dfe38d24d9ab6b1023ce8ef8e5f67127_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

dfe38d24d9ab6b1023ce8ef8e5f67127_JaffaCakes118
Size

362KB
MD5

dfe38d24d9ab6b1023ce8ef8e5f67127
SHA1

583ae90f7bdb706112b118dd35faf95343cbf0ed
SHA256

227c396fcf1f68a43975809718b9145897a2c45661e3a697e8a4dacfb5600834
SHA512

7e0075031d62808d5879f04025d829edb32ee8ef7f6089dd048de62872feeac793588f970fc4457e1c6bd7458b717a28785f8aed40e3c9bd86662fcfcbc5112b
SSDEEP

6144:RRpg2avh3CIe8FURPlbXBgr9tAR3qSDCCsVCq51h+iIg7merindE:RRpg2kW8FYIr9aR3q6CYqNhLierindE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dfe38d24d9ab6b1023ce8ef8e5f67127_JaffaCakes118

Files

dfe38d24d9ab6b1023ce8ef8e5f67127_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3a22237122a403f11a87fb46b6f7f4f2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\build\ob\bora-126130\bora-vmsoft\build\release\toolbox\windows\VMip\VMip.pdb

Imports

msvcr80

fprintf
_wgetenv
getc
feof
strrchr
abort
wctomb
localeconv
_wfullpath
strerror
strcspn
getenv
sprintf
_fcvt
_ecvt
mbtowc
_except_handler3
strncpy
_getpid
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
exit
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
isdigit
isalnum
tolower
memchr
_strdup
_errno
_strlwr
strstr
strncmp
calloc
strchr
memcpy
fclose
malloc
memset
printf
free
__iob_func
sscanf
strncat
realloc
_strnicmp
fputs
isspace
memmove
_stricmp
strtok
wcsncmp
_wfopen
_wstat64i32

advapi32

RegQueryValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetValueExA
OpenThreadToken
ImpersonateSelf
RevertToSelf
MapGenericMask
AccessCheck
RegCreateKeyExW
RegOpenKeyExW
GetUserNameW
GetFileSecurityW
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyW
RegCloseKey

user32

LoadStringA

ole32

CoUninitialize
CoInitialize
CoSetProxyBlanket
CoTaskMemFree
CoQueryProxyBlanket
CoCreateInstance

kernel32

FormatMessageW
SetFilePointer
WriteFile
ReadFile
FindClose
FindNextFileW
MoveFileW
GetFileAttributesExW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
WideCharToMultiByte
GetACP
MultiByteToWideChar
IsBadReadPtr
VirtualQuery
RaiseException
OpenProcess
Sleep
LocalFree
GetTempPathW
RemoveDirectoryW
CreateDirectoryW
DeleteFileW
CreateFileW
GetComputerNameExW
FindFirstFileW
GetFileAttributesW
OutputDebugStringW
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
GetModuleFileNameW
SetLastError
OutputDebugStringA
GetModuleHandleA
GetProcAddress
LoadLibraryW
GetLastError
FreeLibrary
LoadLibraryA
GetTickCount
GetTimeFormatW
GetDateFormatW
GetLocalTime
GetSystemInfo
GetModuleHandleW
GetVersionExA
CloseHandle
GetCurrentProcess
GetCurrentThread
InterlockedExchange
IsDebuggerPresent
InterlockedCompareExchange
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter

Sections

IBDxt
Size: 176KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BUIGXa
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

JUDta
Size: 36KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

OETrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3a22237122a403f11a87fb46b6f7f4f2

Headers

File Characteristics

PDB Paths

Imports

msvcr80

advapi32

user32

ole32

kernel32

Sections

IBDxt Size: 176KB - Virtual size: 172KB

BUIGXa Size: 80KB - Virtual size: 79KB

JUDta Size: 36KB - Virtual size: 40KB

OETrc Size: 60KB - Virtual size: 59KB

IBDxt
Size: 176KB - Virtual size: 172KB

BUIGXa
Size: 80KB - Virtual size: 79KB

JUDta
Size: 36KB - Virtual size: 40KB

OETrc
Size: 60KB - Virtual size: 59KB