ac905c460842a15f8bb60bab76af4475_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ac905c460842a15f8bb60bab76af4475_JaffaCakes118
Size

43KB
MD5

ac905c460842a15f8bb60bab76af4475
SHA1

c81c31be86dd280629e094164c168af83f34b74f
SHA256

5de04a9473662df6f87654e8914d44e1d0e64eb8c3b7db3afb630aeb1abb408a
SHA512

3320aa9f70bfd7e18f1bfdc97ee142f83216c30cad5302b1d86707271e52a685349e075c052b51cc665b8881b1368f8539a695cf2820a9a392ef47dc62440e01
SSDEEP

768:q+8r5GWy5KZ35iMDZTjY0++Y0GFW2be73JVSfUNwowF3u3G+RknylN/Mo6NNI:Z8r5Zy5KZ35iMDZXY0++Y0G82be6TF+a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac905c460842a15f8bb60bab76af4475_JaffaCakes118

Files

ac905c460842a15f8bb60bab76af4475_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c1c1119cf535ef279b8726ef1ad6f34c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Src\AntiVir\guardgui-oem\Unicode_DRelease\guardgui.pdb

Imports

msvcr71

_controlfp
_onexit
__dllonexit
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_amsg_exit
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
wcschr
_wcsicmp
wcsrchr
??3@YAXPAX@Z
__CxxFrameHandler
wcscmp
wcsstr
wcsncpy
_wtoi
_errno
memset
strcat
free
memcpy
wcscat
wcscpy
wcslen
iswalnum
iswspace
malloc
strcpy
strlen
__security_error_handler

mfc71u

ord1198
ord4535
ord3677
ord5119
ord3249
ord334
ord593
ord4032
ord4008
ord6272
ord3795
ord6274
ord2054
ord5579
ord3800
ord6215
ord5378
ord3826
ord1911
ord2925
ord5220
ord5222
ord3942
ord4562
ord5226
ord5209
ord5562
ord2531
ord2725
ord2829
ord4301
ord2708
ord2832
ord2534
ord2640
ord2527
ord3713
ord3703
ord2638
ord3943
ord4475
ord4255
ord3327
ord757
ord2239
ord1079
ord5113
ord5118
ord4320
ord2009
ord1007
ord5096
ord566
ord577
ord4026
ord899
ord776
ord293
ord3712

kernel32

ReadFile
ExitProcess
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetVersionExA
GetTickCount
DeleteCriticalSection
InitializeCriticalSection
GetStartupInfoW
GetModuleHandleA
Beep
QueryPerformanceCounter
LoadLibraryExW
GetModuleFileNameW
LoadLibraryW
GetProcAddress
FreeLibrary
GetVersionExW
CreateFileW
GetLastError
GetFileSize
CloseHandle

user32

LoadStringW

advapi32

GetUserNameW

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c1c1119cf535ef279b8726ef1ad6f34c

Headers

File Characteristics

PDB Paths

Imports

msvcr71

mfc71u

kernel32

user32

advapi32

Sections

.text Size: 15KB - Virtual size: 15KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 9KB

.rsrc Size: 22KB - Virtual size: 22KB

.text
Size: 15KB - Virtual size: 15KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 9KB

.rsrc
Size: 22KB - Virtual size: 22KB