c0c79c0f83fe4787e68377ac7b4cf4e5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c0c79c0f83fe4787e68377ac7b4cf4e5_JaffaCakes118
Size

66KB
MD5

c0c79c0f83fe4787e68377ac7b4cf4e5
SHA1

121fb301f622f977800cbb13b05ec2ea59643fc9
SHA256

d98ed03b0c85c35596798dbbc6e66342ecf0369d968fc897a312ff108e4c7796
SHA512

41e8de35d66eca254f78243fb7c00950a4a5bca21824e99078eae7f8c62d44975e5f225bf0f07e94ba2a9b96c8ef7e0e89d6243f4e2d31c1c5e8210ba817c7e6
SSDEEP

1536:VJ7Oeds3YBGlg5SKxo3BY2heOWI5Z8DBcPuWgfXisKldz:VJ7LUg+BY2MTCqDCPuWgfk/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0c79c0f83fe4787e68377ac7b4cf4e5_JaffaCakes118

Files

c0c79c0f83fe4787e68377ac7b4cf4e5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0fdf9dc95f81d4e87f31af90d7956775

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\build\user\sandbox_2007_0111_105755_trunk_AvgVC71\source\avg7\Release.Net\avgscan.exe.pdb

Imports

kernel32

CloseHandle
SystemTimeToFileTime
GetTimeFormatA
GetDateFormatA
GetLastError
GetWindowsDirectoryA
GetPrivateProfileStringA
GetModuleFileNameA
FindResourceA
lstrlenA
lstrcpynA
FreeLibrary
LoadResource
SetConsoleCtrlHandler
InterlockedDecrement
WideCharToMultiByte
SizeofResource
LeaveCriticalSection
IsDBCSLeadByte
MultiByteToWideChar
lstrlenW
lstrcmpiA
EnterCriticalSection
GetLocalTime
GetModuleHandleA
LoadLibraryExA
GetConsoleScreenBufferInfo
WriteConsoleA
GetStdHandle
SetConsoleTitleA
SetConsoleCursorPosition
CreateFileA
GetFileAttributesA
GetCommandLineA
GetVersionExA
DeleteCriticalSection
GetThreadLocale
InterlockedExchange
RaiseException
GetACP
InitializeCriticalSection
InterlockedIncrement
GetLocaleInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ExitProcess
FindClose
FindNextFileA
FindFirstFileA
DeviceIoControl
GetVersion
LoadLibraryA
GetProcAddress
CreateMutexA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile

user32

CharToOemBuffA
CharNextA

advapi32

InitializeSecurityDescriptor
RegDeleteValueA
RegQueryInfoKeyA
RegCreateKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
SetSecurityDescriptorDacl

ole32

CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemRealloc

oleaut32

VarUI4FromStr
SysFreeString

avgklib

?__app_standalone@@3HA
?temp@KFolder@@QAEHPADPBD@Z
?user@KFolder@@QAEHPADPBD@Z
?zeroset@@YAXPAXI@Z
?slash@KFolder@@SAXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?program@KFolder@@QAEHPADPBD@Z
??1TextFileRead@@QAE@XZ
??0TextFileRead@@QAE@PADH@Z
?Read@TextFileRead@@QAEHPADH@Z
??0KFolder@@QAE@XZ

msvcp71

??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?length@?$char_traits@D@std@@SAIPBD@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Nomemory@std@@YAXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

msvcr71

strncpy
printf
isdigit
strcpy
_snprintf
_vsnprintf
sprintf
fopen
fprintf
strrchr
abs
fclose
malloc
fflush
_iob
vfprintf
strcat
memcpy
_resetstkoflw
realloc
isxdigit
tolower
sscanf
fread
memchr
_except_handler3
_callnewh
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UAE@XZ
_c_exit
_exit
_XcptFilter
_cexit
exit
__p___initenv
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__security_error_handler
_controlfp
atoi
strchr
isspace
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
??3@YAXPAX@Z
_purecall
??_V@YAXPAX@Z
memset
strlen
free
__CxxFrameHandler
_filelength
_access
_strnicmp
_fileno
_isatty
_stricmp
_memicmp
_strdup
_CxxThrowException

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0fdf9dc95f81d4e87f31af90d7956775

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

avgklib

msvcp71

msvcr71

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 7KB - Virtual size: 7KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 7KB - Virtual size: 7KB