88ff9a241e86654b1f3527567215118f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

88ff9a241e86654b1f3527567215118f_JaffaCakes118
Size

40KB
MD5

88ff9a241e86654b1f3527567215118f
SHA1

81fa354c203da1838d48aae2c4157f65b48ea730
SHA256

1de35dc8b07a18aa70cc455b9978565450a9ce2e39b12cbd228b2b2edd72db0a
SHA512

23aaaae5fb701dc8f6723dd3ed31b5b6ebb317765f65662ded648e5ce4cb658c2de3f4d7758800144d7e6022697ec962fd49ccea6c49e4f69adf97bee07c02d2
SSDEEP

768:PLYuH790dRwgnAh/iQFISvuwDMG1UuLd3JlvM:PM07ymiQmwD73bvM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
88ff9a241e86654b1f3527567215118f_JaffaCakes118

Files

88ff9a241e86654b1f3527567215118f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

45e3efdf850631438daa915158c2d306

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

bibustk

??0BIBusTKMessage@@QAE@K@Z
??1BIBusTKMessage@@UAE@XZ

bibustkserver

??1BITSrvMessager@@UAE@XZ
??1BIBusTKServerInit@@QAE@XZ
??1BIBusTKServer@@QAE@XZ
?serve@BIBusTKServer@@QAEXH@Z
?setIdleTimeLimitSec@BIBusTKServer@@QAEXH@Z
?setNWorkerThreads@BIBusTKServer@@QAEXK@Z
?setSessionConfigDoc@BIBusTKServer@@QAEXPAD@Z
?setCAMSSLServer@BIBusTKServer@@QAEXH@Z
?setUseCAM@BIBusTKServer@@QAEXH@Z
?configure@BIBusTKServer@@QAEXAAVCCLIDOM_Document@@@Z
??0BIBusTKServer@@QAE@XZ
?logAuditSessionConfigImpl@BITSrvLogger@@AAEXPBD@Z
?logAuditConfigImpl@BITSrvLogger@@AAEXAAVCCLIDOM_Document@@@Z
?logAuditImpl@BITSrvLogger@@AAEXHAAVCCLMessageSet@@@Z
?logAuditErrorImpl@BITSrvLogger@@AAEXAAVCCLMessageSet@@@Z
??6@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@std@@AAV01@AAVBITSrvMessager@@@Z
??0BITSrvMessager@@QAE@AAVCCLMessageSet@@W4locale@0@PBD@Z
?logAuditWorkingDirImpl@BITSrvLogger@@AAEXXZ
?getCmdlineParam@BIBusTKServer@@SAPBDPBDHQAPAD@Z
?logAuditCommandLineImpl@BITSrvLogger@@AAEXHPAPAD@Z
?getInstance@BITSrvLogger@@SAPAV1@XZ
??0BIBusTKServerInit@@QAE@XZ

cclcore

??1CCLMessageSet@@UAE@XZ
cclTerminate
??1CCLMessageString@@UAE@XZ
??0CCLMessageString@@QAE@ABVI18NString@@@Z
??1CCLByteBuffer@@UAE@XZ
??6CCLByteBuffer@@QAEAAV0@PBD@Z
?setLength@CCLByteBuffer@@QAEXI@Z
?str@CCLByteBuffer@@QBEPADXZ
?reserve@CCLByteBuffer@@QAEXI@Z
?pcount@CCLByteBuffer@@QBEIXZ
?resolveEffectivePath@CCLFmDir@@SAAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@_STL@@@_STL@@AAV23@@Z
??0CCLByteBuffer@@QAE@II@Z
??0CCLMessageParm@@QAE@JW4CCLMsgParm@0@@Z
??1I18NString@@QAE@XZ
??1CCLMessageParm@@UAE@XZ
??6CCLMessageSet@@QAEAAV0@ABVCCLMessageBase@@@Z
??6CCLMessageComponents@@QAEAAV0@ABVCCLMessageParm@@@Z
??0CCLMessageParm@@QAE@ABVI18NString@@@Z
??0I18NString@@QAE@PBD0JP6APADPAXPADJPAH@Z1@Z
??0CCLMessageSet@@QAE@XZ
cclSetBatchMode
cclInitialize
cclSetNewHandler
?increaseNesting@CCLMessageSet@@QAEKXZ
??1CCLStdExceptionError@@UAE@XZ
??0CCLStdExceptionError@@QAE@ABVexception@@@Z
?addBackTrace@CCLThrowable@@QAEXABVCCLFileLocation@@PBD1@Z
??1CCLOutOfMemoryError@@UAE@XZ
??0CCLOutOfMemoryError@@QAE@JPBD@Z

cclidom

??1CCLIDOM_Document@@UAE@XZ
??1CCLIDOM_Parser@@UAE@XZ
?getCurrentColumnNumber@CCLIDOM_Parser@@QAEHXZ
?getCurrentLineNumber@CCLIDOM_Parser@@QAEHXZ
?getErrorCode@CCLIDOM_Parser@@QAEHXZ
?parse@CCLIDOM_Parser@@QAEHPBDAAVCCLIDOM_Document@@@Z
??0CCLIDOM_Parser@@QAE@XZ
??0CCLIDOM_Document@@QAE@XZ

msvcp60

??0bad_alloc@std@@QAE@ABV01@@Z
??1bad_alloc@std@@UAE@XZ
??0bad_alloc@std@@QAE@PBD@Z
??1_Winit@std@@QAE@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
??0Init@ios_base@std@@QAE@XZ

msvcrt

fread
fopen
memmove
??2@YAPAXI@Z
atoi
exit
__CxxFrameHandler
ferror
strncpy
??0exception@@QAE@XZ
free
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
fclose
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
_chdir

kernel32

GetProcAddress
LoadLibraryExA
FreeLibrary

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45e3efdf850631438daa915158c2d306

Headers

File Characteristics

Imports

bibustk

bibustkserver

cclcore

cclidom

msvcp60

msvcrt

kernel32

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 1KB