953618d63b7b04ab790c9fc48bd44d01_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

953618d63b7b04ab790c9fc48bd44d01_JaffaCakes118
Size

48KB
MD5

953618d63b7b04ab790c9fc48bd44d01
SHA1

d4e3a848f30927690d157b8a5b36cdbb23e547fd
SHA256

291644d4f379deb3441d8289d0a8cd84f0d178db62d917af8d8dfe45a7f1d594
SHA512

73be5f7d484f2d4e49f8744426784464670ab5f1987cf91b920bade27b5415171415b45fb9f8b1a34af774b5bed91b586b25bb8665e31402be07cecfe185c630
SSDEEP

768:0dZXoy0vvubAZabmsDtHExmqGANG5Z4nTgR83PV8Tr7Y3R:M2JvvubAAlkxmqB05Uc8f+TfY3R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
953618d63b7b04ab790c9fc48bd44d01_JaffaCakes118

Files

953618d63b7b04ab790c9fc48bd44d01_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7d164400402e9a1ca59a69251737fc6e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Vss\Souche\Client\V6.0\Build\Src\Installation\Shell\Exe\rel\ShellExe.pdb

Imports

shelldll

ShellSetPTPAndAlertingInterfaces
ShellCommandLineExec

mfc71

ord2063
ord4326
ord6276
ord3801
ord6278
ord4014
ord4038
ord3683
ord4541
ord314
ord1084
ord265
ord1482
ord781
ord310
ord783
ord557
ord745
ord870
ord784
ord5715
ord1185
ord6006
ord762
ord876
ord578
ord1187
ord1191
ord1207
ord2731
ord2537
ord5566
ord5213
ord5230
ord764
ord3830
ord4568
ord3948
ord2248
ord5226
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord5102
ord1010
ord3806
ord5583
ord2018
ord1054
ord5975
ord304
ord566
ord581
ord1167
ord1092
ord1209
ord757
ord315
ord765
ord714
ord3333
ord4261
ord4481
ord3949
ord2644
ord3709
ord3719
ord3718
ord2533
ord2646
ord2540
ord2838
ord2714
ord4307
ord2835

msvcr71

_setmbcp
_controlfp
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
?terminate@@YAXXZ
__security_error_handler
memset
_purecall
free
__CxxFrameHandler
_except_handler3

kernel32

GetModuleHandleA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
ExitProcess
LocalAlloc
LocalFree
GetCurrentThreadId
GetLastError
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSection
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

comctl32

ord17

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysFreeString
SysAllocStringByteLen
SysStringByteLen
VariantInit
VariantClear
SysAllocStringLen

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.lrdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7d164400402e9a1ca59a69251737fc6e

Headers

File Characteristics

PDB Paths

Imports

shelldll

mfc71

msvcr71

kernel32

comctl32

ole32

oleaut32

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 776B

.lrdata Size: 20KB - Virtual size: 20KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 776B

.lrdata
Size: 20KB - Virtual size: 20KB