89363d176cc5058da1eea0fc1e9df607_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

89363d176cc5058da1eea0fc1e9df607_JaffaCakes118
Size

415KB
MD5

89363d176cc5058da1eea0fc1e9df607
SHA1

e65923c40fb367a5149dcd30cb8cd4fe88d0e650
SHA256

a487d610362692e2557c77ff10fd131ff0229dbfde703f6ae5f0d9b01c847391
SHA512

bc41e14779e22a42e148225e1837bfe6c6a4bde572c2344f7e03a6be2adc4c5afd6bc9727019e26e1e8a2f3a06f94c0b8222a6c56ac580132eff151d66b7f2c7
SSDEEP

12288:kjNBrqjyt4mJVhZdlFdQsUuWZwsSm1OhC4K7eyI1pLKl+LGdkkvhYRN0qiVPePut:iBWjyGAlFGsUuWZwsSm1OhC4K7eyI1p8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
89363d176cc5058da1eea0fc1e9df607_JaffaCakes118

Files

89363d176cc5058da1eea0fc1e9df607_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9ec748af634b3ff518c8e079f1ee663f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

L:\Проэкты\В процессе разработки\Updater_all\Updater\Release\cheker.pdb

Imports

msvcr90

__CxxFrameHandler3
__FrameUnwindFilter
abort
_encoded_null
_decode_pointer
_encode_pointer
_amsg_exit
_cexit
fread
fwrite
_vsnprintf
memcpy
_snwprintf
isalnum
strncpy_s
strncpy
strcpy_s
setlocale
fclose
getc
feof
fopen
strcat
strcpy
sprintf
_access
strncmp
strcmp
remove
wcstombs_s
mbstowcs_s
malloc
rand
srand
_invalid_parameter_noinfo
??_U@YAPAXI@Z
__CxxUnregisterExceptionObject
__CxxQueryExceptionSize
__CxxDetectRethrow
__CxxRegisterExceptionObject
__CxxExceptionFilter
??2@YAPAXI@Z
_CxxThrowException
??0exception@std@@QAE@XZ
memset
strlen
wcslen
??_V@YAXPAX@Z
memmove_s
??0exception@std@@QAE@ABQBD@Z
strstr
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
??3@YAXPAX@Z
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ

msvcp90

?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??7ios_base@std@@QBE_NXZ
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Lockit_dtor@_Lockit@std@@SAXH@Z
?_Lockit_ctor@_Lockit@std@@SAXH@Z
?open@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
?close@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$allocator@_W@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

kernel32

VirtualFree
CloseHandle
WriteFile
CreateFileA
VirtualAlloc
GetTickCount
WaitForSingleObject
VirtualFreeEx
GetFileAttributesA
GetCurrentDirectoryA
FreeLibrary
GetFileSize
ReadFile
GetDriveTypeA
GetVolumeInformationA
GetLastError
GetModuleHandleA
GetProcAddress
GetCurrentThread
LocalAlloc
LocalFree
CreateToolhelp32Snapshot
GetProcessId
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
lstrcatA
Sleep
ReadProcessMemory
Module32First
Module32Next
Process32First
Process32Next
OpenProcess
VirtualAllocEx
WriteProcessMemory
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetVersionExA
SetThreadPriority
DeviceIoControl
CreateThread
CreateFileW
SetPriorityClass
LoadLibraryA
CreateRemoteThread

msvcm90

?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@P$AAVException@3@@Z
?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ
?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXP$AAVEventHandler@System@@@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@@Z
?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVException@System@@0@Z
?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6GJPAX@Z0@Z

urlmon

URLDownloadToFileA

wininet

FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
FindCloseUrlCache
DeleteUrlCacheEntry

advapi32

FreeSid
RegQueryValueExA
RegCloseKey
OpenThreadToken
OpenProcessToken
DuplicateToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
RegOpenKeyExA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenSCManagerA
CreateServiceA
OpenServiceA
CloseServiceHandle
QueryServiceStatusEx
StartServiceW
ControlService
DeleteService
RegCreateKeyA
RegSetValueExA

user32

GetClassNameA
MessageBoxA

wtsapi32

WTSEnumerateProcessesA

mscoree

_CorExeMain

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 312KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 619KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ec748af634b3ff518c8e079f1ee663f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr90

msvcp90

kernel32

msvcm90

urlmon

wininet

advapi32

user32

wtsapi32

mscoree

Sections

.text Size: 88KB - Virtual size: 88KB

.rdata Size: 312KB - Virtual size: 311KB

.data Size: 3KB - Virtual size: 619KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 88KB - Virtual size: 88KB

.rdata
Size: 312KB - Virtual size: 311KB

.data
Size: 3KB - Virtual size: 619KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 5KB - Virtual size: 4KB