c76b0cf0c080581294cb05739cc634db_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c76b0cf0c080581294cb05739cc634db_JaffaCakes118
Size

10KB
MD5

c76b0cf0c080581294cb05739cc634db
SHA1

1b1f052bed4be8981aaffbab3f23b5a9f334875b
SHA256

7e1c7cbfbc80d6849f54272e8dfa7fcd85eccb1e5b75e172a0ae28e86de4d366
SHA512

4296f2684c3501bea69216c30fc1c3581637f7fda2d024c07c2873eb1439c6e0897c5c029b2a45de7b3260342827104cf7e75e977c6bc9b3b74cc3f2a3f9fca5
SSDEEP

192:wQ706odbG05xZHt+k7EeU2z6VOv1JJ9Zq/Mah:wQ706y998gEeU27h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c76b0cf0c080581294cb05739cc634db_JaffaCakes118

Files

c76b0cf0c080581294cb05739cc634db_JaffaCakes118
.exe windows:5 windows x86 arch:x86

416aa40c98bd535b09f4d07ee6a6f98b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\The'QG4R\SDK's\Trojan\updater\Release\pet.pdb

Imports

kernel32

GetSystemDirectoryA
CreateProcessA
Sleep
GetModuleFileNameA
CopyFileA
GetWindowsDirectoryA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId

advapi32

GetUserNameA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

urlmon

URLDownloadToFileA

wininet

InternetOpenA
FtpPutFileA
InternetConnectA
InternetCloseHandle

msvcr90

_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__getmainargs
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_amsg_exit
fclose
fprintf
fopen
__p__commode
__CxxFrameHandler3
_cexit
memset

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

416aa40c98bd535b09f4d07ee6a6f98b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

msvcp90

urlmon

wininet

msvcr90

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 908B

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 1024B - Virtual size: 568B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 908B

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 1024B - Virtual size: 568B