bca5cb4311ea04d723dd9de02509d6ab_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bca5cb4311ea04d723dd9de02509d6ab_JaffaCakes118
Size

177KB
MD5

bca5cb4311ea04d723dd9de02509d6ab
SHA1

edd8fc53a799e7a82ebdf3d3c695350953e7b895
SHA256

8cacc56776cb7f0e69ec57ae2d6da2f2cf156682c55877c1b1ddb7f0bd34cd1c
SHA512

ecfcb564baf44b3dbcbfe3499410f300d8442af34b0daf12daee6046b2d3a3b0d31a832ab009bdf624f17866c32dad92ad3e7eba390b6637bddae830a124a367
SSDEEP

3072:cIVV6YACtFB1PVdOyWs7oNVsq05cc4mzsylxZ5QawCvARR3X3qX:JVOyn7oNVsq2XDJQawCunaX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bca5cb4311ea04d723dd9de02509d6ab_JaffaCakes118

Files

bca5cb4311ea04d723dd9de02509d6ab_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8a772b6f76de29c0631d8de970bc7059

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\p4\NeroSoundTrax\NeroSoundTraxRel\waveeditor\output\Release\waveedit.exe.pdb

Imports

waveedit

weOpenFile
weNewFile
weSetAutoClose
weInitDLL
weShutdown
weCheckForLostTempFiles

comctl32

ord17

user32

CharLowerA
CharLowerW
CharUpperA
CharUpperW
GetClassNameA
MessageBoxA
TranslateMessage
GetMessageA
DispatchMessageA

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
GetVersionExA
WideCharToMultiByte
GetCommandLineW
Sleep
InterlockedExchange
MultiByteToWideChar
GetLastError
GetVersion
lstrlenW
lstrlenA
CompareStringA
QueryPerformanceCounter
lstrcmpiA
lstrcmpiW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetStringTypeExA
GetStringTypeExW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
LoadLibraryA
FreeLibrary
GetProcAddress
IsBadReadPtr
VirtualQuery
FindActCtxSectionGuid
GetCurrentProcess
VirtualProtect
SetLastError
GetLocaleInfoA
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
CompareStringW
GetThreadLocale
GetACP

advapi32

RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyW

shell32

SHGetSpecialFolderPathW
CommandLineToArgvW

ole32

CLSIDFromString

msvcp80

?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IBEPBDXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IBEPB_WXZ

msvcr80

_recalloc
_resetstkoflw
__CxxFrameHandler3
??2@YAPAXI@Z
_mbsnbcpy_s
atoi
_snprintf_s
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
_purecall
_stricmp
_wcsicmp
_wcsnicmp
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_except_handler4_common
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_crt_debugger_hook
_invoke_watson
_controlfp_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
wcslen
??_V@YAXPAX@Z
strcpy_s
wcscpy_s
_CxxThrowException
free
malloc
??3@YAXPAX@Z
memset
wcstoul
_mbsicmp
_mbscmp
calloc

mfc80

ord783
ord283
ord1187
ord1191
ord747
ord559
ord3174
ord577
ord578
ord297
ord280
ord1481
ord310
ord1185

dbghelp

ImageNtHeader
ImageDirectoryEntryToData

psapi

EnumProcessModules

oleaut32

SysFreeString

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.trdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8a772b6f76de29c0631d8de970bc7059

Headers

File Characteristics

PDB Paths

Imports

waveedit

comctl32

user32

kernel32

advapi32

shell32

ole32

msvcp80

msvcr80

mfc80

dbghelp

psapi

oleaut32

Sections

.text Size: 48KB - Virtual size: 45KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 32KB - Virtual size: 30KB

.trdata Size: 68KB - Virtual size: 68KB

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 32KB - Virtual size: 30KB

.trdata
Size: 68KB - Virtual size: 68KB