b721307301f66ce153e70d287e1deb0b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b721307301f66ce153e70d287e1deb0b_JaffaCakes118
Size

196KB
MD5

b721307301f66ce153e70d287e1deb0b
SHA1

f7b6565b859df552f3b0318b6ccc7ed05aefd670
SHA256

b9ddae205eb97044b8277500deeec03b06a4d48fe0a96b825d479157f33b06f8
SHA512

15b2814edfea4799cf4143ace5d3a1aa0d6a1c49384fbeb9af4fa1a0361629db5cf5e5ef35b58e316ace227a7654facadbb6d3fdb179b3f2806e5be6cb794fd5
SSDEEP

3072:q8hZ+BvBZ5vlrxtIpW8qZQoT7wLVUb4L6XVI+dGiPUeia/V0Sy4q0R4:5+lUkHZQw7iVUcL6XVI21PCC0Sy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b721307301f66ce153e70d287e1deb0b_JaffaCakes118

Files

b721307301f66ce153e70d287e1deb0b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

be1d1ad5f7c332da24ca8f79437f0e49

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\ControlCenter4_2011\binary\release\BrCcPcc.pdb

Imports

kernel32

GetVolumeInformationW
SizeofResource
FindResourceExW
FindResourceW
LockResource
FindNextFileW
LoadResource
FindClose
FindFirstFileW
WideCharToMultiByte
GetLastError
FileTimeToLocalFileTime
GetLocalTime
DeleteFileW
GetDateFormatW
GetLocaleInfoW
GetTempFileNameW
FileTimeToSystemTime
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RtlUnwind
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetOEMCP
IsValidCodePage
MultiByteToWideChar
LCMapStringA
LCMapStringW
ExitProcess
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
LoadLibraryA
GetStringTypeA
GetStringTypeW

shell32

SHFileOperationW
ShellExecuteW

imagehlp

MakeSureDirectoryPathExists

user32

UnregisterClassA

Exports

Exports

CreatePccManClass

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be1d1ad5f7c332da24ca8f79437f0e49

Headers

File Characteristics

PDB Paths

Imports

kernel32

shell32

imagehlp

user32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 104KB - Virtual size: 102KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 104KB - Virtual size: 102KB

.reloc
Size: 8KB - Virtual size: 6KB