3815c24ac27b12edd30b75371f965c71_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3815c24ac27b12edd30b75371f965c71_JaffaCakes118
Size

197KB
MD5

3815c24ac27b12edd30b75371f965c71
SHA1

33b74cdbb170e6e25ba29c1c6d52779532edf2ce
SHA256

4b1a16ee65e39decea3050641007a40bc93d590ccb87c145050030918cd7eb7f
SHA512

701aad71fdb662a0bbf0add3c6d33feb4f1ebb9b9aa94c1c7b0077f98bf3ddecee1b94a720585dde64d03d6a3a31d2536c4e1ef560b36208df98cc83150246b4
SSDEEP

3072:eEJwiQ3lvMvjM426yY8XlJ7NldYU5oEO2OmbyHDQMVB8/YErFMAzy5:gl3lv2s6yYqPYMO2OmIEciygy5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3815c24ac27b12edd30b75371f965c71_JaffaCakes118

Files

3815c24ac27b12edd30b75371f965c71_JaffaCakes118
.exe windows:5 windows x86 arch:x86

05bf7a4362d831375a7cf43e2f2fef91

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Project\JetAudioRoot_U\binary\Release\JetTrim.pdb

Imports

jetcfg

ord1

mfc90u

ord5852
ord2696
ord942
ord946
ord3868
ord2106
ord3543
ord3486
ord3621
ord1354
ord1353
ord6091
ord795
ord636
ord367
ord590
ord3812
ord3994
ord2209
ord3038
ord5012
ord4918
ord5151
ord3122
ord5166
ord4630
ord5344
ord5055
ord4887
ord5409
ord405
ord4888
ord782
ord4996
ord3658
ord6137
ord788
ord585
ord3662
ord2137
ord5611
ord5403
ord2627
ord5652
ord6794
ord5595
ord1431
ord1425
ord5429
ord1432
ord2227
ord2265
ord2269
ord2288
ord2297
ord2289
ord2078
ord4396
ord5802
ord4320
ord4616
ord6524
ord1723
ord1787
ord3157
ord4451
ord6182
ord4037
ord4774
ord524
ord744
ord5182
ord1938
ord2045
ord1937
ord3422
ord813
ord772
ord1782
ord1715
ord3648
ord775
ord1783
ord1716
ord3355
ord6411
ord1493
ord5664
ord3286
ord3651
ord595
ord2069
ord2596
ord1248
ord6760
ord4347
ord6830
ord3185
ord799
ord2364
ord4324
ord778
ord750
ord615
ord2326
ord617
ord341
ord3399
ord938
ord2360
ord2372
ord1183
ord1383
ord1144
ord664
ord811
ord2478
ord4235
ord935
ord1186
ord6482
ord5567
ord4448
ord4423
ord6801
ord4173
ord6803
ord4747
ord2251
ord3360
ord6577
ord4179
ord1048
ord5548
ord6741
ord5830
ord4213
ord2087
ord3217
ord5674
ord5676
ord2447
ord5680
ord5663
ord6018
ord3115
ord4905
ord4681
ord3670
ord589
ord2539
ord794
ord4967
ord4043
ord316
ord820
ord306
ord818
ord601
ord1250
ord1254
ord4516
ord286
ord4442
ord5008
ord296
ord2904
ord4131
ord2694
ord5851
ord909
ord2537
ord600
ord6579
ord4000
ord1137
ord4741
ord2901
ord639
ord5632
ord4631
ord5167
ord5324
ord2208
ord1810
ord1809
ord1675
ord3353
ord6408
ord1754
ord1751
ord4345
ord1492
ord4664
ord5602
ord2074
ord5512
ord6800
ord4603
ord5653
ord3743
ord5154
ord4702
ord1728
ord6466
ord5685
ord5683
ord960
ord965
ord969
ord967
ord971
ord2615
ord2635
ord2619
ord2625
ord2623
ord2621
ord2638
ord2633
ord2617
ord2640
ord2628
ord2610
ord2612
ord2630
ord2375
ord2368
ord1641
ord6802
ord4174
ord6804
ord3682
ord5404
ord6376
ord3226
ord1212
ord6171
ord3220
ord285
ord1607
ord265
ord266
ord939
ord814
ord6831
ord2057
ord1935
ord3423
ord1779
ord1708
ord3627
ord2103
ord1601
ord1442
ord5625
ord2139
ord1792
ord1791
ord1727
ord5650
ord2771
ord2983
ord3112
ord4728
ord2966
ord3140
ord2774
ord2893
ord2764
ord4080
ord4081
ord4071
ord2891
ord4348
ord4910
ord4510
ord2277
ord1667
ord4654
ord3496
ord2283
ord1719
ord4660
ord3654
ord280
ord4992
ord6500
ord6476
ord3697
ord4543
ord6065
ord2206
ord6807
ord4682
ord3515
ord339
ord1145
ord6035
ord2243
ord374
ord801
ord580
ord1272

