b8a3f6f7947e9316169164c2ea122327_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b8a3f6f7947e9316169164c2ea122327_JaffaCakes118
Size

231KB
MD5

b8a3f6f7947e9316169164c2ea122327
SHA1

8d01ba360dcf55ef7ad584c590217aa9d420f2bd
SHA256

ef43098d8c5423ac8e269cde01aea5781c1b7d5600ee34b2fe052456122d5e71
SHA512

609dca37f1afdcc698e51a8de3c597f93f9d01412d18c1f76572deffe47ec950cb8605aeede410eaa5672f66d17aa0ac613c225132578c20c157573351dfeee5
SSDEEP

3072:NrTe9SvuRfdBmWDjz00K7DFBcNGm5/pKDwcK0aXklXsg5w2:NrTeBNdBm0002UMkX0aL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b8a3f6f7947e9316169164c2ea122327_JaffaCakes118

Files

b8a3f6f7947e9316169164c2ea122327_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ed51f4238bb1dfc3d4d2faf535a5b480

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\cm\build\public\softwareUpdate_10.06.29\csi\projects\stic\SUUILauncher\SUUILauncher\Release\SUUILauncher.pdb

Imports

ole32

StringFromCLSID
CoTaskMemFree
CoInitialize
CoUninitialize

xprt6

?Left@TBstr@XPRT@@QBE?AV12@H@Z
?AppendFileNameToSpec@TFile@XPRT@@SA?AVTBstr@2@PBG0@Z
?TestAccess@TFile@XPRT@@SA_NPBGI@Z
?GetLength@TBstr@XPRT@@QBEHXZ
_XprtInitialize@8
_XprtUninitialize@0
?Append@TBstr@XPRT@@QAEAAV12@PBG@Z
?Term@TCritSec@XPRT@@QAEXXZ
?Init@TCritSec@XPRT@@QAEXXZ
?GetStartPosition@TPtrFromPtrMap@XPRT@@QBEPAU__POSITION@2@XZ
?GetNextAssoc@TPtrFromPtrMap@XPRT@@QBEXAAPAU__POSITION@2@AAPAX1@Z
?RemoveKey@TPtrFromPtrMap@XPRT@@QAE_NPAX@Z
?Lookup@TPtrFromPtrMap@XPRT@@QBE_NPAXAAPAX@Z
??0TPtrFromPtrMap@XPRT@@QAE@H@Z
??1TPtrFromPtrMap@XPRT@@QAE@XZ
xprt_strlcpy
_XprtGetSystemInfo@0
?ReverseFind@TBstr@XPRT@@QBEHG@Z
?Assign@TBstr@XPRT@@QAEAAV12@PBG@Z
??0TBstr@XPRT@@QAE@ABV01@@Z
?Find@TBstr@XPRT@@QBEHGH@Z
?Mid@TBstr@XPRT@@QBE?AV12@HH@Z
?Mid@TBstr@XPRT@@QBE?AV12@H@Z
_XprtAtomicDecrement@4
xprt_memset
_XprtMemAlloc@4
_XprtMemFree@4
xprt_memmove
?IsEmpty@TBstr@XPRT@@QBE_NXZ
xprt_strcmp
_XprtAtomicIncrement@4
?Detach@TBstr@XPRT@@QAEPAGXZ
??0TBstr@XPRT@@QAE@XZ
?Attach@TBstr@XPRT@@QAEXPAG@Z
?Compare@TBstr@XPRT@@QBEHPBG@Z
?Assign@TBstr@XPRT@@QAEAAV12@PBDPBG@Z
?Assign@TBstr@XPRT@@QAEAAV12@ABV12@@Z
?GetEncodedString@TBstr@XPRT@@QBEPBDPBG@Z
??0TBstr@XPRT@@QAE@PBDPBG@Z
??0TBstr@XPRT@@QAE@PBG@Z
??1TBstr@XPRT@@QAE@XZ
?GetString@TBstr@XPRT@@QBEPBGXZ
kSystemEncoding
?DirSpecFromFullSpec@TFile@XPRT@@SA?AVTBstr@2@PBG@Z
?Lock@TCritSec@XPRT@@QAEXXZ
?Unlock@TCritSec@XPRT@@QAEXXZ
?GetAt@TBstr@XPRT@@QBEGH@Z
?Append@TBstr@XPRT@@QAEAAV12@ABV12@@Z
xprt_ucslcpy
?Empty@TBstr@XPRT@@QAEXXZ
??0TBstr@XPRT@@QAE@GH@Z
?TrimRight@TBstr@XPRT@@QAEAAV12@XZ
?TrimLeft@TBstr@XPRT@@QAEAAV12@XZ
??ATPtrFromPtrMap@XPRT@@QAEAAPAXPAX@Z
?SetOptimalLoad@TPtrFromPtrMap@XPRT@@QAEXMMM_N@Z
?RemoveAll@TPtrFromPtrMap@XPRT@@QAEXXZ
xprt_iswdigit
?Format@TBstr@XPRT@@QAAXPBGZZ

msvcr90

_snwprintf
_controlfp_s
_invoke_watson
?terminate@@YAXXZ
_crt_debugger_hook
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
memset
_purecall
setlocale
__CxxFrameHandler3
wcsftime
qsort
strcmp
??2@YAPAXI@Z
??3@YAXPAX@Z

kernel32

LoadLibraryA
VirtualAlloc
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetLongPathNameW
InterlockedCompareExchange
Sleep
InterlockedExchange
GetModuleHandleW
LoadLibraryExW
GetLastError
CloseHandle
GetCurrentProcessId
CreateEventW
GetProcAddress
FreeLibrary
GetModuleFileNameW
VirtualQuery
GetPrivateProfileStringW

advapi32

RegOpenKeyW
RegQueryValueExW
RegCloseKey

oleaut32

SafeArrayUnlock
SafeArrayLock
VariantInit
VariantChangeTypeEx
SysAllocString
VariantTimeToSystemTime
VariantCopy
VariantClear

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 179KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed51f4238bb1dfc3d4d2faf535a5b480

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ole32

xprt6

msvcr90

kernel32

advapi32

oleaut32

Sections

.text Size: 29KB - Virtual size: 29KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 5KB - Virtual size: 6KB

.rsrc Size: 179KB - Virtual size: 178KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 29KB - Virtual size: 29KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 5KB - Virtual size: 6KB

.rsrc
Size: 179KB - Virtual size: 178KB

.reloc
Size: 5KB - Virtual size: 4KB