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 384KB - Virtual size: 380KB

.rsrc Size: 16KB - Virtual size: 14KB

.text
Size: 96KB - Virtual size: 94KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 384KB - Virtual size: 380KB

.rsrc
Size: 16KB - Virtual size: 14KB