8a0f2489c781eea8074a28915137d214_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8a0f2489c781eea8074a28915137d214_JaffaCakes118
Size

142KB
MD5

8a0f2489c781eea8074a28915137d214
SHA1

8bb80d839f7826705ddf948b6eac44fe8df250ba
SHA256

e1ba097b1a1fce302bc234493686c19f5ad149ed0f5eef40cc16d4c2a881b8d5
SHA512

bcb0f93bf2108ed0166be40f365ffd5cfe3696768d244920909ff3ec967d488dac97536a8b8b75afbdfe89ef05adc8fb6e2b1f1de8ec4e7e4e0510f84397ed14
SSDEEP

3072:aetH3IAgYOtxNb9NbYiZywhVvVaXumSkKYsIUMp0fV:1FOtx992oPMemnJUMyV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8a0f2489c781eea8074a28915137d214_JaffaCakes118

Files

8a0f2489c781eea8074a28915137d214_JaffaCakes118
.dll windows:5 windows x86 arch:x86

a838d2224b12e5fafef9b1062fe96115

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\svn\cscr-cue-cluster-1\scan\ScanApp\Release\hpodss01.pdb

Imports

kernel32

lstrlenW
GetCurrentThreadId
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DeleteCriticalSection
InitializeCriticalSection
GetTickCount
GetCPInfo
MultiByteToWideChar
GetPrivateProfileStringW
lstrcmpiW
GetACP

ole32

CoCreateInstance
CoTaskMemAlloc

oleaut32

CreateErrorInfo
SetErrorInfo
VarBstrCat
SysAllocStringLen
VariantClear
VariantInit
SysFreeString
SysStringLen
SysAllocString

msvcr90

wcscat_s
_CxxThrowException
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
?terminate@@YAXXZ
memcpy_s
memcmp
??2@YAPAXI@Z
?what@exception@std@@UBEPBDXZ
_purecall
free
wcsstr
__CxxFrameHandler3
wcscpy_s
??0exception@std@@QAE@ABV01@@Z
swscanf_s
memset
??0exception@std@@QAE@ABQBDH@Z
??1exception@std@@UAE@XZ
swprintf_s
??3@YAXPAX@Z

Exports

Exports

CreateAiODeviceScanSettings
DestroyAiODeviceScanSettings

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 113KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a838d2224b12e5fafef9b1062fe96115

Headers

File Characteristics

PDB Paths

Imports

kernel32

ole32

oleaut32

msvcr90

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text Size: 113KB - Virtual size: 116KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 113KB - Virtual size: 116KB