75d26a0464d76d0b43b12a86a260c4c3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

75d26a0464d76d0b43b12a86a260c4c3_JaffaCakes118
Size

284KB
MD5

75d26a0464d76d0b43b12a86a260c4c3
SHA1

84843ff5d62362cfff8916433926590fb8e2a59c
SHA256

d8ca0dbf8f10fad1314b97a989a26bc630a1406f88b85f1818e403473797d0de
SHA512

20ddce2cd3b974b846f83e2608f20a7458c06196ad2641640ece8e6101dffeca752c9ea55d2918151c71d7dfb027b9cec3d33aa7e45e4843f0eb56015fa9798c
SSDEEP

6144:OYGH42LRdGX9bXeyz2cYjPFcB3LJ+aDT7uYT39dVXUAwV/HQ0pZ7:jIRdUScBF9DTtt/UvV/w0pZ7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
75d26a0464d76d0b43b12a86a260c4c3_JaffaCakes118

Files

75d26a0464d76d0b43b12a86a260c4c3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

88a496a029540a4599eff35e0ae5c383

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

I:\VS70Builds\3077\vsbuilt\retail\Bin\i386\opt\devenv.pdb

Imports

kernel32

GetFileSize
GetFileAttributesA
GetTickCount
GetFileType
GetEnvironmentVariableA
WriteFile
GetStdHandle
Sleep
CompareFileTime
SystemTimeToFileTime
GetSystemTime
WaitForSingleObject
FindResourceExA
GetVersion
GetSystemDefaultLCID
GetUserDefaultLCID
HeapReAlloc
HeapSize
GetProcessHeap
CreateFileA
OpenProcess
DuplicateHandle
GetCurrentProcess
GetCurrentThreadId
MapViewOfFile
CreateFileMappingA
CreateMutexA
ReleaseMutex
SetEvent
CreateProcessA
TerminateProcess
GetExitCodeProcess
LocalAlloc
HeapDestroy
GetSystemTimeAsFileTime
QueryPerformanceCounter
ExitProcess
GetStartupInfoA
HeapAlloc
ReadFile
HeapFree
FreeResource
IsDBCSLeadByte
lstrcmpiA
LoadLibraryExA
EnterCriticalSection
LeaveCriticalSection
GetLastError
InterlockedDecrement
InterlockedIncrement
IsDebuggerPresent
lstrcpynA
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
FindClose
SetUnhandledExceptionFilter
GetCurrentProcessId
CreateEventA
CloseHandle
FindResourceA
LoadResource
LockResource
SizeofResource
InterlockedExchange
GetModuleFileNameA
WideCharToMultiByte
MultiByteToWideChar
lstrcpyA
lstrlenA
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
UnmapViewOfFile

user32

OffsetRect
GetSystemMetrics
wsprintfA
LoadStringA
LoadIconA
LoadImageA
RegisterClassA
CreateWindowExA
UpdateWindow
LoadBitmapA
GetDC
ReleaseDC
SetWindowPos
CopyRect
GetWindowRect
GetDesktopWindow
GetParent
EndDialog
DialogBoxParamA
SystemParametersInfoA
MessageBoxA
CharNextA
DestroyWindow
SetWindowLongA
EndPaint
BeginPaint
DefWindowProcA
GetWindowLongA

gdi32

CreateCompatibleDC
GetDeviceCaps
CreatePalette
CreateDIBitmap
SelectPalette
RealizePalette
SetStretchBltMode
DeleteObject
SetTextColor
GetStockObject
GetTextExtentPoint32A
TextOutA
SelectObject
CreateFontIndirectA
SetBkMode
DeleteDC
GetObjectA
BitBlt

advapi32

RegCloseKey
CryptCreateHash
CryptHashData
CryptImportKey
CryptVerifySignatureA
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA
CryptDestroyHash
RegOpenKeyA
RegQueryValueA
RegEnumKeyExA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA

ole32

StringFromCLSID
IIDFromString
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoSetProxyBlanket
CoQueryProxyBlanket
CoDisconnectObject
CoInitializeSecurity
OleInitialize
OleUninitialize
CoCreateGuid
CoTaskMemFree

oleaut32

VarBstrCat
SysAllocStringLen
VarUI4FromStr
SysFreeString
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SysAllocString

msvcr71

strchr
_controlfp
_onexit
__dllonexit
__security_error_handler
_amsg_exit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
_wcsdup
_wcsnicmp
_wcsicmp
_stricmp
strrchr
_vsnwprintf
_vsnprintf
_wtol
_mbscmp
isprint
_strlwr
_snprintf
wcsncat
_wcslwr
_wtoi
wcschr
memmove
swprintf
wcsncpy
_wsplitpath
_wmakepath
realloc
_resetstkoflw
malloc
_set_security_error_handler
_itow
fprintf
??2@YAPAXI@Z
wcslen
??_U@YAPAXI@Z
wcscpy
wcscat
wcsstr
wcscmp
wcsrchr
fopen
fgets
fclose
memset
_except_handler3
free
??3@YAXPAX@Z
??_V@YAXPAX@Z
strncpy

Sections

.text
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

88a496a029540a4599eff35e0ae5c383

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

msvcr71

Sections

.text Size: 84KB - Virtual size: 81KB

.data Size: 12KB - Virtual size: 9KB

.rsrc Size: 184KB - Virtual size: 184KB

.text
Size: 84KB - Virtual size: 81KB

.data
Size: 12KB - Virtual size: 9KB

.rsrc
Size: 184KB - Virtual size: 184KB