a0fb8126a6b8c28f6cf1103fa8eeb5ea_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a0fb8126a6b8c28f6cf1103fa8eeb5ea_JaffaCakes118
Size

56KB
MD5

a0fb8126a6b8c28f6cf1103fa8eeb5ea
SHA1

ad5add92c0dbef7ec7afc6c855fd645929979ca8
SHA256

4ba8783ef844d9ac7e1d00e4f55bd59e8df9bb14029e904e69417597259083c7
SHA512

75a66d0a48ed0f065781778ca5cc9539b32e08a2021467d1286038607cc8613629eadb332dd550761763cc6f033c56587510483172f2ef07e26e491b73a481cf
SSDEEP

1536:j8ilONrlzNbY0++Y0GZAW5d1h+BE7DxHTpQ3Wb:dlml5Y0++Y0G6FB81FQ3Wb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a0fb8126a6b8c28f6cf1103fa8eeb5ea_JaffaCakes118

Files

a0fb8126a6b8c28f6cf1103fa8eeb5ea_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b7706f9eb3bcc432c6946434af1fc762

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Src\AntiVir\guardgui-oem\Unicode_DRelease\guardgui.pdb

Imports

msvcr71

_controlfp
_onexit
__dllonexit
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_amsg_exit
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_wsopen
_filelength
_lseek
_eof
_read
_close
_waccess
wcschr
_wcsicmp
wcsrchr
??3@YAXPAX@Z
__CxxFrameHandler
wcscmp
wcsstr
wcsncpy
_wtoi
strcat
free
memcpy
_errno
memset
wcscat
wcscpy
wcslen
iswalnum
iswspace
malloc
strcpy
strlen
__security_error_handler

mfc71u

ord4535
ord3677
ord5119
ord3249
ord334
ord593
ord4032
ord4008
ord6272
ord3795
ord6274
ord2054
ord5579
ord3800
ord6215
ord5378
ord3826
ord1911
ord2925
ord5220
ord5222
ord3942
ord4562
ord5226
ord5209
ord5562
ord2531
ord2725
ord2829
ord4301
ord2708
ord2832
ord2534
ord2640
ord2527
ord3712
ord3713
ord1198
ord2638
ord3943
ord4475
ord4255
ord3327
ord757
ord2239
ord1079
ord5113
ord5118
ord4320
ord2009
ord1007
ord5096
ord566
ord577
ord4026
ord899
ord776
ord293
ord3703

kernel32

ReadFile
GetVersionExA
ExitProcess
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
DeleteCriticalSection
InitializeCriticalSection
GetStartupInfoW
GetModuleHandleA
Beep
QueryPerformanceCounter
LoadLibraryExW
GetModuleFileNameW
LoadLibraryW
GetProcAddress
FreeLibrary
GetVersionExW
CreateFileW
GetLastError
GetFileSize
CloseHandle

user32

LoadStringW

advapi32

GetUserNameW

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b7706f9eb3bcc432c6946434af1fc762

Headers

File Characteristics

PDB Paths

Imports

msvcr71

mfc71u

kernel32

user32

advapi32

Sections

.text Size: 20KB - Virtual size: 16KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 24KB - Virtual size: 28KB

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 24KB - Virtual size: 28KB