42971ddba819c7ffb7241badb58d6922_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

42971ddba819c7ffb7241badb58d6922_JaffaCakes118
Size

187KB
MD5

42971ddba819c7ffb7241badb58d6922
SHA1

7444961b8c009b516fa1fa68245b46a6eb0b30e8
SHA256

dbb3c057ac2def73cc50f059b45762476ea2ac14bf7574d3340a5a0938b70320
SHA512

49a11fffa0a03f8ca1cee673218f596697a52d03a1a96d533039ae6fb13730890ed724f653e3572c27fe7246a39db364cb8cf40f93cca604bdee207b7d922571
SSDEEP

3072:nIshP6u2YUpOHZ/vZRgFZRgK5ziUeFekKT4p8+GYU3T7:nIQ6u/UpO5/5UeEXspRU3H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42971ddba819c7ffb7241badb58d6922_JaffaCakes118

Files

42971ddba819c7ffb7241badb58d6922_JaffaCakes118
.exe windows:5 windows x86 arch:x86

71e61554ce8fe35be6de15590899ce43

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Projects\source\winsrc_wkssrv\avcontrol-oem\ccadmin\Release\avadmin.pdb

Imports

mfc90u

ord4681
ord4905
ord4348
ord4448
ord4747
ord4043
ord794
ord2891
ord4423
ord3953
ord797
ord595
ord4910
ord3140
ord5650
ord1727
ord1791
ord1792
ord2139
ord5625
ord1442
ord3226
ord6376
ord5404
ord3682
ord6804
ord4174
ord6802
ord1641
ord2368
ord2375
ord2630
ord2612
ord2610
ord2628
ord2640
ord2617
ord2633
ord2638
ord2621
ord2623
ord2625
ord2619
ord2635
ord2615
ord971
ord967
ord969
ord965
ord960
ord5683
ord5685
ord6466
ord1728
ord4702
ord5154
ord3743
ord5664
ord4603
ord6800
ord5512
ord5602
ord4664
ord1493
ord4345
ord1751
ord1754
ord6411
ord3355
ord4044
ord1262
ord5676
ord6636
ord2904
ord2074
ord6187
ord4741
ord799
ord3488
ord3543
ord2106
ord1149
ord3768
ord611
ord4652
ord1665
ord3622
ord3489
ord3286
ord2274
ord333
ord5867
ord6094
ord6095
ord4131
ord2592
ord4527
ord3741
ord6065
ord4410
ord4541
ord2597
ord2901
ord6109
ord1354
ord1137
ord296
ord909
ord2695
ord3185
ord280
ord286
ord600
ord811
ord813
ord2478
ord6013
ord4405
ord6630
ord1607
ord285
ord3220
ord5663
ord5680
ord4347
ord5674
ord3217
ord2087
ord1098
ord1183
ord3670
ord589
ord4213
ord5830
ord6741
ord4996
ord6018
ord2447
ord4211
ord4967
ord6801
ord4173
ord6803
ord4324
ord617
ord5572
ord5573
ord341
ord3589
ord2537
ord2069
ord5548
ord1048
ord5567
ord4179
ord6035
ord2206
ord4081
ord4080
ord2764
ord2893
ord2774
ord3115
ord2966
ord4728
ord3112
ord2983
ord2771
ord2251
ord4071
ord801
ord1272

msvcr90

_waccess
wcscat_s
swprintf_s
rand
srand
wcscpy_s
swscanf_s
wcslen
exit
wcschr
_wcsicmp
wcscat
_snwprintf
free
malloc
wcsncpy
wcsrchr
memset
_wsplitpath
_wcsupr
wcscmp
wcscpy
_time64
wcsstr
_wcsnicmp
_swprintf
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
fclose
_wfopen_s
vswprintf_s
iswspace
iswalnum
wcsncmp
_wsplitpath_s
wcsncpy_s
wcsncat_s
_errno
calloc
memcpy
_read
_lseek
_filelength
_close
_wsopen
strtoul
realloc
_wassert
__CxxFrameHandler3

kernel32

GetModuleHandleW
GetProcAddress
GetVersionExW
LoadLibraryExW
WriteFile
SetFileAttributesW
GetExitCodeProcess
CreateEventW
WaitForSingleObject
DeleteFileW
CreateProcessW
LoadLibraryW
FreeLibrary
RemoveDirectoryW
GetLastError
WritePrivateProfileStringW
GetModuleFileNameW
GetFileAttributesW
GetPrivateProfileStringW
CreateDirectoryW
GetCurrentProcess
CloseHandle
OpenEventW
SetEvent
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateFileW
ExpandEnvironmentStringsA
LoadLibraryA
InterlockedExchange
Sleep
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess

user32

LoadStringW
GetForegroundWindow
GetFocus
IsWindow
SendMessageW
GetParent
ReleaseDC
LoadIconW
LoadImageW
MessageBoxW
GetDC
ScreenToClient
GetWindowRect
DrawStateW
InflateRect
CopyRect
GetSystemMetrics
DrawIconEx
FillRect
InvalidateRect
DestroyIcon
GetActiveWindow
GetLastActivePopup
EnableWindow

gdi32

SetPixel
GetPixel
GetTextExtentPoint32W
RoundRect
CreatePen
CreateSolidBrush

advapi32

RegOpenKeyExA
RegQueryValueExA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

comctl32

ord17
_TrackMouseEvent

shell32

ShellExecuteW

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.9rdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

71e61554ce8fe35be6de15590899ce43

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc90u

msvcr90

kernel32

user32

gdi32

advapi32

comctl32

shell32

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 3KB - Virtual size: 4KB

.rsrc Size: 44KB - Virtual size: 44KB

.9rdata Size: 72KB - Virtual size: 72KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 44KB - Virtual size: 44KB

.9rdata
Size: 72KB - Virtual size: 72KB