dbd2b8f2931168c60a899dcc22dd352e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dbd2b8f2931168c60a899dcc22dd352e_JaffaCakes118
Size

206KB
MD5

dbd2b8f2931168c60a899dcc22dd352e
SHA1

3cdcb1f5b1246c0846a1964e6915bb833496f2f4
SHA256

3f9ee8d1fe4680f584dad3095a27d9a9b668b86edbc942ace4593fb0d9f0914c
SHA512

add24b618868f621ab09567887c3d9d838c31abc3ac178e27872ce4a45bfc95b075e32995849373d1c99275c59530a62c2632f2bf077f46e3ec943e411abc703
SSDEEP

6144:FKJiXRsKnWM8VYGx0NrXxOoimRshDOa4WC8NGSC4em:FD5KcNrXkc+f5xb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dbd2b8f2931168c60a899dcc22dd352e_JaffaCakes118

Files

dbd2b8f2931168c60a899dcc22dd352e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ba0fc7547185c96627169564f48c2622

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\workspace\svnroot\20081016\avc\src\mpavbr\Release\mpavbr.pdb

Imports

mfc71

ord3718
ord3719
ord3709
ord2644
ord3949
ord4481
ord4261
ord3333
ord566
ord757
ord3830
ord578
ord304
ord907
ord2322
ord310
ord784
ord911
ord876
ord2131
ord2533
ord2646
ord765
ord315
ord1037
ord1206
ord1208
ord1098
ord371
ord1120
ord1201
ord1175
ord1177
ord314
ord1209
ord1084
ord1092
ord1167
ord764
ord581
ord2540
ord2838
ord2714
ord4307
ord2835
ord2731
ord2537
ord5566
ord5213
ord5230
ord4568
ord3948
ord2248
ord5226
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord5102
ord1010
ord3806
ord5583
ord2018
ord2063
ord4326
ord6276
ord3801
ord6278
ord4014
ord4038
ord3683
ord265
ord266
ord762

msvcr71

_initterm
_onexit
__dllonexit
__CxxFrameHandler
_adjust_fdiv
_CxxThrowException
_strdup
free
sprintf
ceil
malloc
__CppXcptFilter
?terminate@@YAXXZ
atoi
__security_error_handler
memset
_purecall
memmove
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_except_handler3
??1type_info@@UAE@XZ

kernel32

InitializeCriticalSection
LocalAlloc
GetVersionExA
CreateFileA
GetFileSize
ReadFile
SetFilePointer
CloseHandle
GetLastError
FormatMessageA
LocalFree
ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
DeleteCriticalSection

user32

MessageBoxA

msvcp71

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

Exports

Exports

vbr_mp3_get_bitrate
vbr_mp3_get_duration
vbr_mp3_is_vbr
vbr_mp3_open
vbr_mp3_release

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 176KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba0fc7547185c96627169564f48c2622

Headers

File Characteristics

PDB Paths

Imports

mfc71

msvcr71

kernel32

user32

msvcp71

Exports

Exports

Sections

.text Size: 18KB - Virtual size: 17KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 176KB - Virtual size: 180KB

.rsrc Size: 1024B - Virtual size: 936B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 18KB - Virtual size: 17KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 176KB - Virtual size: 180KB

.rsrc
Size: 1024B - Virtual size: 936B

.reloc
Size: 2KB - Virtual size: 2KB