e180fa1a6f2161306ea2a2d26e64cd7d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e180fa1a6f2161306ea2a2d26e64cd7d_JaffaCakes118
Size

287KB
MD5

e180fa1a6f2161306ea2a2d26e64cd7d
SHA1

28536f70f7cef762772c59b9edfe8e681c3ca220
SHA256

49f6ee603a9f9766755cb04d859961fe916cef9aa74c01d71a7062b32d22f546
SHA512

9b24a85dceb343999cd0ec1585e807389c80d22a0d836b8a5c413eeb2a5939f523dce4afc17557da36c1d279a43cbf1e8a4333b067862dbea196f1cdd891062b
SSDEEP

6144:XqOLRj8tg4a88/8wI8l8ci7X3H8BN/R5Iz9H+:XZi7X3MN/R2H+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e180fa1a6f2161306ea2a2d26e64cd7d_JaffaCakes118

Files

e180fa1a6f2161306ea2a2d26e64cd7d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e9d5adb65309426fe1a4b501c9d08638

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\CaseWare\8.0\runrel\CWIN32.pdb

Imports

cw42

?CWMFCExitInstance@@YAHXZ
?StartWebServer@@YAPAVCWnd@@AAHPBD_NH1@Z
?StartServer@@YAKXZ
?CWMFCAppOnIdle@@YAHJ@Z
?CWMFCAppPreTranslateMessage@@YAHPAUtagMSG@@@Z
?SetServerMode@@YAXHH@Z
CWCsRelease
?CWMFCAppIsIdleMessage@@YAHPAUtagMSG@@@Z
?CWMFCAppPumpMessage@@YAHXZ
?CWOleInit@@YAHXZ
?CWMFCInitInstance@@YAHXZ
?ProcessCWMFCShellCommand@@YAHAAVCCommandLineInfo@@H@Z
?StopWebServer@@YAXXZ
?CWMFCDDECommand@@YAHPBD@Z
?GResGetUserProfileInt@@YAHPBD0H@Z
CWCsIsRequiredVersion
?CWMFCLoadDocTemplate@@YAXPAVCMDIFrameWnd@@@Z
?EnableCWMFCShellOpen@@YAXPBD@Z
?CreateMainFrame@@YAPAVCMDIFrameWnd@@XZ
?RegisterServer@@YAJHH@Z
?UnregisterServer@@YAJH@Z

gdiplus

GdiplusStartup
GdiplusShutdown

mfc80

ord2838
ord2714
ord578
ord4307
ord6118
ord2835
ord2731
ord2537
ord5566
ord5226
ord5124
ord5224
ord2156
ord2931
ord2540
ord3832
ord5382
ord6219
ord5102
ord1010
ord3806
ord5583
ord3401
ord2018
ord6090
ord2063
ord4326
ord6276
ord3801
ord1091
ord6278
ord4014
ord4038
ord3255
ord6703
ord299
ord1489
ord3683
ord2248
ord784
ord3333
ord566
ord757
ord1122
ord4261
ord4481
ord304
ord310
ord2646
ord2533
ord3718
ord3719
ord593
ord3709
ord334
ord2644
ord5119
ord3949
ord764
ord1207
ord1920
ord1084

msvcr80

_onexit
_decode_pointer
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_invoke_watson
_controlfp_s
_encode_pointer
__dllonexit
_unlock
__CxxFrameHandler3
memset
strtoul
atoi
_mbsnbicmp
_mbscmp
__argc
_CxxThrowException
_setmbcp
_lock

kernel32

IsBadWritePtr
GetModuleHandleA
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetProcessHeap
HeapFree
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
Sleep
FreeLibrary
LoadLibraryA
GetProcAddress
lstrcmpA
lstrcmpiA
InterlockedExchange
GetCurrentProcess

user32

MessageBoxA
LoadStringA
PostMessageA
UpdateWindow

shell32

DragAcceptFiles

ole32

CoCreateInstance
OleRun
CoUninitialize
CoInitialize

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 271KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e9d5adb65309426fe1a4b501c9d08638

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

cw42

gdiplus

mfc80

msvcr80

kernel32

user32

shell32

ole32

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 271KB - Virtual size: 270KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 271KB - Virtual size: 270KB