c257a8573a78c017d1f8fb8d47c51cdd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c257a8573a78c017d1f8fb8d47c51cdd_JaffaCakes118
Size

88KB
MD5

c257a8573a78c017d1f8fb8d47c51cdd
SHA1

63c06e2d832a8da8a571386a9fb846f3b977b566
SHA256

17fe40b653b6170fff54b609aab2bdc349966b80b71f72aacb76e754a0610df6
SHA512

40001b3cf33e0cf34b123f8f1436315fe09459a5f821613b0431368b91607c07a3822e71df946b5532095dcacd79d3372120240be3129e0ffe501e6e0ce792ff
SSDEEP

768:md+44DKYq5lzec2D2C+uixPgjSVRtoiytJ55aF6eb1JyprAgVHO4xJlq:XKDiVBGxP2iqakeBuVuIq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c257a8573a78c017d1f8fb8d47c51cdd_JaffaCakes118

Files

c257a8573a78c017d1f8fb8d47c51cdd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d5313d759516c136a937f39a2188909a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\depot\workscd\gdicache\Release\wkgdcach.pdb

Imports

wkwbl

?_WksHeapDestroy@@YAPAXPAX@Z
?_WksHeapAlloc@@YAPAXPAXKK@Z
?_WksHeapReAlloc@@YAPAXPAXKPAPAXK@Z
?_WksHeapCreate@@YAPAXKKK@Z
??3@YAXPAX0K@Z
?CwchLoadWz@MWblIntl@@SAHPAUHINSTANCE__@@IPAGH@Z
?PwchFindWchInWz@MWblStrings@@SAPAGPBGG@Z
?CwchWzToDouble@MWblStrings@@SAHPBGPAN@Z
?OperatorNew@@YAPAXIPAXK@Z
??2@YAPAXIPAXK@Z
?OperatorDelete@@YAXPAX@Z

kernel32

GetTickCount
QueryPerformanceCounter
GetStartupInfoW
ExitProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
EnterCriticalSection
LeaveCriticalSection
GetProcessHeap
MulDiv
FreeLibrary
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetLastError
CloseHandle
WaitForSingleObject
InterlockedIncrement
InterlockedDecrement
SetThreadPriority
Sleep
CreateThread
SetEvent
TerminateThread
ResumeThread
GetCurrentThreadId
MultiByteToWideChar
SizeofResource
LoadResource
GetCommandLineW
GetModuleHandleA
GetVersionExA

user32

TranslateMessage
GetDC
ReleaseDC
DestroyWindow

gdi32

DeleteDC
GetDeviceCaps
DeleteObject

advapi32

RegCloseKey

ole32

CoCreateInstance
StringFromGUID2
CoUninitialize
CoTaskMemRealloc
CoTaskMemFree
CoRegisterClassObject
CoRevokeClassObject
CoInitialize
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler

oleaut32

VariantClear
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
VariantInit

wkwinuni

ord68
ord104
ord45
ord135
ord26
ord31
ord108
ord112
ord17
ord67
ord167
ord141
ord143
ord140
ord128
ord134
ord133
ord7
ord127
ord35
ord66
ord179
ord111
ord21
ord19
ord256
ord255
ord103
ord113
ord109
ord166
ord264

shlwapi

PathFindExtensionW

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

msvcr71

memcpy
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_CxxThrowException
_except_handler3
free
malloc
memset
memmove
__CxxFrameHandler
memcmp
_controlfp
__set_app_type
_purecall
_beginthreadex
wcsncpy
realloc
_resetstkoflw
__security_error_handler
??1type_info@@UAE@XZ
__dllonexit
_onexit
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_amsg_exit
_wcmdln
?terminate@@YAXXZ
exit
_cexit
_XcptFilter
_exit
_c_exit

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d5313d759516c136a937f39a2188909a

Headers

File Characteristics

PDB Paths

Imports

wkwbl

kernel32

user32

gdi32

advapi32

ole32

oleaut32

wkwinuni

shlwapi

msvcp71

msvcr71

Sections

.text Size: 36KB - Virtual size: 36KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 616B

.rsrc Size: 28KB - Virtual size: 28KB

.text
Size: 36KB - Virtual size: 36KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 616B

.rsrc
Size: 28KB - Virtual size: 28KB