31412b0e083b050abb299587f8ed7f9c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

31412b0e083b050abb299587f8ed7f9c_JaffaCakes118
Size

35KB
MD5

31412b0e083b050abb299587f8ed7f9c
SHA1

9e145df3ee430b820cbe48b0b4c3cc4f60c3122a
SHA256

13e130e90f0f420f4a1115631ebcfc4c2017539a631d02fb571e174d898ba169
SHA512

6a9d15f67e5060b0d85b9d398b7b7af850214d3c69d35f45cfbee25f9e2d90f3e7533180b6b2248a005b56060bd972feb57379fbe6ff99141c1993a0e9346277
SSDEEP

768:3bv1VzAFlBMRYxFbj5i+RnueYGemPOPbr3HPJIOh:3bLzSbMaV11hQmmPbjHPaOh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
31412b0e083b050abb299587f8ed7f9c_JaffaCakes118

Files

31412b0e083b050abb299587f8ed7f9c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

64a129f6eecf47af3766cc5a73769703

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\BuildData\Lingvo11\Logo\WinRelease\LvLogo.pdb

Imports

kernel32

WaitForSingleObject
CreateThread
TerminateThread
CloseHandle
InterlockedDecrement
GetCommandLineW
LoadResource
FreeResource
LockResource
GlobalAlloc
GlobalLock
GlobalUnlock
ReleaseMutex
GlobalFree
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetLastError
InterlockedExchange
LoadLibraryA
GetSystemDirectoryA
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
CompareStringA
FreeLibrary
ReadFile
GetFileSize
GetLastError
ExitProcess

advapi32

RegCloseKey

user32

ReleaseDC
GetDC
GetWindowDC
EndPaint
GetClientRect
MessageBoxA
DestroyWindow
TranslateMessage
BringWindowToTop
GetLastActivePopup
IsIconic
SetForegroundWindow
SetRect
AdjustWindowRect
GetSystemMetrics
ShowWindow
UpdateWindow
InvalidateRect
BeginPaint

gdi32

GetStockObject
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetDeviceCaps
SelectPalette
RealizePalette
CreateDIBitmap
CreatePalette
DeleteObject

fineobj

?ThrowCOMException@FObj@@YAXJPAUIErrorInfo@@@Z
?RemoveResourceModule@FObj@@YAXPAUHINSTANCE__@@@Z
?AddResourceModule@FObj@@YAXPAUHINSTANCE__@@@Z
?GetModuleFileNameW@FileSystem@FObj@@YA?AVCUnicodeString@2@PAUHINSTANCE__@@@Z
?GenerateInternalError@FObj@@YA_NW4TInternalErrorType@1@PB_W11JK@Z
?RegisterModule@FObj@@YAXPAUHINSTANCE__@@P6AXXZ1@Z
?EndStaticPart@FObj@@YAXXZ
?GetErrorFlag@FObj@@YA_NXZ
?BeginStaticPart@FObj@@YAXXZ
?UnregisterModule@FObj@@YAXPAUHINSTANCE__@@@Z
?Warning@FObj@@YAXPAVCException@1@@Z
?Delete@CException@FObj@@QAEXXZ
?GetFineObjectsVersion@FObj@@YAHXZ
??2@YAPAXI@Z
??1CMessage@FObj@@QAE@XZ
??0CMessage@FObj@@QAE@PB_WH@Z
?Value@CUnicodeString@FObj@@QBE_NAA_N@Z
?SetCurrentLanguageCode@FObj@@YAXH@Z
?ThrowUserException@FObj@@YAXXZ
??0CUnicodeString@FObj@@QAE@PB_W@Z
??3@YAXPAX@Z
?UnicodeStr@FObj@@YA?AVCUnicodeString@1@_N@Z
?SetString@CSetupBase@FObj@@QAEXABVCUnicodeString@2@@Z
?GetString@CSetupBase@FObj@@QBE?AVCUnicodeString@2@XZ
??1CSetupBase@FObj@@MAE@XZ
??1CUnicodeString@FObj@@QAE@XZ
??0CSetupBase@FObj@@IAE@ABVCUnicodeString@1@0W4TSetupType@1@@Z
?UnicodeStr@CMessage@FObj@@QBE?AVCUnicodeString@2@XZ
?destroy@CUnicodeStringBody@FObj@@QAEXXZ
?GetDrivePath@FileSystem@FObj@@YA?AVCUnicodeString@2@ABV32@@Z
?FindResourceW@FObj@@YAPAUHINSTANCE__@@PB_W0@Z

msvcr71

__CxxFrameHandler
wcslen
_wmakepath
_wsplitpath
wcsstr
wcstol
_errno
wcscat
wcscpy
_wtoi
_itow
??1type_info@@UAE@XZ
__dllonexit
_onexit
free
_initterm
malloc
_adjust_fdiv
__CppXcptFilter
_except_handler3
__security_error_handler
?terminate@@YAXXZ
_wcsnicmp

Exports

Exports

__FineObjUsed

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

64a129f6eecf47af3766cc5a73769703

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

user32

gdi32

fineobj

msvcr71

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 18KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB