75d570c2336099495bcdd5baf26de391_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

75d570c2336099495bcdd5baf26de391_JaffaCakes118
Size

688KB
MD5

75d570c2336099495bcdd5baf26de391
SHA1

d5e383e337164c16b48796622cd7be450c1f78cc
SHA256

10bb81189a8c0e9737658cbec94133ca591fd6003d9884c7bafef405c293a817
SHA512

2be09317fe71ac5f1ad74c3379ebaa0b4e74e9c7d728b02e6dfdd0ac2ab903cd6ac2b13a2f7b9ad4438f4c00897144916209bafd048f19722a41666b1d94a69f
SSDEEP

12288:BHiUXqZcW5Qdbr3C3WL9UL7C8lGQmT5ACSrNmDhyDItQGVnPiQqljDt8/g4kQl6v:BH6ZcW5Qdbr3C3+D+3FMNshUHL3hb5QD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
75d570c2336099495bcdd5baf26de391_JaffaCakes118

Files

75d570c2336099495bcdd5baf26de391_JaffaCakes118
.dll windows:4 windows x86 arch:x86

319098fcbd14dad450532f947f34b007

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\src\datatype\smil\renderer\smlrender.pdb

Imports

kernel32

MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceFrequency
GetTickCount
GetVersionExA
GetVersion
GetSystemInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
ExitProcess
GetModuleFileNameA

user32

CharNextA
GetSysColor
GetDC
ReleaseDC
GetSystemMetrics
GetCursor
LoadCursorA
SetCursor

gdi32

GetDeviceCaps

msvcr71

fopen
sprintf
atol
strtok
strtol
strncpy
isdigit
time
strspn
isalnum
isxdigit
isalpha
atof
strtod
fprintf
mktime
localtime
free
_initterm
malloc
_adjust_fdiv
__CppXcptFilter
_except_handler3
__security_error_handler
??1type_info@@UAE@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
fwrite
fclose
_timezone
floor
_stricmp
atoi
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??_U@YAPAXI@Z
strncmp
strchr
strstr
isspace
??_V@YAXPAX@Z
_purecall
??1exception@@UAE@XZ
??0exception@@QAE@XZ
??2@YAPAXI@Z
??3@YAXPAX@Z
strtoul
iscntrl
_strcmpi
wcslen
strncat
difftime
_strnicmp
_itoa
_vsnprintf
__CxxFrameHandler
tolower
isupper
strrchr
memmove

msvcp71

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

advapi32

RegOpenKeyExA
RegCloseKey

Exports

Exports

CanUnload2
RMACreateInstance

Sections

.text
Size: 428KB - Virtual size: 427KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

319098fcbd14dad450532f947f34b007

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msvcr71

msvcp71

advapi32

Exports

Exports

Sections

.text Size: 428KB - Virtual size: 427KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 4KB - Virtual size: 768B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 20KB - Virtual size: 19KB

.text Size: 180KB - Virtual size: 180KB

.text
Size: 428KB - Virtual size: 427KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 4KB - Virtual size: 768B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 20KB - Virtual size: 19KB

.text
Size: 180KB - Virtual size: 180KB