8e817bffac674e5a99390f7537ba760c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8e817bffac674e5a99390f7537ba760c_JaffaCakes118
Size

156KB
MD5

8e817bffac674e5a99390f7537ba760c
SHA1

074857ff464a4c2f7e3879031574ab9406517d1d
SHA256

d7345a8e1b09222b9ffa183b278f833be7886488b3f9929615ef7ff580f2a657
SHA512

1db18ace03c3c5fd3ed65a28a3800decd1cd7cc0e7e161f8b0a3aa5fa11feeb0ebd8cab4acf84b54faae2d4f04d9a3783390354c70d986924f456cb1f6daa4c7
SSDEEP

3072:Muqrem8uLOUHeyGfQsBOiMqmmyELnqXDc3y+Iryhl4v52:TIOKeyGfv1M1vXDSZzlr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8e817bffac674e5a99390f7537ba760c_JaffaCakes118

Files

8e817bffac674e5a99390f7537ba760c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f2a59396d5544852c439b790c78c9736

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

s:\mmjb\src\_bin\release\MusicServer.pdb

Imports

eventmgr

?GetEventMgr@@YAPAVmcIEventMgr@@XZ
??0mcEvent@@QAE@W4eEventCategory@@PBG@Z
?AddParameter@mcEvent@@QAEXPBGN@Z
??1mcEvent@@UAE@XZ
?UnInitEventMgr@@YAXXZ
?InitEventMgr@@YAXXZ

threadutils

??1Mutex@@QAE@XZ
??1Lock@@QAE@XZ

mmpclsvr

?HandleGet@miHttpRequestHandler@@UAEHPAV?$vector@EV?$allocator@E@std@@@std@@@Z
?InitHandleGet@miHttpRequestHandler@@UAEHABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABV?$vector@U?$pair@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V12@@std@@V?$allocator@U?$pair@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V12@@std@@@2@@3@ABV?$vector@EV?$allocator@E@std@@@3@@Z
?HandlePost@mcPclServerPlugin@@UAEHPAV?$vector@EV?$allocator@E@std@@@std@@@Z
?InitHandlePost@mcPclServerPlugin@@UAEHABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABV?$vector@U?$pair@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V12@@std@@V?$allocator@U?$pair@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V12@@std@@@2@@3@ABV?$vector@EV?$allocator@E@std@@@3@@Z
?UpdateUiState@mcPclServerPlugin@@UAEXXZ
?NotifyDbChanged@mcPclServerPlugin@@UAEXXZ
?SetUiProxy@mcPclServerPlugin@@UAEXPAVmiUiProxy@@@Z
?SetDbProxy@mcPclServerPlugin@@UAEXPAVmiDbProxy@@@Z
?Stop@mcPclServerPlugin@@UAEXXZ
?Start@mcPclServerPlugin@@UAEXXZ
??0mcPclServerPlugin@@QAE@XZ
??1mcPclServerPlugin@@UAE@XZ

mmc70u

ord2639
ord4079
ord2520
ord2642
ord2350
ord2454
ord2343
ord3513
ord3514
ord3504
ord2452
ord3742
ord4253
ord4033
ord3131
ord698
ord1861
ord942
ord3629
ord2087
ord3436
ord1072
ord1068
ord4951
ord3984
ord4507
ord4662
ord4352
ord1514
ord1513
ord5659
ord1463
ord1460
ord3739
ord1263
ord4016
ord4926
ord1751
ord4845
ord5982
ord3957
ord4968
ord3199
ord2537
ord4054
ord1443
ord5707
ord809
ord814
ord818
ord816
ord820
ord2230
ord2214
ord2233
ord2228
ord2205
ord2207
ord2225
ord2017
ord2011
ord1368
ord5984
ord3601
ord5986
ord3143
ord4739
ord1225
ord4947
ord1805
ord4965
ord2666
ord4258
ord4034
ord2981
ord300
ord546
ord5831
ord972
ord978
ord2191
ord952
ord977
ord1746
ord4521
ord650
ord447
ord257
ord256
ord4098
ord1859
ord896
ord4874
ord512
ord1394
ord5000
ord4998
ord2210
ord2220
ord2218
ord2216
ord2212
ord2235
ord2223
ord1499
ord1498
ord1442
ord951
ord5808
ord2347
ord5315
ord4978
ord4995
ord4340
ord3741
ord4991
ord4989
ord2732
ord1761
ord3631
ord5145
ord5926
ord3605
ord5332
ord1904
ord5985
ord3600
ord5983
ord3805
ord3823
ord3478
ord4313
ord703
ord705
ord4494
ord1088

mmvcr70

__CxxFrameHandler
_purecall
__dllonexit
__security_error_handler
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
??1exception@@UAE@XZ
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_amsg_exit
_wcmdln
exit
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
_CxxThrowException
fread
fclose
_filelength
_wfsopen
_errno
_waccess
_wcsicmp
_wsplitpath
wcscpy
iswspace
_wcsnset
wcsncpy
wcslen
_c_exit
_exit
_XcptFilter
_except_handler3
_controlfp
?terminate@@YAXXZ
__p__commode
_onexit
_cexit

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
ExitProcess
GetStartupInfoW
RaiseException
GetProcAddress
LocalAlloc
WinExec
SetLastError
GetVersion
GetLastError
CloseHandle
ReleaseMutex
QueryPerformanceCounter
QueryPerformanceFrequency
SizeofResource
LockResource
LoadResource
LeaveCriticalSection
EnterCriticalSection
Sleep
InitializeCriticalSection
DeleteCriticalSection
CompareStringA
FreeLibrary
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
LoadLibraryA
FlushInstructionCache
VirtualQuery
InterlockedExchange

comctl32

ord17

ole32

CoInitializeEx
CoUninitialize

mmvcp70

?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AV?$_Ptrit@GHPAGAAGPAGAAG@2@V32@0@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAGI@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AV?$_Ptrit@GHPAGAAGPAGAAG@2@XZ
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AV?$_Ptrit@GHPAGAAGPAGAAG@2@XZ
?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
?rend@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AV?$reverse_iterator@V?$_Ptrit@GHPAGAAGPAGAAG@std@@@2@XZ
?rbegin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AV?$reverse_iterator@V?$_Ptrit@GHPAGAAGPAGAAG@std@@@2@XZ
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rrdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f2a59396d5544852c439b790c78c9736

Headers

File Characteristics

PDB Paths

Imports

eventmgr

threadutils

mmpclsvr

mmc70u

mmvcr70

kernel32

comctl32

ole32

mmvcp70

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 28KB - Virtual size: 27KB

.rrdata Size: 72KB - Virtual size: 72KB

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 28KB - Virtual size: 27KB

.rrdata
Size: 72KB - Virtual size: 72KB