bc893856ec85be2c1ffbbe8a72bca7b9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bc893856ec85be2c1ffbbe8a72bca7b9_JaffaCakes118
Size

181KB
MD5

bc893856ec85be2c1ffbbe8a72bca7b9
SHA1

4dbbff8bb404bc9c261b71b167fa1bff9f2215ca
SHA256

5935e9ae84f1d94c09a1a6f908064e8bffca4925bd5642e7f0ab4fbc9e36ebf8
SHA512

fd1672ba33c46e1b8371910e8079c7d8805cb72e56720f8c0d749d5d37ded7d9fab55cf0193692bc2b9f9ebab996f177d356c27b588f44394b358c71ed7dc674
SSDEEP

3072:p6ki55u3GpE93H32JEnlH1SP0BMYbQLsYJzTtOzBdpjbwO9kRldbgonmvj48AXm:pm5XpE9X3RZUP2WJOzBbwjRlJgomvj4O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc893856ec85be2c1ffbbe8a72bca7b9_JaffaCakes118

Files

bc893856ec85be2c1ffbbe8a72bca7b9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

22ca9d510ff4e32fa215ffd4075bad87

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\dev\cola\dev\bin\Release\hpswp_clipbook.pdb

Imports

dbghelp

MakeSureDirectoryPathExists

kernel32

SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetCommandLineW
GetModuleFileNameW
GetShortPathNameW
GetCurrentThreadId
GetModuleHandleW
RaiseException
InterlockedDecrement
SetEvent
WaitForSingleObject
Sleep
lstrlenW
GetLastError
CreateEventW
CreateThread
CloseHandle
InterlockedIncrement
WaitForMultipleObjects
CreateWaitableTimerW
CancelWaitableTimer
MultiByteToWideChar
CreateFileW
WriteFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
SetWaitableTimer
GetFileAttributesW
SetFileAttributesW
CreateDirectoryW
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
GetVersionExW
GetACP
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
lstrcmpiW
FreeLibrary
DeleteFileW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetLocaleInfoA
InitializeCriticalSection
InterlockedExchange
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
GetThreadLocale
GetVersionExA

user32

UnregisterClassA
CharUpperW
TranslateMessage
DispatchMessageW
CharNextW
GetMessageW
PostThreadMessageW

advapi32

RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW

shell32

SHFileOperationW
SHGetFolderPathW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoInitializeEx
CoUninitialize
CoResumeClassObjects
StringFromGUID2
CoRevokeClassObject
CoSuspendClassObjects
CoCreateInstance
CoRegisterClassObject

oleaut32

RegisterTypeLi
SysStringLen
UnRegisterTypeLi
LoadRegTypeLi
VariantClear
SafeArrayUnaccessData
SafeArrayAccessData
VarBoolFromI4
VariantInit
SysFreeString
LoadTypeLi
SysAllocString
VarUI4FromStr

shlwapi

PathFileExistsW

msvcp80

??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

msvcr80

_CxxThrowException
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
__CxxFrameHandler3
memcpy
?terminate@@YAXXZ
??3@YAXPAX@Z
wcscpy_s
??_V@YAXPAX@Z
??2@YAPAXI@Z
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
memmove_s
malloc
_recalloc
wcsncpy_s
wcscat_s
free
memcpy_s
_vsnwprintf_s
atoi
_atoi64
_resetstkoflw
calloc
_purecall
_i64tow_s
wcsrchr
memset
_unlock
_encode_pointer
__dllonexit
_lock
_onexit
_decode_pointer

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.krdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

22ca9d510ff4e32fa215ffd4075bad87

Headers

File Characteristics

PDB Paths

Imports

dbghelp

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp80

msvcr80

Sections

.text Size: 64KB - Virtual size: 60KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 12KB - Virtual size: 8KB

.krdata Size: 68KB - Virtual size: 68KB

.text
Size: 64KB - Virtual size: 60KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 12KB - Virtual size: 8KB

.krdata
Size: 68KB - Virtual size: 68KB