41abedce52c06b84cbaf6ef3d36a0026_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

41abedce52c06b84cbaf6ef3d36a0026_JaffaCakes118
Size

189KB
MD5

41abedce52c06b84cbaf6ef3d36a0026
SHA1

110f745e1fa384434dc8d2dc8c5214cd099f4346
SHA256

482f045ff1b5af3fd768ed70f2424124193708df1ec69b182b060ffe211ffc1f
SHA512

fcb7e7f3b54e08a4c12390e10ddd118062d5f6d7079d34dfd676c47ebead36c09349b662c71bbc62d48c7a6f4f43c1a45cfcc9952c1b98c45f12b497595172aa
SSDEEP

3072:+Wuvdxtt8W0ZRDblFacpDpD+VnIJIukqxA2dBMM/xOwkyxe13EY9IxfrpZW:+Fvdxf8W0nDBFFDgnKVXMufX0U1R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41abedce52c06b84cbaf6ef3d36a0026_JaffaCakes118

Files

41abedce52c06b84cbaf6ef3d36a0026_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c85fca527bd3506440184313d69c849b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\waldo\v1200\apps\components\EraserTool\Core\objprodX\EraserToolCore.pdb

Imports

crli18n

?SetFromUnicode@CGlbChar@@QAGHQBGI@Z

crlutl

_UTLLoadString@4

cdrcore

?GetTreeNodeType@WNodeHandle@@QAE?AW4TREENODE_TYPE@@XZ
?GetPathType@WNodeHandle@@QAE?AW4tag_OBJECT_TYPE@@XZ
?GetIsControlLink@WNodeHandle@@QAEHXZ
?DRAWLIBGetMainWnd@@YAPAVCWnd@@XZ
?DRAWGetAppInterface@@YAPAUIDrawAppComponent@@XZ
?TRMParent@@YAPAVWNodeHandle@@PAV1@H@Z
?ARGConvertedTextWillBeGroup@@YAHPAVWNodeHandle@@@Z
?IsNormalObject@WNodeHandle@@QAEHXZ
?DRAWLIBGetApp@@YAPAVCDrawlibApp@@XZ

cdrtra

?TRACreateTransaction@@YAPAUIDrawTransaction@@PAVCDrawTransDoc@@H@Z
?TRALogTransaction@@YAHPAVCDrawTransDoc@@PAUIDrawTransaction@@IPAPAVWNodeHandle@@I@Z

mfc71u

ord1162
ord315
ord1033
ord1197
ord1199
ord1093
ord371
ord1115
ord1192
ord1168
ord1170
ord314
ord1200
ord1079
ord1087
ord764
ord765
ord581

msvcr71

_except_handler3
free
??2@YAPAXI@Z
__CxxFrameHandler
memset
?terminate@@YAXXZ
__dllonexit
_onexit
_initterm
malloc
_adjust_fdiv
__CppXcptFilter
??1type_info@@UAE@XZ
__security_error_handler

kernel32

GetVersionExA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ExitProcess
LocalAlloc
LocalFree
DeleteCriticalSection
InitializeCriticalSection

user32

PostMessageW

Exports

Exports

?ERASInTempEraserState@@YGHXZ
?ERASReturnFromTempEraserState@@YGXPAUIDrawViewComponent@@@Z
?ERASValidTarget@@YGHPAUIDrawDocComponent@@H@Z
?ERAS_GetCursorId@@YGXAAUCURSOR_INFO@@@Z
?ERAS_SetCursorId@@YGXABUCURSOR_INFO@@@Z
?LogEraser@@YGHPAUIDrawDocComponent@@@Z
?TPMGetPropEraser@@YGXPAVWPropEraser@@@Z
?TPMSetPropEraser@@YGXABVWPropEraser@@@Z
ERASForceTempEraserState

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 176KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 870B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c85fca527bd3506440184313d69c849b

Headers

File Characteristics

PDB Paths

Imports

crli18n

crlutl

cdrcore

cdrtra

mfc71u

msvcr71

kernel32

user32

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 176KB - Virtual size: 184KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 870B

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 176KB - Virtual size: 184KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 870B