3ca5657e70bdb33197e138fee16220ae_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3ca5657e70bdb33197e138fee16220ae_JaffaCakes118
Size

437KB
MD5

3ca5657e70bdb33197e138fee16220ae
SHA1

519467dcbdd2c017ac1e43972ffb9a87af7607f1
SHA256

b1711e90bc98db72b8e9b13a65bbd656136ec77be89231f98d645bf05d0bc1f0
SHA512

79d01fb84eb5c7a20b462429a9dc7a702c785b7d14edf3426bc11fcca88e947bfd0a003502614c887d9a987602734321f7ec98df30ac47660131d43ff96963ad
SSDEEP

6144:0boSE/DfTCeNRQRIIfXR8gDApc0gBHgMg74DDtQ:090TCeTQZepqpBAlQBQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ca5657e70bdb33197e138fee16220ae_JaffaCakes118

Files

3ca5657e70bdb33197e138fee16220ae_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f05bcba3a23dbf71954b5a30f0311c79

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\src\converter\rel32\RealConverter.pdb

Imports

ole32

OleInitialize
OleUninitialize

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
DeleteFileA
CreateFileA
GetModuleFileNameA
VirtualQuery
GetFileAttributesA
CreateDirectoryA
WideCharToMultiByte
MoveFileA
GetTickCount
GetCurrentProcessId
SetEnvironmentVariableA
GetEnvironmentVariableA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
CreateMutexA
SetCurrentDirectoryA
GetCurrentDirectoryA
IsBadWritePtr
VirtualProtect
IsBadReadPtr
GetModuleHandleA
SetUnhandledExceptionFilter
TerminateThread
WaitForSingleObject
CreateThread
GetCurrentThreadId
GetCurrentProcess
WriteFile
GetThreadContext
OpenProcess
SetFilePointer
GlobalMemoryStatus
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
LeaveCriticalSection
EnterCriticalSection
GetLastError
CloseHandle
ReleaseMutex
GetSystemTimeAsFileTime
ExitProcess
GetStartupInfoA
QueryPerformanceCounter
SetErrorMode
GetProcessHeap

user32

GetSystemMetrics
GetDC
ReleaseDC

advapi32

RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA

version

GetFileVersionInfoA
VerQueryValueA

gdi32

GetDeviceCaps

msvcr71

??2@YAPAXI@Z
tolower
isupper
strncpy
strchr
strtol
strncat
wcslen
_vsnprintf
__CxxFrameHandler
getenv
sprintf
free
_except_handler3
_CxxThrowException
strrchr
atoi
memmove
vsprintf
asctime
gmtime
time
?terminate@@YAXXZ
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
exit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
_controlfp
memset
_putenv
_stricmp
_purecall
_mbctype
__security_error_handler
??3@YAXPAX@Z

shell32

SHGetFolderPathA

shlwapi

PathAddBackslashA
PathAppendA

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rrdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f05bcba3a23dbf71954b5a30f0311c79

Headers

File Characteristics

PDB Paths

Imports

ole32

kernel32

user32

advapi32

version

gdi32

msvcr71

shell32

shlwapi

Sections

.text Size: 36KB - Virtual size: 34KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 292KB - Virtual size: 291KB

.rrdata Size: 68KB - Virtual size: 68KB

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 292KB - Virtual size: 291KB

.rrdata
Size: 68KB - Virtual size: 68KB