a79f295e5955cb6dbfd0ef502344a169_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a79f295e5955cb6dbfd0ef502344a169_JaffaCakes118
Size

48KB
MD5

a79f295e5955cb6dbfd0ef502344a169
SHA1

84fda22ac74842ff8addd023326f0d21974c233e
SHA256

6b0b95fb05a6459f09a81ed80a60f3ee2732186f31c36749bd61a914c612aa54
SHA512

1b739301086dcae20d3b7725057ad3897a32e11c13b77f8fdb184643f468c037d5b8dc93f884df0ceb46995b51d15b58003e8f4002aba7a5d0cb4aacd312db31
SSDEEP

768:0dZXoy0vvuUAZabmsDtHExAk9WZhwDXhp0m0bBskXLg:M2JvvuUAAlkx72gRIWn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a79f295e5955cb6dbfd0ef502344a169_JaffaCakes118

Files

a79f295e5955cb6dbfd0ef502344a169_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7d164400402e9a1ca59a69251737fc6e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Vss\Souche\Client\V6.0\Build\Src\Installation\Shell\Exe\rel\ShellExe.pdb

Imports

shelldll

ShellSetPTPAndAlertingInterfaces
ShellCommandLineExec

mfc71

ord2063
ord4326
ord6276
ord3801
ord6278
ord4014
ord4038
ord3683
ord4541
ord314
ord1084
ord265
ord1482
ord781
ord310
ord783
ord557
ord745
ord870
ord784
ord5715
ord1185
ord6006
ord762
ord876
ord578
ord1187
ord1191
ord1207
ord2731
ord2537
ord5566
ord5213
ord5230
ord764
ord3830
ord4568
ord3948
ord2248
ord5226
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord5102
ord1010
ord3806
ord5583
ord2018
ord1054
ord5975
ord304
ord566
ord581
ord1167
ord1092
ord1209
ord757
ord315
ord765
ord714
ord3333
ord4261
ord4481
ord3949
ord2644
ord3709
ord3719
ord3718
ord2533
ord2646
ord2540
ord2838
ord2714
ord4307
ord2835

msvcr71

_setmbcp
_controlfp
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
?terminate@@YAXXZ
__security_error_handler
memset
_purecall
free
__CxxFrameHandler
_except_handler3

kernel32

GetModuleHandleA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
ExitProcess
LocalAlloc
LocalFree
GetCurrentThreadId
GetLastError
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSection
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

comctl32

ord17

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysFreeString
SysAllocStringByteLen
SysStringByteLen
VariantInit
VariantClear
SysAllocStringLen

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.lrdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7d164400402e9a1ca59a69251737fc6e

Headers

File Characteristics

PDB Paths

Imports

shelldll

mfc71

msvcr71

kernel32

comctl32

ole32

oleaut32

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 776B

.lrdata Size: 20KB - Virtual size: 20KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 776B

.lrdata
Size: 20KB - Virtual size: 20KB