477bace9d86b6a9b7482d05b4ce820db_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

477bace9d86b6a9b7482d05b4ce820db_JaffaCakes118
Size

160KB
MD5

477bace9d86b6a9b7482d05b4ce820db
SHA1

c5fc45182763c1e26473d21f839393fca43bd544
SHA256

74df1f66a0d39c490eadcecc80a6c212fb067c7b3993ee479949778d61b59203
SHA512

a229bec04e14b248b4516512f43f64f6264bcb3b7be05d083f9cbd4c0904dd88476504ac62f68e480f4d47044896a73707974732392f0089f0ffbb1a05c60a1b
SSDEEP

3072:dJ2aP6DKEMDvpOkNLU3CyFQSHo4tADyIZShsuaZQQpS036I2gSq5:dJmipOk5ULQJyQySTnjpS0KI2g5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
477bace9d86b6a9b7482d05b4ce820db_JaffaCakes118

Files

477bace9d86b6a9b7482d05b4ce820db_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5c9819dd7634975efda0af2f8276ef38

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc90u

ord6013
ord1603
ord1250
ord799
ord600
ord1607
ord296
ord290
ord2537
ord814
ord5979
ord1254
ord2676
ord280
ord286
ord813
ord811
ord3729
ord6630
ord3220
ord285
ord3185
ord909
ord801

msvcr90

__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_swprintf
_vswprintf
__argc
__wargv
free
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
_invalid_parameter_noinfo
toupper
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
__CxxFrameHandler3

kernel32

LoadLibraryA
FindNextFileW
GetProcAddress
MultiByteToWideChar
LockResource
LoadResource
SizeofResource
FindResourceW
GetModuleHandleW
MapViewOfFile
OpenFileMappingW
GetTickCount
GetLastError
CreateFileMappingW
CloseHandle
UnmapViewOfFile
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
Sleep
InterlockedExchange
GetTempPathW
GetCurrentProcessId
DeleteFileW
RemoveDirectoryW
CreateDirectoryW
CreateMutexW
WaitForSingleObject
ReleaseMutex
FindClose

user32

wsprintfW
MessageBoxW
LoadStringW

shell32

SHGetFolderPathW

ole32

CoInitialize
CoCreateInstance

oleaut32

SysAllocString
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
SysFreeString

msvcp90

??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c9819dd7634975efda0af2f8276ef38

Headers

DLL Characteristics

File Characteristics

Imports

mfc90u

msvcr90

kernel32

user32

shell32

ole32

oleaut32

msvcp90

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 122KB - Virtual size: 122KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 122KB - Virtual size: 122KB