8bc276fad4d8126b9caff18e36978e3e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8bc276fad4d8126b9caff18e36978e3e_JaffaCakes118
Size

112KB
MD5

8bc276fad4d8126b9caff18e36978e3e
SHA1

7b3ad1a85f45ffe7ba094082aae869b77d8279d9
SHA256

8105c360ebf962d578a8425827d4c4093174d6ec8637f3e247cf3a0d66c5d82d
SHA512

b66c799798baea216080454c8a8d4c8672cba8dcf82e07871a7b110ca7710b8d4d79dd54eecdf58f88535e8d43af105757997097da361930795ed820fa49b997
SSDEEP

3072:RYTYxVASVszSVKb7Z0fmI4aozeMv1TwBMWf:DxVAiCSVg7ZemI4viw10i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8bc276fad4d8126b9caff18e36978e3e_JaffaCakes118

Files

8bc276fad4d8126b9caff18e36978e3e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0c78890b86528bf17cf792a6e751611e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\waldo\v1200\apps\components\EllipseTool\Core\objprodX\EllipseToolCore.pdb

Imports

crli18n

?SetFromUnicode@CGlbChar@@QAGHQBGI@Z

crlutl

?IsAppClass@WUTLAppInfo@@SAHW4AppClass@1@@Z

cdrcore

?CreateDisplay@@YAPAUHMEM__@@PAVCDrawlibDoc@@PAVWNodeHandle@@@Z
?OBALockObject@@YAPAUOBJECT@@PAVWNodeHandle@@@Z
?DRAWGetAppInterface@@YAPAUIDrawAppComponent@@XZ
?GetAux@WNodeHandle@@QBEPAV1@XZ
?OBJBackupObject@@YAPAVWNodeHandle@@PAVCDrawlibDoc@@PAV1@@Z
?OBAUnlockObject@@YAHPAVWNodeHandle@@@Z
?GetObjectProp@@YAPAXPAUOBJECT@@I@Z
?TRMNodeSelected@@YAHPAVWNodeHandle@@W4ELocking@@@Z

basetoolcore

?UpdateCommonPropFlags@@YGHPAVWPropCommon@@PAVWNodeHandle@@ABV1@@Z
?LogObjectReplace@@YGHPAUIDrawDocComponent@@PAVWNodeHandle@@@Z
?GetCommonProp@@YGXPAVWNodeHandle@@PAVWPropCommon@@@Z

mfc71u

ord1162
ord315
ord1033
ord1197
ord1199
ord1093
ord371
ord1115
ord1192
ord1168
ord1170
ord314
ord1200
ord1079
ord1087
ord764
ord265
ord581
ord765

msvcr71

_except_handler3
free
??2@YAPAXI@Z
__CxxFrameHandler
memset
?terminate@@YAXXZ
__dllonexit
_onexit
_initterm
malloc
_adjust_fdiv
__CppXcptFilter
??1type_info@@UAE@XZ
__security_error_handler

kernel32

LoadLibraryA
GetProcAddress
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ExitProcess
LocalAlloc
LocalFree
DeleteCriticalSection
InitializeCriticalSection

Exports

Exports

?OPMGetEllipseProperty@@YGXPAVWNodeHandle@@PAVWPropEllipse@@@Z
?OPMGetSelPropEllipse@@YGXPAUIDrawDocComponent@@PAVWPropEllipse@@@Z
?OPMIsValidSelectionForPropEllipse@@YGHPAUIDrawDocComponent@@@Z
?OPMSetEllipseProp@@YGXPAUIDrawDocComponent@@PAVWNodeHandle@@ABVWPropEllipse@@2H@Z
?OPMSetSelPropEllipse@@YGXPAUIDrawDocComponent@@ABVWPropEllipse@@H@Z
?OPMUpdateEllipseObjPropertyFlags@@YGXPAUIDrawDocComponent@@PAUIDrawSelectionInfo@@PAVWPropEllipse@@PAVWNodeHandle@@@Z
?OPMUpdateEllipsePropFlags@@YGHPAVWPropEllipse@@PAVWNodeHandle@@ABV1@@Z
?TPMGetPropEllipse@@YGXPAVWPropEllipse@@@Z
?TPMSetPropEllipse@@YGXABVWPropEllipse@@@Z

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 854B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0c78890b86528bf17cf792a6e751611e

Headers

File Characteristics

PDB Paths

Imports

crli18n

crlutl

cdrcore

basetoolcore

mfc71u

msvcr71

kernel32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 8KB

.rsrc Size: 100KB - Virtual size: 100KB

.reloc Size: 1024B - Virtual size: 854B

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 8KB

.rsrc
Size: 100KB - Virtual size: 100KB

.reloc
Size: 1024B - Virtual size: 854B