5c034d8fae284247c8c3f5aef6c4b792_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5c034d8fae284247c8c3f5aef6c4b792_JaffaCakes118
Size

129KB
MD5

5c034d8fae284247c8c3f5aef6c4b792
SHA1

fbf1fdb7f26dd817b72faf91d40a4e6d952302a9
SHA256

c0af83fef4e7644e6f603810e5568f5bfaf31c69ca80aac1c9dd3673dd984107
SHA512

168dcd8e6d6615f8b8aff800296078c570269fec7a589f340eb1efa62a90c81435d94a5b3e1633abacceec75931927bc66754395bad0707ef22a66fb5838c541
SSDEEP

3072:MbL4APKVSOBlFStz4XithYcz+Wd4Wi3q4K71Vt6:oPxWlCxzcWi671Vt6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c034d8fae284247c8c3f5aef6c4b792_JaffaCakes118

Files

5c034d8fae284247c8c3f5aef6c4b792_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f8d643a8a87da97dbc70026fc9c8e440

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\bld_area\cc\Common_Client_301\src\r3.0.1\bin\bin.ira\ccApp.pdb

Imports

comctl32

ord17

kernel32

TerminateProcess
GetCurrentProcess
GetProcAddress
FreeLibrary
InterlockedIncrement
InterlockedDecrement
LoadLibraryExA
lstrcatA
Sleep
GetFileAttributesA
lstrlenA
lstrcpynA
GetShortPathNameA
GetVersionExA
GetLastError
InitializeCriticalSection
DeleteCriticalSection
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ExitProcess
GetStartupInfoA
GetModuleHandleA
GetSystemTimeAsFileTime

user32

GetDesktopWindow
GetWindowLongA
PostQuitMessage
SetWindowLongA
RegisterClassExA
LoadCursorA
wsprintfA
LoadStringA
CharUpperBuffA
CreateWindowExA
ShowWindow
UpdateWindow
PostMessageA
DefWindowProcA

ole32

CoInitialize
CoUninitialize

msvcp71

?_Nomemory@std@@YAXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

shlwapi

PathAddBackslashA
PathAppendA

ccl30

ord993
ord1008
ord990
ord1394
ord1228
ord1230
ord219
ord1325
ord1322
ord134
ord152
ord133
ord151
ord988
ord671
ord153
ord135
ord1313
ord1317
ord1267
ord1316
ord1271
ord1268
ord1315
ord646
ord644
ord642
ord1279
ord1278
ord1383
ord230
ord241
ord232
ord229
ord1302
ord1307
ord1304
ord185
ord1323
ord1382
ord1381
ord1388
ord1389
ord128
ord1397

msvcr71

_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__security_error_handler
?terminate@@YAXXZ
_controlfp
__CxxFrameHandler
??1exception@@UAE@XZ
??0exception@@QAE@XZ
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
memset
_callnewh
_except_handler3
free
malloc
__p___argv
__p___argc
_purecall
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_mbschr
_mbsicmp
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??3@YAXPAX@Z

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.prdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f8d643a8a87da97dbc70026fc9c8e440

Headers

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

ole32

msvcp71

shlwapi

ccl30

msvcr71

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 636B

.rsrc Size: 8KB - Virtual size: 7KB

.prdata Size: 72KB - Virtual size: 72KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 636B

.rsrc
Size: 8KB - Virtual size: 7KB

.prdata
Size: 72KB - Virtual size: 72KB