3510d10198f84686914f3bc8ee2ca784_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3510d10198f84686914f3bc8ee2ca784_JaffaCakes118
Size

110KB
MD5

3510d10198f84686914f3bc8ee2ca784
SHA1

7f2439992856721d98435b5373db0c999770c33e
SHA256

99ae8173949c84a57b9d938f2624237f66e0aafd22c0996bc9fbef953420b640
SHA512

49bcc0d5a996858c1b932c5956184d1d79fd9eca76b3fca9f7622f02f70045d6a7a17ae9bd651eebbd9bfd69c758849862d8ab894a5c6ecd339d86b8b018288a
SSDEEP

1536:A6WBMxOrGHAUelFQadSCNLkiXXF3cgj+QM0njx69HUG5GEbTJo5rzn0guAc:srGgPQa5LkiXV3cohjx6ZUG5Ho5rzab

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3510d10198f84686914f3bc8ee2ca784_JaffaCakes118

Files

3510d10198f84686914f3bc8ee2ca784_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bc44e30256145c4a222ad9e1811268b9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

U:\global\Release\bin\acad\AcSignApply.pdb

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shlwapi

PathCanonicalizeA
PathFindExtensionA
PathRemoveFileSpecA
PathFindFileNameA

userdata

?GetProductRegistryRootKey@@YGIPADK@Z

mfc70

ord4516
ord4671
ord4361
ord1870
ord1523
ord1522
ord1403
ord300
ord2990
ord682
ord705
ord686
ord977
ord1081
ord1472
ord1469
ord4267
ord3748
ord4025
ord4933
ord1760
ord4854
ord5989
ord3966
ord3208
ord4503
ord4063
ord1452
ord5714
ord812
ord817
ord821
ord819
ord823
ord2239
ord2223
ord2242
ord2237
ord2214
ord2216
ord2234
ord2026
ord2675
ord2020
ord1377
ord5993
ord3610
ord5991
ord3890
ord3152
ord4748
ord1234
ord4954
ord1814
ord1508
ord1507
ord1451
ord4972
ord2201
ord2024
ord1180
ord2846
ord2896
ord1871
ord571
ord331
ord2865
ord2864
ord2199
ord1416
ord362
ord3993
ord3003
ord4013
ord1936
ord1397
ord2972
ord2766
ord4019
ord1942
ord3679
ord3683
ord2679
ord5631
ord5629
ord5624
ord1493
ord1423
ord3037
ord1646
ord650
ord447
ord4015
ord1781
ord1344
ord3884
ord1939
ord2712
ord1399
ord2979
ord257
ord4530
ord4021
ord1945
ord1443
ord3124
ord5473
ord5760
ord503
ord1626
ord3886
ord1944
ord5880
ord1155
ord2200
ord1805
ord3051
ord1744
ord956
ord2799
ord1097
ord1273
ord1755
ord4986
ord4101
ord5591
ord2012
ord3565
ord5815
ord2474
ord518
ord703
ord5474
ord302
ord656
ord1495
ord1433
ord3099
ord1267
ord5838
ord5007
ord5005
ord2219
ord2229
ord2227
ord2225
ord2221
ord2244
ord2232
ord546
ord4975
ord4043
ord1272
ord5666
ord4958
ord3445
ord4985
ord5002
ord3750
ord4996
ord2741
ord1770
ord532
ord1077
ord1014
ord599
ord3140
ord512
ord3640
ord5152
ord5933
ord4883
ord899
ord3614
ord5339
ord1868
ord1913
ord4107
ord5990
ord3609
ord5992
ord4322
ord2096
ord5322
ord4349
ord4998
ord3814
ord698
ord3487
ord3832
ord528
ord982
ord561
ord592
ord957
ord4042
ord4262
ord3751
ord2461
ord3513
ord3523
ord3522
ord2352
ord2463
ord2359
ord2651
ord2529
ord4088
ord2648
ord2546
ord2356
ord1406
ord5669

msvcr70

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
?terminate@@YAXXZ
_onexit
__dllonexit
__CxxFrameHandler
_mbscmp
_tzname
_tzset
_ismbcspace
strchr
_mbsicoll
_mbsicmp
_vscprintf
atof
_mbsinc
_mbsrchr
malloc
free
_CxxThrowException
_setmbcp
??1type_info@@UAE@XZ
vsprintf
memmove

kernel32

GetModuleFileNameA
LockResource
LoadLibraryA
GetThreadLocale
InterlockedExchange
MultiByteToWideChar
GetACP
GetEnvironmentVariableA
SizeofResource
WideCharToMultiByte
LoadResource
FreeLibrary
GetLocaleInfoA
lstrlenA
FindResourceA
GetVersion
GetComputerNameA
LocalFree
GetTimeFormatA
GetDateFormatA
GetFileAttributesA
GetTimeZoneInformation
FindFirstFileA
SetFileAttributesA
FindClose
FindNextFileA
GetCurrentDirectoryA
CreateFileA
SetFilePointer
IsDBCSLeadByte
ReadFile
GetLastError
CloseHandle
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
GetProcAddress
GetModuleHandleA
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
InterlockedDecrement
GetVersionExA

user32

MessageBoxA
PostQuitMessage
PeekMessageA
GetWindowRect
IsIconic
GetSubMenu
GetFocus
LoadMenuA
LoadIconA
DrawIcon
GetClientRect
SendMessageA
PtInRect
WinHelpA
EnableMenuItem
GetSysColor
GetDesktopWindow
EnableWindow
GetKeyState
GetSystemMetrics

advapi32

RegQueryValueExA
RegSetValueExA
RegCloseKey
RegEnumValueA
RegOpenKeyExA
RegCreateKeyExA

shell32

SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteExA
DragQueryFileA
ShellExecuteA
DragFinish

comctl32

ImageList_ReplaceIcon

ole32

CoInitialize
CoTaskMemFree
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
SysFreeString
VariantClear

Sections

.text
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc44e30256145c4a222ad9e1811268b9

Headers

File Characteristics

PDB Paths

Imports

version

shlwapi

userdata

mfc70

msvcr70

kernel32

user32

advapi32

shell32

comctl32

ole32

oleaut32

Sections

.text Size: 54KB - Virtual size: 53KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 35KB - Virtual size: 35KB

.text
Size: 54KB - Virtual size: 53KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 35KB - Virtual size: 35KB