msvcr90

_stricmp
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_controlfp_s
_invoke_watson
_except_handler4_common
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
strncpy_s
_wsetlocale
swscanf
realloc
_beginthreadex
wcscat_s
memmove
_aligned_free
_aligned_realloc
_aligned_malloc
_strlwr_s
_strupr_s
strcpy_s
_wcsdup
wcstok
malloc
wcschr
memcpy
wcsncpy_s
wcsrchr
_wcsnicmp
wcspbrk
wcscpy_s
wcsncpy
wcsstr
_waccess
_purecall
_wcsicmp
memcpy_s
memset
_recalloc
calloc
free
_vsnwprintf_s
__CxxFrameHandler3

kernel32

SetThreadLocale
GetLastError
WideCharToMultiByte
lstrlenW
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
GetSystemDefaultLangID
GetVersion
EnumResourceLanguagesW
ConvertDefaultLocale
Sleep
TerminateThread
GetExitCodeThread
GetTickCount
LoadLibraryA
FreeLibrary
LoadLibraryW
CreateDirectoryW
GetCurrentProcess
GetVersionExW
FindFirstFileW
FindNextFileW
FindClose
GetExitCodeProcess
GetFileSize
SetFilePointer
WriteFile
ReadFile
CreateFileW
CreateEventW
CloseHandle
WaitForSingleObject
SetEvent
GetLocaleInfoW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DeleteFileW
lstrlenA
MultiByteToWideChar
GetModuleHandleW
GetProcAddress
GetVersionExA
GetThreadLocale
GetModuleFileNameW

user32

EnableWindow
GetDlgCtrlID
SendInput
PostMessageW
IsWindow
GetDC
ReleaseDC
GetSysColorBrush
GetKeyState
PeekMessageW
LoadAcceleratorsW
GetMenu
LoadImageW
KillTimer
SetTimer
InvalidateRect
UpdateWindow
GetClientRect
IsZoomed
SendMessageW
GetSubMenu
GetMenuItemID
GetMenuItemCount
DrawIcon
TranslateAcceleratorW
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
MessageBoxW

gdi32

GetObjectW
RectVisible
CreatePalette
CreateHalftonePalette
GetDIBColorTable
CreateCompatibleDC

advapi32

RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey

shell32

DragQueryFileW
DragFinish
ShellExecuteExW

ole32

CoInitialize
CoUninitialize

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 101KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xqhegtr
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

05bf7a4362d831375a7cf43e2f2fef91

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

jetcfg

mfc90u

msvcr90

kernel32

user32

gdi32

advapi32

shell32

ole32

version

Sections

.text Size: 64KB - Virtual size: 64KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 101KB - Virtual size: 102KB

xqhegtr Size: - Virtual size: 4KB

.text
Size: 64KB - Virtual size: 64KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 101KB - Virtual size: 102KB

xqhegtr
Size: - Virtual size: 4KB