aaecf270d58c4dd4f6cb8ed72f31cc80_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

aaecf270d58c4dd4f6cb8ed72f31cc80_JaffaCakes118
Size

486KB
MD5

aaecf270d58c4dd4f6cb8ed72f31cc80
SHA1

94e35c89ea6317bb264dfc16901dbd78f2e497cf
SHA256

cbe0379ea8978f331991e4e7dacf147ee82a0b0a4df8ff25256c64bc9a435017
SHA512

f1ed69eac592958b229a14462e6a2a6b55ea963d883d8fd1bfd9d15dad024367ad9896b9acbecf794c37f100affd434d2dcd43848f9862bb249a4b751ec6d59e
SSDEEP

6144:lO+DGsX3OsshGBcOjJN8uvtmz9OxmvVV8:7GsHO8N8oEzDV8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aaecf270d58c4dd4f6cb8ed72f31cc80_JaffaCakes118

Files

aaecf270d58c4dd4f6cb8ed72f31cc80_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e3222ee578dd0a4f434a088eb05a0fec

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

U:\develop\global\Release\bin\acad\DwgCheckStandards.pdb

Imports

userdata

?SetWorkingDirectory@@YGXXZ

mfc80u

ord1007
ord5096
ord6215
ord5378
ord3826
ord566
ord3327
ord6700
ord1911
ord2925
ord5220
ord3942
ord5226
ord2460
ord5209
ord282
ord2531
ord2725
ord2829
ord4301
ord3800
ord2832
ord3990
ord2534
ord2640
ord2527
ord5524
ord3712
ord3713
ord1118
ord1479
ord3703
ord2260
ord2638
ord3943
ord4475
ord4255
ord1198
ord896
ord1079
ord776
ord5579
ord2009
ord293
ord2054
ord4320
ord6274
ord3795
ord6272
ord2239
ord283
ord5562
ord4562
ord5222
ord287
ord4008
ord757
ord3677
ord265
ord577
ord4032
ord764
ord2708
ord899

msvcr80

_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
free
_wcsdup
memset
__CxxFrameHandler3
?terminate@@YAXXZ

kernel32

GetStdHandle
GetModuleFileNameW
FormatMessageW
GetLastError
CreateProcessW
LoadLibraryW
LocalFree
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetVersionExW

user32

MessageBoxW

advapi32

InitializeSecurityDescriptor

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 401KB - Virtual size: 400KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.srdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e3222ee578dd0a4f434a088eb05a0fec

Headers

File Characteristics

PDB Paths

Imports

userdata

mfc80u

msvcr80

kernel32

user32

advapi32

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 401KB - Virtual size: 400KB

.srdata Size: 72KB - Virtual size: 72KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 401KB - Virtual size: 400KB

.srdata
Size: 72KB - Virtual size: 72KB