e026628fab58e9c5c665c5e7c20153e1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e026628fab58e9c5c665c5e7c20153e1_JaffaCakes118
Size

229KB
MD5

e026628fab58e9c5c665c5e7c20153e1
SHA1

10098b6eb1277b2cd7bedcd1ef73deee706f1283
SHA256

341056d6411efd25359d7e11e9c589d17c99cf9be4d6851227fb11a2c3718418
SHA512

869987345a670827c326b4744e27a64fb25e6efac1c682f9ab3e17d9c2266c84515aa610eab2ed9661239469380a2f13275ce8b26b8d6f12282353856c6bd440
SSDEEP

6144:yIiFxZIDHO1jonpvuzihMG/bloyOV06kIO:ynFxZUu1jogOoyOf2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e026628fab58e9c5c665c5e7c20153e1_JaffaCakes118

Files

e026628fab58e9c5c665c5e7c20153e1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

888040605d576be18de79017daac80c3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\bld_area\cc\Common_Client_301\src\r3.0.1\bin\bin.ira\ccSetMgr.pdb

Imports

kernel32

CloseHandle
CreateFileA
WriteFile
SetFilePointer
WideCharToMultiByte
GetProcAddress
FreeLibrary
LoadLibraryExA
lstrcatA
WriteConsoleA
GetFileAttributesA
SetProcessWorkingSetSize
GetCurrentProcess
Sleep
CopyFileA
GetTickCount
lstrlenA
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
RaiseException
lstrcmpiA
lstrlenW
GetLastError
EnterCriticalSection
LeaveCriticalSection
lstrcpynA
lstrcpyA
GetModuleFileNameA
GetCurrentThreadId
IsDBCSLeadByte
GetModuleHandleA
LocalAlloc
FormatMessageA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
ExitProcess
GetStartupInfoA
LocalFree
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

wsprintfA
PostThreadMessageA
TranslateMessage
DispatchMessageA
GetMessageA
CharNextA
LoadStringA

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
GetFileSecurityA
SetFileSecurityA
RegEnumKeyExA
RegQueryInfoKeyA

ole32

CoCreateGuid
CoInitializeSecurity
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoResumeClassObjects
StringFromGUID2
CoDisconnectObject
CoSuspendClassObjects
OleRun
CoCreateInstance

oleaut32

SafeArrayAccessData
SysAllocString
SafeArrayGetUBound
VariantInit
SafeArrayPutElement
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocStringByteLen
SysFreeString
VariantClear
SafeArrayUnaccessData
SafeArrayCreateVector
SysStringLen

shlwapi

PathAddBackslashA
PathFindExtensionA
PathAppendA

msvcp71

?_Nomemory@std@@YAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?find_first_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
?find_last_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEABGI@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AViterator@12@XZ
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AViterator@12@XZ
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEHIIPBG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEHPBG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z

ccl30

ord1089
ord1080
ord1079
ord1078
ord1048
ord1047
ord1046
ord1045
ord1044
ord1043
ord1042
ord1041
ord1040
ord1039
ord1038
ord1037
ord1036
ord1035
ord1100
ord1244
ord1221
ord1304
ord502
ord464
ord1163
ord1243
ord1220
ord1302
ord501
ord463
ord1164
ord1165
ord186
ord795
ord187
ord1524
ord447
ord723
ord722
ord1077
ord1223
ord721
ord1076
ord1084
ord947
ord950
ord1536
ord1525
ord1523
ord446
ord717
ord720
ord1075
ord882
ord876
ord881
ord594
ord770
ord780
ord777
ord773
ord768
ord588
ord607
ord794
ord1170
ord1257
ord1255
ord1513
ord870
ord1347
ord1334
ord1350
ord1333
ord1348
ord1346
ord1499
ord1518
ord1090
ord1511
ord1496
ord681
ord364
ord339
ord324
ord680
ord584
ord585
ord609
ord596
ord595
ord303
ord587
ord304
ord306
ord302
ord592
ord593
ord590
ord591
ord888
ord887
ord886
ord333
ord332
ord337
ord323
ord1389
ord1383
ord1086
ord1088
ord1382
ord1166
ord1381
ord753
ord1307
ord1491
ord1475
ord1476
ord1474
ord1470
ord1467
ord764
ord767
ord752
ord1228
ord1230
ord219
ord185
ord646
ord644
ord642
ord675
ord647
ord676
ord152
ord151
ord155
ord134
ord133
ord128
ord671
ord153
ord135
ord466
ord1091
ord1097
ord467
ord468
ord469
ord470
ord471
ord473
ord472
ord531
ord1261
ord1263
ord1308
ord914
ord942
ord918
ord915
ord916
ord1306
ord1224
ord1178
ord511
ord516
ord527
ord903
ord485
ord510
ord514
ord762
ord519
ord518
ord1388
ord1279
ord1278
ord751
ord1517
ord756
ord1081

msvcr71

_except_handler3
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
malloc
free
_resetstkoflw
wcsncpy
realloc
memset
_callnewh
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
exit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__security_error_handler
_controlfp
_mbsicmp
_ltow
_wtol
_ultow
towupper
??_V@YAXPAX@Z
towlower
_mbsinc
wcslen
wcscpy
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_localtime64
strftime
__CxxFrameHandler
_time64
memmove
vsprintf
_vscprintf
_CxxThrowException
_purecall
??3@YAXPAX@Z
_wcsicmp

Sections

.text
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rrdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

888040605d576be18de79017daac80c3

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

msvcp71

ccl30

msvcr71

Sections

.text Size: 88KB - Virtual size: 85KB

.rdata Size: 44KB - Virtual size: 40KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 16KB - Virtual size: 12KB

.rrdata Size: 68KB - Virtual size: 68KB

.text
Size: 88KB - Virtual size: 85KB

.rdata
Size: 44KB - Virtual size: 40KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 16KB - Virtual size: 12KB

.rrdata
Size: 68KB - Virtual size: 68KB